Privacy Policy & Security Statement

Effective Date: January 3, 2026
GDPR CCPA/CPRA SOC 2 Type 2 Aligned

1. Introduction

Reven AI ("we," "us," or "our") provides automated sales tax nexus tracking and full-cycle accounting automation for Shopify merchants. We act as a Data Processor for the merchants who install our app. This policy outlines our commitment to data integrity and security, ensuring your financial data "matches reality" while remaining private and secure.

2. Information We Collect (Shopify API Scopes)

To provide accounting automation, Reven AI requests the following data through Shopify's secure API:

  • Order & Transaction Data: Order IDs, line items, tax collected, and refund history.
  • Jurisdictional Data: Customer shipping addresses and zip codes (used strictly to calculate Tax Nexus and jurisdictional obligations).
  • Financial Metadata: Necessary data points to generate General Ledger entries, Trial Balances, and Financial Statements.
  • Store Information: Store name, email, and currency settings.

3. Data Usage & Zero-Sharing Policy

  • Internal Purpose: Data is used exclusively for internal tax calculations and accounting automation.
  • No Third-Party Sales/Sharing: We do not sell, rent, or share your sensitive financial or customer data with any third-party marketers, agencies, or external entities.
  • Automated Processing: Data is processed by our engine to generate Income Statements and Retained Earnings reports accessible only by you (the Merchant).

4. Data Security & SOC 2 Type 2 Alignment

We implement industry-leading security controls to protect your financial "source of truth":

Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3.

Access Control

We enforce strict Role-Based Access Control (RBAC). Our staff cannot view your sensitive financial data except when explicitly authorized for a support request.

Data Integrity

Our system maintains comprehensive audit logs of all data processing events to satisfy SOC 2 "Processing Integrity" standards.

Hosting

Data is stored on secure, SOC 2-compliant infrastructure provided by AWS.

5. Global Privacy Compliance (GDPR, CCPA, CPRA)

Reven AI fully supports the rights of merchants and their customers:

Right to Access & Portability

Merchants can export their financial records and reports at any time.

Mandatory Webhooks (Shopify Compliance)

We are fully integrated with Shopify's mandatory privacy webhooks:

  • customers/data_request We provide all relevant data within the required legal timeframe.
  • customers/redact We purge customer-related PII upon receiving this request.
  • shop/redact 48 hours after you uninstall Reven AI, we automatically initiate a purge of all your store's data from our active databases.

6. Data Retention

We retain data only as long as you are an active user of the app to maintain your historical accounting records. Upon account termination or app uninstallation, data is deleted or anonymized in accordance with our internal data destruction policy and Shopify's requirements.

7. Children's Privacy

Reven AI is a business-to-business (B2B) service and does not knowingly collect data from children under the age of 16.

8. Changes to this Policy

We may update this policy to reflect changes in tax law or privacy regulations. We will notify merchants of significant changes via the app dashboard or email.

9. Contact Information & Data Protection Officer

For questions regarding our privacy practices or SOC 2 compliance:

Email: contact@reven.co