Security practices for review, order, customer, and media workflows.
Rava Reviews security focuses on Shopify permissions, protected customer data, review media, email workflows, support access, subprocessors, and incident readiness.
Last updated: June 23, 2026. Legal entity: Ravanix Technologies L.L.C-FZ, Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.. Privacy: admin@ravanix.app. Support: admin@ravanix.app. Security: security@ravanix.app. Website: https://www.ravanix.app.
Encrypted transport
Production traffic runs over HTTPS for the website, embedded app, APIs, widgets, review request flows, uploads, exports, and Shopify webhooks.
Scoped Shopify access
The app requests only the Shopify scopes needed for product sync, review workflows, order-based requests, customer verification, discounts, themes, and metaobjects.
Sensitive data protection
Customer and order PII is protected with encrypted transport, restricted access, and encryption-at-rest controls for protected fields and backups.
Least-privilege operations
Support and engineering access is role-limited, reviewed, logged, and removed when no longer needed.
Environment separation
Production, test, and local development data stay separate, and production secrets are never committed to the repository.
Incident readiness
Security issues are triaged, contained, documented, communicated, remediated, and followed by prevention work.
Report a security concern.
Share reproduction steps, affected domains, timestamps, and impact through security@ravanix.app or the contact page. Please avoid accessing, changing, or deleting merchant, shopper, order, review, or media data while investigating.
