Rava ReviewsRava Reviews.
Security

Security practices for review, order, customer, and media workflows.

Rava Reviews security focuses on Shopify permissions, protected customer data, review media, email workflows, support access, subprocessors, and incident readiness.

Last updated: June 23, 2026. Legal entity: Ravanix Technologies L.L.C-FZ, Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.. Privacy: admin@ravanix.app. Support: admin@ravanix.app. Security: security@ravanix.app. Website: https://www.ravanix.app.

01

Encrypted transport

Production traffic runs over HTTPS for the website, embedded app, APIs, widgets, review request flows, uploads, exports, and Shopify webhooks.

02

Scoped Shopify access

The app requests only the Shopify scopes needed for product sync, review workflows, order-based requests, customer verification, discounts, themes, and metaobjects.

03

Sensitive data protection

Customer and order PII is protected with encrypted transport, restricted access, and encryption-at-rest controls for protected fields and backups.

04

Least-privilege operations

Support and engineering access is role-limited, reviewed, logged, and removed when no longer needed.

05

Environment separation

Production, test, and local development data stay separate, and production secrets are never committed to the repository.

06

Incident readiness

Security issues are triaged, contained, documented, communicated, remediated, and followed by prevention work.

Responsible disclosure

Report a security concern.

Share reproduction steps, affected domains, timestamps, and impact through security@ravanix.app or the contact page. Please avoid accessing, changing, or deleting merchant, shopper, order, review, or media data while investigating.