More than 1M+ users trust Rev to securely transcribe, caption, and subtitle their content. You can visit our Legal Center to view our Terms of Service, Privacy Policy, and other legal documentation.
Security Statement
Rev.com's security program is built on a foundation of industry-leading standards and best practices. We are committed to protecting your data with a multi-layered approach that includes encryption, access controls, regular assessments, and incident response.
Rev.com adheres to stringent industry standards and regulations to ensure the confidentiality, integrity, and availability of your data.
Core Security Frameworks
SOC 2 Type 2
(System and Organization Controls 2)
Think of this as an independent audit of our security practices. A certified auditor examines our controls over a period of time (Type 2) to verify that we are consistently protecting your data.
Specifically, it focuses on these "trust service criteria":
- Security: Protecting data from unauthorized access.
- Availability: Ensuring our services are reliably accessible.
- Confidentiality: Keeping sensitive information private.
- Processing Integrity: Ensuring data is processed accurately and completely.
Essentially, SOC 2 Type 2 demonstrates that we have robust, documented, and consistently applied security controls.
HIPAA
(Health Insurance Portability and Accountability Act)
If you're dealing with any health-related information, HIPAA is crucial. It sets strict rules for protecting "protected health information" (PHI).
Rev.com implements specific safeguards to ensure PHI is handled securely, including:
- Administrative Safeguards: Policies and procedures governing access to PHI.
- Physical Safeguards: Measures to control physical access to systems and facilities.
- Technical Safeguards: Technology-based controls, such as encryption and access controls.
We take HIPAA extremely seriously and have implemented controls to protect any PHI that may be processed through our services.
HIPAA compliance is available for Enterprise plans only. Contact our sales team to discuss a plan tailored to your needs.
GDPR
(General Data Protection Regulation)
This is a European Union regulation that applies to any organization that processes the personal data of EU residents. It gives individuals greater control over their personal data and imposes strict obligations on organizations.
Key aspects of our GDPR compliance include:
- Data Minimization: Collecting only the necessary data.
- Purpose Limitation: Using data only for its intended purpose.
- Data Subject Rights: Providing individuals with rights like access, rectification, and deletion of their data.
- Data Protection Impact Assessments (DPIAs): Assessing and mitigating privacy risks.
Even if you are not based in the EU, GDPR best practices are implemented company-wide.
Practical Security Measures at Rev.com
Here's how these frameworks translate into concrete security measures.
Data Encryption and Storage
We encrypt your data both "in transit" (while it's being transmitted) and "at rest" (while it's stored). This means that even if someone were to intercept or access the data, it would be unreadable without the decryption key. Communications between you and Rev servers are encrypted via industry best practices (HTTPS and Transport Layer Security 1.2). TLS is also supported for the encryption of emails.
Rev backs up data constantly to prevent any loss or corruption. All Rev & customer data is hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities in the United States.
We maintain a redundant infrastructure with 99.9% uptime. All customer data is accessible to staff only to the extent necessary to perform the required work. And just like our customer support, our Security Team is on call 24/7 to respond to security alerts and events.
You can learn more about Rev's security standards on our Security Information page.
Access Controls
We implement strict access controls to limit who can access your data. Only authorized personnel with a legitimate business need can access sensitive information.
We utilize the principle of least privilege, meaning employees only have access to the data that is required for their job function.
Regular Security Assessments
We conduct regular vulnerability scans, penetration testing, and security audits to identify and address any potential security weaknesses.
We also conduct regular security awareness training for our employees to ensure they understand their role in protecting data.
Incident Response
We have a comprehensive incident response plan in place to handle any security incidents quickly and effectively.
This includes procedures for detecting, containing, and recovering from incidents.
Data Center Security
Our data is stored within secure data centers with physical security measures such as surveillance, access control, and environmental controls.
Vendor Management
We carefully vet our third-party vendors to ensure they meet our security standards.
AI Services FAQ
At Rev.com, we understand that civil law firms handle highly sensitive and confidential information. We are committed to ensuring the security, privacy, and integrity of your data. Below are answers to common questions about how Rev safeguards your information when using our AI-powered transcription and captioning services.
How does Rev ensure data security and confidentiality?
Rev employs industry-leading security measures to protect customer data, including encryption in transit and at rest, secure data storage, and access controls. We comply with stringent data protection regulations and regularly review our security policies to ensure continued compliance and effectiveness.
Is Rev HIPAA compliant?
Yes. Rev Enterprise is HIPAA-compliant, meaning we adhere to the rigorous security and privacy standards required to protect healthcare-related information. We have appropriate administrative, physical, and technical safeguards in place to ensure the confidentiality and integrity of protected health information (PHI). As required by HIPAA, Business Associate Agreements (BAA) are needed for customers sharing PHI. Speak with our sales team to learn more about Rev Enterprise accounts.
Does Rev use customer data to train AI models or large language models (LLMs)?
No. Rev does not use customer data, including transcripts, captions, or any other uploaded content, to train AI models or large language models (LLMs). Rev does not share or allow any third-party data processors to train on customer data. Rev only trains proprietary automatic speech recognition (ASR) models to improve speech-to-text accuracy while ensuring that customer data remains private and secure.
How does Rev handle customer data after a transcript is completed?
Rev retains data only as long as necessary to provide our services or as required by law. Customers can delete files from their accounts at any time, and Rev follows strict data retention and deletion policies to ensure that customer data is not stored beyond its intended use.
Will Rev respond to subpoenas requesting access to customer data?
No. Rev does not respond to subpoenas requesting access to customer data. We take customer privacy seriously and do not provide third-party access to customer files, transcripts, or other confidential information without explicit legal requirements and due process.
Who has access to my data within Rev?
Access to customer data is strictly limited to authorized personnel who need it to fulfill service requests. Rev employs role-based access controls (RBAC), multi-factor authentication, and logging mechanisms to prevent unauthorized access to customer information.
Does Rev offer enterprise-level security features for law firms?
Yes. Rev provides enterprise-grade security features, including SOC 2 Type II compliance, secure API integrations, single sign-on (SSO), dedicated data processing agreements, and custom retention policies. We work with law firms to meet their specific security and compliance needs.
How does Rev ensure data sovereignty and keep data within the US?
Rev enforces data sovereignty policies to ensure that all customer data is processed and stored within the United States. Our secure infrastructure is designed to comply with US data protection regulations, providing law firms with confidence that their sensitive information remains within US jurisdiction and under applicable legal protections.
How can I ensure my firm’s data is handled securely when using Rev?
We recommend utilizing Rev’s secure upload portals, enforcing strong access controls within your firm’s Rev account, and leveraging our security settings to manage data retention. If you have specific security concerns, our enterprise team can work with you to tailor security solutions.
General Security FAQ
Can I request a copy of your standard NDA?
We would be glad to provide you with a signed copy of our standard NDA. Please email support@rev.com to request this.
Can the service and/or an employee read my transcripts?
If you request human transcription services, Rev’s professional transcribers (“Revvers”) will be able to access your files as they work with them. Support staff and engineering have limited visibility into your transcripts and files to assist with customer support and debugging. Aside from those instances, most Rev employees do not have access to your transcripts or audio files.
Can the service and/or an employee access my audio files?
If you request human transcription services, Rev’s professional transcribers (“Revvers”) will be able to access your files as they work with them. Support staff and engineering have limited visibility into your transcripts and files to assist with customer support and debugging. Aside from those instances, most Rev employees do not have access to your transcripts or audio files.
Are audio files and/or transcriptions stored on company servers?
Yes.
Are my data, audio files, and transcripts encrypted on company servers or while in transit?
Rev uses technical security measures to guard against unauthorized access to Personal Data that is being transmitted over an electronic communications network, including a mechanism to encrypt electronic information whenever appropriate, such as while in transit or in storage on networks or systems to which unauthorized individuals may have access. All files are stored in proper HIPAA-compliant cloud facilities.
Can you explain the encryption workflow for every transcription, from when I upload to long-term storage of data
Every upload is secured through HTTPS/TLS/SSL. The storage disks are encrypted at rest, meaning that even if the storage drive was physically stolen it would be impossible to read the data.
Is my data shared and/or sold to a third party?
We do not sell your data to any third parties. The only user data shared is tied to orders placed by a customer for services provided by an approved subprocessor as listed on our Data Processing Addendum (DPA).
What data is shared with third parties and why?
Same answer as above. Further, Rev imposes contractual obligations on any such Subprocessor that are substantially the same and are no less protective of Personal Data as those imposed on Rev to ensure they meet or exceed the same security requirement Rev provides our users.
How does the company handle requests for my data, audio files, and transcripts from law enforcement or private investigators?
All requests from law enforcement or private investigators are reviewed by our legal counsel prior to providing any user data or files. Rev's legal council advises on what we are required to provide, when applicable.
What technology is used to train your transcription service?
Rev is trained on the largest and most diverse dataset of voices, which comprises over 7 million hours of voice collected since 2010. Rev’s data is not a purchased bank of recordings but represents real voices that are submitted for transcription. Furthermore, Rev uses a unique continuous feedback loop between the AI and more than 72,000 human transcriptionists (“Revvers”) to train the AI. This continuous feedback loop has allowed Rev’s AI to progress to the point that its most recent ASR model is capable of over 95% accuracy itself, and 99%+ accuracy when combined with humans. Rev’s data continues to grow as customers submit recordings, which is what has allowed Rev to train its most recent automated speech recognition (ASR) model with 730+ years worth of audio.
Do you use my audio and transcription files to train your service?
Yes. See above.
Do you use artificial intelligence to transcribe audio files? If so, what kind?
Yes. Rev’s most recent Automatic Speech Recognition (ASR) model is capable of over 95% accuracy in real-time, making it the world’s most accurate ASR across languages, dialects, and genders. Instead of combining multiple separately trained components, the model is a single neural network trained in an end-to-end model as one unit, learning as it goes.
Who owns the intellectual property rights to my audio and transcription files?
You own the intellectual property rights to your content.
Does Rev have dedicated data usage explanations (besides a privacy policy)?
Rev has a Data Processing Addendum.
For further questions, please contact our security and compliance team at security@rev.com.