We take the security of Revial seriously. If you've found a vulnerability in our platform, we want to hear from you.

How to report

Email support@revial.ai with "Security" in the subject line. Include:

A description of the vulnerability and its potential impact
Steps to reproduce
Any relevant screenshots, logs, or proof-of-concept code
Your name or handle if you'd like to be credited

We'll acknowledge your report within 2 business days and keep you updated as we investigate.

Scope

In scope:

revial.ai and all subdomains
The Revial web application and API
Our authentication and data handling flows

Out of scope:

Social engineering of Revial employees, customers, or partners
Physical attacks against Revial offices or infrastructure
Denial-of-service attacks
Automated scanning that generates significant traffic
Findings from third-party services we use (report those directly to the vendor)
Missing security headers or best-practice recommendations without a demonstrated impact

Safe harbor

We will not pursue legal action against researchers who:

Make a good-faith effort to avoid privacy violations, data destruction, and service disruption
Only interact with accounts they own or have explicit permission to access
Give us reasonable time to investigate and remediate before public disclosure
Do not exploit the vulnerability beyond what is necessary to demonstrate it

What we offer

Revial does not operate a paid bug bounty program. We acknowledge valid reports publicly (with your permission) in our security acknowledgements and are happy to provide a written confirmation of your contribution for your portfolio.

Contact

support@revial.ai

Last updated: 20 April 2026