Skip to main content

Security & Compliance

Revolv3 is designed to provide secure and compliant payment processing while minimizing the compliance burden for merchants.
The key security model is that card data stays with Shopify, while Revolv3 works with tokenized payment information.

Card Data Handling

  • Card details are entered directly in Shopify Checkout
  • Shopify securely handles and tokenizes card data
  • Revolv3 receives only tokenized payment information
  • Revolv3 does not store or process raw cardholder data

PCI DSS Scope

Since card data is collected and processed by Shopify, merchants using Revolv3 fall under a reduced PCI DSS scope (SAQ-A). This means:
  • No direct handling of card data by the merchant
  • No storage of sensitive card information
  • Simplified PCI compliance requirements
Revolv3 operates as a PCI-compliant payment gateway and processes transactions using secure, tokenized data.

Secure Communication

All communication between Shopify and Revolv3 is secured using industry-standard mechanisms:
  • Encrypted HTTPS connections
  • HMAC-SHA256 signature verification
  • Certificate-based validation
  • Domain verification (store-level access control)

Data Protection & Privacy

Revolv3 supports Shopify’s data protection requirements and complies with applicable regulations such as GDPR and CCPA. The integration includes mandatory webhook handling for:
  • Customer data access requests
  • Customer data deletion requests
  • Shop data deletion requests
Revolv3 processes such requests within the required regulatory timeframes.

Key Security Principles

  • No card data exposure outside Shopify
  • Tokenized payment processing
  • Encrypted data transmission
  • Strict access control per merchant/store

Deployment Model

Shopify

  • App registration via Partner Dashboard
  • Payment extension configuration
  • Endpoint registration

Revolv3

  • Backend hosted externally (e.g. Azure Functions)
  • Payment processing logic
  • Database and configuration
Note: No backend code is deployed to Shopify

Summary

The Shopify–Revolv3 integration provides a seamless way to process card payments directly within Shopify checkout while leveraging Revolv3 as the payment gateway. This integration:
  • Minimizes PCI scope
  • Ensures secure processing
  • Provides scalable backend architecture
  • Aligns with Shopify payment platform requirements