> ## Documentation Index
> Fetch the complete documentation index at: https://docs.revolv3.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Compliance

> How Revolv3 keeps Shopify card data secure and minimizes PCI scope.

## Security & Compliance

Revolv3 is designed to provide secure and compliant payment processing while minimizing the compliance burden for merchants.

<Info>
  The key security model is that card data stays with Shopify, while Revolv3 works with tokenized payment information.
</Info>

### Card Data Handling

* Card details are entered directly in Shopify Checkout
* Shopify securely handles and tokenizes card data
* Revolv3 receives only tokenized payment information
* Revolv3 does not store or process raw cardholder data

### PCI DSS Scope

Since card data is collected and processed by Shopify, merchants using Revolv3 fall under a reduced PCI DSS scope (SAQ-A).

This means:

* No direct handling of card data by the merchant
* No storage of sensitive card information
* Simplified PCI compliance requirements

Revolv3 operates as a PCI-compliant payment gateway and processes transactions using secure, tokenized data.

### Secure Communication

All communication between Shopify and Revolv3 is secured using industry-standard mechanisms:

* Encrypted HTTPS connections
* HMAC-SHA256 signature verification
* Certificate-based validation
* Domain verification (store-level access control)

### Data Protection & Privacy

Revolv3 supports Shopify’s data protection requirements and complies with applicable regulations such as GDPR and CCPA.

The integration includes mandatory webhook handling for:

* Customer data access requests
* Customer data deletion requests
* Shop data deletion requests

Revolv3 processes such requests within the required regulatory timeframes.

### Key Security Principles

* No card data exposure outside Shopify
* Tokenized payment processing
* Encrypted data transmission
* Strict access control per merchant/store

## Deployment Model

### Shopify

* App registration via Partner Dashboard
* Payment extension configuration
* Endpoint registration

### Revolv3

* Backend hosted externally (e.g. Azure Functions)
* Payment processing logic
* Database and configuration

Note: No backend code is deployed to Shopify

## Summary

The Shopify–Revolv3 integration provides a seamless way to process card payments directly within Shopify checkout while leveraging Revolv3 as the payment gateway.

This integration:

* Minimizes PCI scope
* Ensures secure processing
* Provides scalable backend architecture
* Aligns with Shopify payment platform requirements
