Read-only by default
RevLint observes. You approve remediation.
The MVP is designed as a diagnostic and advisory platform. It does not mutate your Stripe account, your Shopify store, or your production database.
No write scopes
Connected-account monitoring is designed around read-only Stripe permissions for customers.
No card data
RevLint stores Stripe object IDs, metadata, and normalized status, not raw card numbers.
Encrypted tokens
OAuth credentials are encrypted at rest using vetted Node.js crypto primitives.
Raw-body webhooks
Webhook routes verify Stripe signatures against the raw request body before processing events.
Audit logs
Scans, reports, admin access, and findings are logged by workspace.
No secrets in forms
The ingest and lead guardrails reject common pasted API keys, JWTs, tokens, and private keys.
Read-only by design
RevLint watches the signals. Your team stays in control.
RevLint mirrors and ingests revenue signals, generates deterministic findings, and packages evidence. It does not cancel subscriptions, issue refunds, change Shopify orders, mutate your production database, or submit disputes automatically.