Trust Center
Last updated: June 9, 2026
Reactiv is committed to protecting the data our merchants and their customers entrust to us. Our platform is hosted on Amazon Web Services in the United States and built with a defense-in-depth approach across our infrastructure, application, and operational practices. We believe in transparency: the third-party sub-processors we rely on, our service-level commitments, and our privacy practices are all published openly on this site.
This Trust Center gives a high-level overview of Reactiv's security posture and links to the documents that describe our practices in detail.
Our approach
Reactiv does not currently hold a SOC 2, ISO 27001, or other third-party security certification, and we do not make any certification claims. As our compliance program matures, we will update this page accordingly.
By design, Reactiv minimizes the sensitive data it handles. We rely exclusively on Shopify for both merchant and shopper authentication, as well as checkout — Reactiv does not maintain its own merchant or shopper accounts or credentials, and never collects, stores, or processes payment card data. This keeps payment processing and account security within Shopify, which is certified PCI DSS Level 1 (the highest tier of payment-card security certification), reduces our exposure to sensitive data, and allows Reactiv to integrate seamlessly with your existing Shopify store.
Key resources
- Security Overview — hosting, encryption, access controls, logging, and incident response
- Privacy Policy — how we collect, use, and protect personal data
- Sub-processors — the third parties we use to deliver the service
- Service Level Agreement — availability targets, incident response, and recovery objectives
- Data Processing Addendum — our contractual data-protection commitments
- System status — real-time service health; subscribe there for incident updates
Contact
For security questions, or to report a potential vulnerability, please contact us at support@reactiv.ai.