RevSync+ Data Handling

Last modified: Nov 01, 2025

  • Overview
  • Network Architecture
  • Encryption and
    Compliance Validation
  • Data Storage, DSF
    Protection & Redundancy
  • AI Processing Workflow
  • Privacy and Redaction Controls
  • Retention, Access, and Failover
  • AI Model Policy – Closed-System Only
  • Conclusion

1. Overview

RevSync+ is Revcord’s secure synchronization, backup, and AI-analytics framework that extends Revcord’s cloud infrastructure to third-party logging platforms. It allows agencies to preserve their existing recorders—such as Verint, NICE, or Eventide—while gaining access to Revcord’s TRG-hosted redundancy, AI analytics, and compliance-driven data-lifecycle management.
All data transmitted through RevSync+ is stored within Revcord’s CJIS-aligned data center and processed using ReVI (Revcord Voice Intelligence)—Revcord’s closed-system AI suite for transcription, redaction, QA evaluation, and summary generation.
This lets public-safety and enterprise users modernize data management and analytics without replacing their current loggers, while maintaining complete compliance and auditability.

2. Network Architecture

Each customer logger establishes a single outbound TLS-encrypted HTTPS (TCP 443) connection from the on-premise environment to Revcord’s TRG data center.

  • Outbound-Only Connectivity: No inbound connections, VPNs, or open firewall ports are required.
  • Customer-Initiated Sessions: All transfers originate from the customer’s network, maintaining firewall integrity.
  • Archived Data Transfer: RevSync+ collects and archives recordings and metadata from existing loggers for backup and AI processing—no direct system replacement.
This architecture removes inbound exposure and upholds segmentation best practices consistent with CJIS and NIST standards.

3. Encryption and Compliance Validation

All transfers between the customer logger and Revcord’s environment are end-to-end encrypted and authenticated with X.509 certificates.

  • In-Transit Encryption: TLS 1.2 or higher with certificate-based authentication.
  • At-Rest Encryption: AES-256 applied to all datasets and databases.
  • Hosting Certifications (TRG): SOC 2 Type II, ISO 27001, HIPAA, and PCI-DSS.
  • Revcord Controls: Continuously validated through Vanta, mapped to NIST 800-171, CJIS, and HIPAA control sets with ongoing evidence monitoring.

All customer data remains inside the certified TRG boundary, ensuring compliance continuity from transfer through retention.

4. Data Storage, DSF Protection, and Redundancy

RevSync+ employs a CJIS-compliant, triple-redundant storage model integrated with Revcord’s dual-layer DSF security architecture:

  1. Primary Storage: Within TRG’s TrueNAS (ZFS) and Synology clusters.
  2. Mirrored Replication: Local NAS mirror for high availability.
  3. Encrypted Off-Site Archive: Geographically distinct disaster-recovery vault.

Dual-Layer Encryption Model

Layer 1 – DSF Logical Encryption

  • All recordings are encoded in Revcord’s proprietary DSF (Digital Storage Format), a binary container unreadable by any standard audio software.
  • DSF files can only be played within authorized Revcord applications (Logger, RevView, ReVI, or RevSync+).
  • Each file embeds its own hash and database binding for tamper detection.
  • If a DSF file is copied or modified, it fails checksum validation and cannot be opened—providing logical encryption and self-validation.

Layer 2 – Physical AES-256 Encryption

  • TrueNAS and Synology volumes use AES-256 hardware-accelerated encryption with keys stored in Revcord’s TRG secure key vault.
  • Keys are rotated annually and never reside on the physical devices.
  • Drives removed from service remain unreadable without the vaulted keys.

These combined mechanisms deliver logical and cryptographic protection, exceeding CJIS 5.9.1.2 and NIST 800-171 §3.13.16 requirements for data at rest.

Default retention is five years and may be extended per customer policy. All volumes are subject to daily integrity checks and Vanta-monitored evidence logging.

5. AI Processing Workflow

Once archived, data is queued for processing by ReVI within Revcord’s GPU cluster environment at TRG.

  • Processing Boundary: All AI inference occurs inside the SOC 2 / ISO 27001-certified TRG network. No external APIs or internet AI services are used.
  • Functions: Transcription, redaction, sentiment analysis, QA scoring, and summaries.
  • Data Residency: All outputs remain inside the customer’s tenant partition within TRG.
  • Model Metrics: Only aggregate, non-identifiable performance statistics may be used internally for accuracy validation; no audio ever leaves the environment.

6. Privacy and Redaction Controls

ReVI automatically detects and masks regulated information (PHI, PII, PCI, CJIS content):

  • Dual Copies: Maintains both redacted and unredacted records.
  • Role-Based Access: Only CJIS-cleared or HIPAA-certified users can view unredacted data.
  • Audio & Text Masking: Text is blacked out with context tags (e.g., “SSN”), while audio segments emit a brief beep to mark redacted content.
  • Compliance Exports: Redacted copies are safe for FOIA and court submission.

This process enforces consistent privacy protections across both media and text domains.

7. Retention, Access, and Failover

RevSync+ and ReVI operate under a zero-trust access framework managed through Teleport + Authentik for SSO and MFA.

  • Comprehensive Logging: All access and exports are captured by Wazuh SIEM for audit evidence.
  • Availability: Active-Active cluster operation with failover to Revcord’s private Houston network.
  • Integrity: TrueNAS ZFS snapshots and Synology heartbeat replication support instant rollback and data integrity verification.

8. AI Model Policy – Closed-System Only

Revcord’s AI operations use only closed, Revcord-developed models, ensuring all processing remains within CJIS and HIPAA boundaries.

  • No External Inference: No AWS, Azure, Google, or OpenAI connectivity.
  • Controlled Environment: All training and inference occur on Revcord GPU clusters inside TRG.
  • Redaction Standards: ReVI automatically beeps and masks sensitive segments without exporting audio outside the secure boundary.

This model fully eliminates third-party data exposure risks while retaining complete CJIS alignment.

9. Conclusion

RevSync+ with ReVI and DSF dual-layer encryption delivers a comprehensive information-assurance framework for third-party logger integration.

Every stage—from TLS-secured ingress to GPU inference and AES-encrypted archival—is governed under Revcord’s Vanta-monitored controls and TRG’s certified infrastructure.

For public-safety IT and network administrators, the solution provides:

  • Zero inbound network exposure
  • Continuous encryption and auditable compliance
  • Proprietary DSF logical encryption plus physical AES-256 volume encryption
  • Automated audio and text redaction with verifiable audit trails
  • Closed-model AI processing within CJIS-aligned boundaries
  • Redundant five-year archival storage with instant failover

 

This combined architecture ensures that all customer recordings are simultaneously unplayable without Revcord software and unreadable without encrypted storage keys — a dual-lock protection approach that meets and exceeds CJIS, NIST, and HIPAA requirements for confidentiality, integrity, and availability.