Security is the foundation of RelayOne. As an AI governance platform, we hold ourselves to the highest security standards because our customers trust us to protect their most sensitive AI interactions.
Our security program is built on defense in depth, with multiple layers of protection across infrastructure, application, and data tiers.
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Customer data, audit logs, and policy configurations are encrypted with separate key hierarchies.
Every event in the evidence chain is cryptographically signed and hash-linked to the previous event, creating a tamper-evident log that can be independently verified.
Each organization operates in a fully isolated boundary with separate data storage, policy engines, and access controls. Cross-tenant data access is architecturally impossible.
Role-based access control with principle of least privilege. API keys are scoped to specific organizations and permissions. Session tokens are short-lived with secure cookie attributes.
Production infrastructure runs on hardened cloud instances with automated patching, network segmentation, and continuous vulnerability scanning. All deployments are immutable.
Documented incident response procedures with defined escalation paths, communication protocols, and post-incident review processes. Security incidents are triaged within 30 minutes.
We invest in third-party audits and certifications to give our customers independently verified assurance of our security posture.
Annual audit covering security, availability, and confidentiality trust service criteria.
Data processing agreements, data residency controls, and right-to-erasure support for EU customers.
Technical safeguards aligned with HIPAA Security Rule requirements for healthcare customers.
We welcome responsible security research. If you discover a vulnerability in RelayOne, please report it to our security team at [email protected]. We commit to acknowledging reports within 24 hours and providing an initial assessment within 72 hours.
We do not pursue legal action against researchers who act in good faith and follow responsible disclosure practices. We recognize security researchers in our Hall of Thanks upon request.
Our security team is available to discuss our practices, provide compliance documentation, or answer any questions about how we protect your data.