Security is the product.
RelayOne exists to make AI traffic auditable. Security of the governance plane itself is load-bearing. Here is the posture, framework by framework, and the technical story behind tamper resistance.
Compliance frameworks
RelayOne aligns to the frameworks our regulated enterprise customers ask about. For each, the posture is summarized and the artifact available during procurement is named.
Tamper resistance, in two layers
Application layer
Every receipt is signed at the node that produced it with an Ed25519 key specific to that node. Keys are pinned in the evidence bundle's chain-of-custody roster. A receipt modified after signing is detectable by any offline verifier. There is no "trust our logs" step; there is a signature.
Database layer
Receipts are stored in append-only tables with row-level checksums. DB-layer integrity extensions (pgcrypto at minimum; optional TDE extensions for customers with that requirement) defend against operational tampering. The chain does not depend on DB backups being intact; signatures remain verifiable against the public keys even if the DB is lost.
Signing-key lifecycle
- generation: per-node Ed25519 keypairs; private keys in an HSM or KMS chosen by the customer
- rotation: on a schedule or on demand; rotation emits a signed chain-of-custody event
- compromise: a suspected compromise triggers immediate rotation; affected window is marked in evidence; verifier flags it
- offline verification: public keys pinned in every evidence bundle; verification does not require contacting RelayOne
Audit retention
Retention is governed by the customer. RelayOne does not retain customer traffic data beyond what the customer configures. Evidence bundles can be archived to any destination, including tape. Default retention is seven years for regulated tenants; shorter for non-regulated.
Pen test cadence
- annual third-party penetration test of the managed control plane
- semi-annual internal red-team exercise on the policy evaluation engine
- continuous dependency scanning with a named CVE escalation path
- findings summary available under NDA during procurement
Responsible disclosure
Security issues go to {{TBD-security-contact-email}}. PGP key available on request. We acknowledge within one business day; we publish a coordinated advisory when the fix ships. Safe-harbor terms are posted at {{TBD}}.
Adjacent reading
- Evidence bundles: how signed receipts compose into an audit-ready archive
- On-prem posture: the no-cloud integrity story
- Control-plane architecture: the four-layer model