Trust · IndexPress once. The receipts
Press once. The receipts
are already filed.
A quiet posture page. The work behind the press button, how it is secured, how data is handled, which frameworks govern us, and who we rely on, is documented here, in plain language, and kept current.
, 01
Security
Defense-in-depth across identity, data, platform, and people.
Read more →
, 02
Privacy
Plain-language companion to the legal Privacy Policy. Customer rights, exercised in one click.
Read more →
, 03
Compliance
Live status of every framework. SOC 2, GDPR, HIPAA, ISO 27001, DPDP, CCPA.
Read more →
, 04
Data handling
Lifecycle of session data, capture, retention, anonymization, deletion.
Read more →
, 05
Sub-processors
Every vendor that touches customer data, with purpose, region, and DPA link.
Read more →
, 06
Responsible disclosure
How to report a vulnerability. Safe harbor, contact, response SLA.
Read more →
State of compliance · May 2026
Where every framework stands today.
- SOC 2 Type IIIn progress · audit window opened
- GDPRIn place · EU posture across data, DPAs, and rights
- HIPAABAA available on Enterprise
- ISO 27001Planned · post Series A
- DPDP (India)India-resident handling for India customers
Frequently asked
- Where is customer data stored?
- Production data lives in AWS, in the region you select at signup, US, EU, UK, India, or Australia. Backups stay region-bound and encrypted. The full region map is in /trust/data-handling.
- Do you train AI models on customer code or prompts?
- No. Customer code, prompts, screen-share, and session transcripts are never used to train a foundation model, not ours, not a vendor's. The commitment is in /trust/data-handling.
- How do I get a signed DPA before onboarding?
- Email support@relay.green and we'll send the executable DPA same-day. The standard form (with EEA SCCs Module 2, UK Addendum, and India DPDP-aligned clauses) is at /legal/dpa.
- What's your SOC 2 status?
- Type II audit window opened in 2026. Live status is at /trust/compliance. Auditor reports are available under NDA, support@relay.green for the request.
- How do you handle sub-processor changes?
- Every sub-processor is listed at /trust/subprocessors with purpose, region, and DPA on file. New sub-processors are announced 30 days before they go live; subscribe via support@relay.green.
- Can a Relay engineer see my code without my consent?
- No. The engineer joins what you put on the screen share or paste into chat. We don't ingest your repo, your editor history, or your AI tool's context unless you share it during the session.
Further reading
- White paperCompliance architecture for AI-built softwareAudit trails, the sessioned record, and what SOC 2 + ISO 27001 actually require when most of the code in your company isn’t written by your engineers.
- White paperHIPAA and the press: training a bench for PHIHow we trained, certified, and segmented a bench of engineers to handle protected health information at the moment a builder presses for help.
Last updated: May 2026