Trust · Compliance

Frameworks, live status.

One table, kept current. Where we are with every framework that governs how Relay handles customer data, what it covers, what window it applies to, and where to read further.

Framework
Status
Period
Detail
SOC 2 Type II
In progress
Audit window: Apr 2026 – Sep 2026
Trust Services Criteria: Security, Availability, Confidentiality. Type I attestation issued; Type II report on completion of the observation window.
GDPR
In place
Continuous
EU data residency option. Standard Contractual Clauses on every transfer. DPAs available on request. Data Protection Officer: support@relay.green.
HIPAA
BAA available · Enterprise
Continuous
Business Associate Agreement available on Enterprise plans. Administrative, physical, and technical safeguards mapped to 45 CFR §164.
ISO 27001
Planned
Target: post Series A
Information Security Management System scoped. External certification body to be selected after Series A close.
DPDP (India)
In place
Continuous
India-resident handling for India customers. Notice and consent flows aligned to the Digital Personal Data Protection Act, 2023.
CCPA / CPRA
In place
Continuous
California consumer rights honored across all plans. Do Not Sell or Share signal respected. Annual training for personnel handling consumer data.

Auditor reports.

Full attestation reports, including SOC 2 Type II once issued, are available to enterprise prospects under NDA. Send the request and we will route it to the security team.

Request a report ← Back to Trust