Defense in depth, by layer.
Four answers to four questions: who is allowed in, what protects the data once they are, what stops the platform from being a single point of failure, and which humans we trust enough to put behind the dot.
Identity
SSO via SAML and OIDC for customer accounts. SCIM provisioning for Enterprise. Hardware-key MFA is mandatory for every Relay engineer who can join a session, no exceptions, no SMS fallback. Customer access is scoped to the tenant; engineer access is scoped to the active session and revoked when the session ends.
Data
Encryption at rest with AES-256 and in transit with TLS 1.3. Per-tenant logical isolation across application data, session transcripts, and screen-share recordings. Customer code and prompts are never used to train a foundation model, not ours, not a vendor's. Backups are encrypted, region-bound, and tested quarterly.
Platform
Least-privilege IAM by default. Production access requires hardware MFA plus a just-in-time approval window; standing admin credentials do not exist. Infrastructure as code, signed commits, mandatory peer review on production changes. Continuous vulnerability scanning across containers, dependencies, and infrastructure.
People
Background checks on every engineer before bench placement. Signed code of conduct and confidentiality agreement. Annual security training, tracked. Quarterly tabletop exercises for incident response. Engineers are paid by a Relay-controlled entity under a unified employment standard, we do not contract through marketplaces, and we do not aggregate freelancers.
Auditor reports, including SOC 2 Type II once issued, are available to enterprise prospects under NDA. Request the report.