v3.5 · CONCEPT
Security

We move it.
We don't read it.

Relay is the pipe, not the keeper. Your context is encrypted end to end and opaque to us; only the sender and receiver hold the keys. Single-use Codes are spent on receipt and purged from our servers.

How it's protected

Four guarantees.

End-to-end encryption
Encrypted with a client-side key, in transit (TLS) and at rest. Standard and above. The key is derived from your credentials, not ours.
Opaque to Relay
We route context; we never see your plaintext. The pipe carries the payload without reading it, and nothing is retained on the free tier.
Provenance & audit
Every transfer carries a chain of custody: who created it, who received it, every hop and timestamp. Audit trails on Team and above.
Your infrastructure
On-prem deployment on Enterprise. Run Relay in your own environment: your servers, your keys, your rules.
Chain of custody

Every transfer leaves a trail.

Created
Sender encrypts client-side and mints a single-use Code. Stamped with who, when, and a content hash.
Relayed
We carry the opaque payload across the wire. We move it, we don't read it. No plaintext ever touches us.
Received
Receiver decrypts with their key. The hash is verified on arrival, so tampering shows up.
Spent
The single-use Code is purged on receipt. The provenance record remains for audit on Team and above.
In detail

The whole posture.

Data
Encryption in transit
TLS for everything to and from our infrastructure.
Encryption at rest
Stored encrypted; synced data adds end-to-end encryption.
Codes spent on receipt
Single-use Codes are purged from the server once received.
Retention you control
No retention on the free tier; configurable on paid plans.
Access & consent
Consent-gated sharing
Cross-user shares go through request → approve → receive.
Org visibility controls
Scope who can see and receive context across your org.
Durable connections
Approved connections skip the gate next time, with a record.
Hash-verified payloads
Transfers carry an integrity hash, checked on receipt.
Operations
Content opaque to Relay
We move the payload; we don't read it.
Chain of custody
Created, received, forwarded, spent — all timestamped.
Payments via Stripe
PCI handled by Stripe; we don't store card data.
On-prem option
Keep everything inside your own perimeter (Enterprise).

Compliance, in progress.

Relay is in Early Access. SOC 2 and independent penetration testing are on the near-term roadmap, not yet certified; we won't claim a badge we haven't earned. Want our current security posture, architecture notes, or data-handling details? Ask and we'll share them.

SOC 2 · planned Pen test · planned DPA · on request
Request our security overview → See the platform

Context in.
Context out.

Encrypted end to end, opaque to us, yours to govern. Join the Loop and put it to work.

Join the Loop →
Registration is open — access by activation code as Early Access expands.