Trust · IndexPress once. The receipts
Press once. The receipts
are already filed.
A quiet posture page. The work behind the press button, how it is governed, how data is handled, which frameworks apply, and who we rely on is documented here, in plain language, and kept current.
, 01
Privacy
Plain-language companion to the legal Privacy Policy. What we collect, how we use it, and how to reach us.
Read more →
, 02
Compliance
Current framework posture across GDPR, HIPAA, ISO 27001, DPDP, CCPA, and SOC 2 readiness.
Read more →
, 03
Data handling
Lifecycle of session data, capture, retention, anonymization, deletion.
Read more →
, 04
Sub-processors
Every vendor that touches customer data, with purpose, region, and role.
Read more →
State of compliance · June 2026
Where every framework stands today.
- SOC 2 Type IIIn progress · audit window opened
- GDPRIn place · EU posture across data processing, consent, and rights
- HIPAABAA available on Enterprise
- ISO 27001Planned · post Series A
- DPDP (India)India-resident handling for India customers
Frequently asked
- Where is customer data stored?
- Production data lives in AWS, in the region you select at signup, US, EU, UK, India, or Australia. Backups stay region-bound and encrypted. The full region map is in /trust/data-handling.
- Do you train AI models on customer code or prompts?
- No. Customer code, prompts, screen-share, and session transcripts are never used to train a foundation model, not ours, not a vendor's. The commitment is in /trust/data-handling.
- What's your SOC 2 status?
- SOC 2 readiness work is in progress. Live status is at /trust/compliance. Auditor reports, once issued, are available under NDA through support@relay.green.
- How do you handle sub-processor changes?
- Every sub-processor is listed at /trust/subprocessors with purpose, region, and role. Material changes are announced before they go live; subscribe via support@relay.green.
- Can a Relay engineer see my code without my consent?
- No. The engineer joins what you put on the screen share or paste into chat. We don't ingest your repo, your editor history, or your AI tool's context unless you share it during the session.
Further reading
- White paperCompliance architecture for AI-built softwareAudit trails, the sessioned record, and what SOC 2 + ISO 27001 actually require when most of the code in your company isn’t written by your engineers.
- White paperHIPAA and the press: training a bench for PHIHow we train, segment, and govern a bench of engineers to handle protected health information at the moment a builder presses for help.
Last updated: June 2026