Framework
Status
Period
Detail
SOC 2 Type II
In progress
Audit window: Apr 2026 – Sep 2026
Trust Services Criteria: Security, Availability, Confidentiality. Readiness work and evidence collection are underway; formal reports are shared once issued.
GDPR
In place
Continuous
EU data residency option. Consent, access, deletion, and cross-border transfer controls are documented in the Privacy Policy. Data Protection Officer:
dpo@relay.green.
HIPAA
BAA available · Enterprise
Continuous
Business Associate Agreement available on Enterprise plans. Administrative, physical, and technical safeguards mapped to 45 CFR §164.
ISO 27001
Planned
Target: post Series A
Information Security Management System scoped. External certification body to be selected after Series A close.
DPDP (India)
In place
Continuous
India-resident handling for India customers. Notice and consent flows aligned to the Digital Personal Data Protection Act, 2023.
CCPA / CPRA
In place
Continuous
California consumer rights honored across all plans. Do Not Sell or Share signal respected. Annual training for personnel handling consumer data.