Security & Trust

Security built into every email

Your data and your senders' trust are our top priority. Here's how we protect them.

Controls

Defense in depth

Every layer of the platform is built with security first.

01

Encryption everywhere

TLS 1.2+ in transit and AES-256 at rest. DKIM signing keys and secrets are encrypted and never exposed.

02

Scoped access & least privilege

API keys are scoped to specific permissions, hashed at rest, instantly revocable, and rate-limited per key. MFA (TOTP) protects accounts.

03

Resilient infrastructure

Monitored infrastructure with automated backups and isolated, per-tenant data separation.

04

Compliance & privacy

GDPR, CCPA, and CAN-SPAM ready, with a Data Processing Addendum (DPA), suppression handling, and one-click unsubscribe built in.

05

Signed webhooks

Outbound events are HMAC-SHA256 signed and timestamped so you can verify authenticity and prevent replay.

06

Responsible disclosure

Found a vulnerability? Email security@relayly.io. We investigate promptly and credit responsible researchers.

Data handling

We act as a processor for the email you send. You can access, export, or delete your data at any time, and request a DPA. We never sell personal data and share it only with vetted subprocessors under contract.

Reporting a concern

Security questions or reports go to security@relayly.io. For privacy requests, contact privacy@relayly.io.