Back to blog
Security

Relay achieves SOC 2 Type II certification

Validating our security controls and data handling practices for teams with enterprise compliance requirements.

Alex Morgan

Alex Morgan

Relay Team

Relay achieves SOC 2 Type II certification

Relay has completed a SOC 2 Type II audit covering security, availability, and confidentiality controls across Relay Cloud and our internal operations.

What this covers

The audit evaluated how we manage access, change control, incident response, vendor risk, and customer data handling over a continuous observation period. It includes our runner infrastructure, artifact storage, and admin tooling.

For security and platform teams

Enterprise customers can request our SOC 2 report under NDA from Settings → Compliance or through your account team.

We also publish a subprocessor list, data retention defaults, and encryption details in our security documentation.

What we are improving next

Certification is a checkpoint, not a finish line. Current work includes tighter secret scanning in pipeline configs, expanded audit log exports, and additional regional data residency options.

If you have specific compliance requirements, we would like to hear from you — many of our roadmap items started in security review calls with customers.