Relay achieves SOC 2 Type II certification
Validating our security controls and data handling practices for teams with enterprise compliance requirements.
Alex Morgan
Relay Team
Relay has completed a SOC 2 Type II audit covering security, availability, and confidentiality controls across Relay Cloud and our internal operations.
What this covers
The audit evaluated how we manage access, change control, incident response, vendor risk, and customer data handling over a continuous observation period. It includes our runner infrastructure, artifact storage, and admin tooling.
For security and platform teams
Enterprise customers can request our SOC 2 report under NDA from Settings → Compliance or through your account team.
We also publish a subprocessor list, data retention defaults, and encryption details in our security documentation.
What we are improving next
Certification is a checkpoint, not a finish line. Current work includes tighter secret scanning in pipeline configs, expanded audit log exports, and additional regional data residency options.
If you have specific compliance requirements, we would like to hear from you — many of our roadmap items started in security review calls with customers.