AI prepares. You approve. That is it.
For local wellness, dental, contracting and professional teams, black-box auto-pilots are a brand liability. Relay Governance provides **Approved Operations**: a glass-box workspace that runs a multi-model debate, flags dissent, routes through dual-stage safety sidecars, and lets you approve every action with a single tap. When Relay recovers your money, it shows its work, designed to keep a human in control.
- Human-in-the-loop by design
- Indirect prompt injection shields
- Multi-model consensus logging
- Exportable tamper-evident receipts
- Flat-rate pricing model
Relay Governance helps you operationalize human-oversight and record-keeping practices. It is not legal advice and does not guarantee compliance with any law.
Why black-box AI fails in local service operations.
Incumbents like GoHighLevel, Podium, and Boulevard treat AI as a binary autonomous switch. But when a black-box scheduler sends a wrong offer, customer trust evaporates. Salesforce's 2025 report reveals that while over 46% [3] of SMBs are adopting AI, 62% [1] cite fear of brand damage as their main barrier. Relay's glass-box model turns control into a product feature: every operation has a visible decision lineage.
62% [1]
Salesforce SMB AI Report (2025): small business owners citing lack of oversight and reputational risk as top barriers.
74% [2]
Journal of Responsible AI (2025): buyers more likely to deploy agentic tools featuring transparent decision logs.
46% [3]
Salesforce Adoption Survey: current active adoption of AI operations tools in modern service businesses.
1.2B [4]
Khodayari et al. (2026): URLs audited to show the rapid real-world prevalence of indirect prompt injections.
The same receipt that validates recovery audits the system.
Relay does not operate on blind trust. When our Slot Rescue or Lapsed Win-Back engines book a client, the system compiles a **Tamper-Evident Recovery Receipt**. This receipt logs the initial calendar vacancy, the candidate scoring list from LiteLLM, NeMo safety confirmations, and the exact second you approved the send. It is a shareable, proof-of-work asset that proves Relay's financial attribution in public while maintaining absolute customer privacy.
Anonymized & Tamper-Evident
Every filled slot and lapsed win-back action produces a tamper-evident receipt. No client PII leaves your database, yet the event verification is shareable with partners, prospects, or auditors.
The Viral Referral Loop
Local business networks thrive on peer trust. Sharing an authenticated tamper-evident recovery receipt showing vacant calendar leaks plugged under direct human approval creates a provable referral asset.
Decoupled Safety Gateway
We route model calls through a local NeMo Guardrails sidecar (port 8090). Safety is enforced at the network gateway level, completely separating data contexts from reasoning engines.
The mathematics of containment: why system prompts fail.
Many platforms attempt to secure AI by adding rules like "Do not exfiltrate data" to prompts. AI safety research demonstrates this is mathematically insecure. Seminal research by Greshake et al. (2023) proved that **Indirect Prompt Injection (IPI)** allows external data (like an incoming email or calendar slot note) to silently hijack model execution. Khodayari et al. (2026) verified the prevalence of these attacks in the wild across 1.2 billion URLs, showing they are actively used for SEO and reputation damage.
Prompt Insecurity (OWASP LLM01:2025)
Because LLMs process data and instructions in a single context window, they cannot distinguish between developer code and external text. A malicious calendar slot description can override system prompts, instructing an autonomous scheduler to book free sessions. Relay mitigates this by requiring **explicit human approval** (Article 14, EU AI Act) for all outbound operations.
Gateway Sidecar Containment (Bhagwatkar et al., 2025)
Relay enforces security at the network gateway before completions return to database engines. All calls pass through NeMo Guardrails on port 8090, running token-level input filters (Rennervate, 2026) and masked trajectory validation (MELON, ICML 2026) to strip PII and block out-of-bounds execution outside your business domain.
Where AI experts disagree, you decide.
A single model can be confidently wrong. Relay Governance runs important decisions through multiple models that review the same question, surface where they disagree, and stress-test the claims before anything reaches you. You do not get one opaque answer. You get the reasoning, the dissent, and a clear recommendation you can accept, change, or reject. This AI is designed to disagree with you when the evidence says it should.
Multi-Model Consensus
Consensus debate run across flagship models from Anthropic, Google, and xAI. Where they disagree, the dissent is preserved.
Indirect Injection Shield
Gateway containment filters untrusted input contexts before they expand, protecting calendars from malicious instructions.
Tamper-Evident Logs
Every model opinion and safety confirmation is logged at the token level, ensuring audit trails are tamper-evident.
Single-Action Queue
The Morning Brief queue simplifies operations. You approve or skip: no prompt design, no homework, full control.
B2B Wellness Playbook
Progressive B2B lead capture funnels to convert corporate packages, stamped with Project Gaia safety receipts.
Zero-EGRESS HIPAA Lane
Local model compilation via Ollama for regulated healthcare providers requiring zero cloud data egress.
Phased compliance timelines under the EU AI Act (2026).
The EU AI Act represents a global benchmark for operations security. High-risk systems—those executing autonomous actions that impact customer databases or invoicing—must provide strict audit logs and human oversight gateways. Our consensus ledgers are designed to meet these record-keeping (Article 12) and control (Article 14) thresholds.
- 2 August 2025 In effect: general-purpose AI model duties, governance framework, and initial prohibited practices.
- 2 August 2026 Original high-risk AI milestone. Digital Omnibus agreement is currently shifting stand-alone audit requirements off this date.
- 2 December 2026 Digital Omnibus agreement: AI-output transparency and content-marking obligations come into full effect.
- 2 December 2027 Digital Omnibus agreement: human-oversight, logging, and record-keeping duties become mandatory for high-risk deployments.
Status as of June 2026: The EU Digital Omnibus on AI has deferred stand-alone high-risk record-keeping obligations to December 2027. Relay provides an early compliance shield, enabling B2B wellness providers to build auditable operating trails long before regulation becomes mandatory.
What we claim, and what we do not.
We do
- Help your team operationalize human-oversight and record-keeping practices the way regulators describe them for higher-risk AI.
- Produce an exportable, human-readable governance trail for every executed action.
- Run important decisions through multiple models and show you where they disagree before you approve.
We do not
- Make you EU AI Act compliant, guarantee compliance, or certify anything.
- Give legal advice or act as a regulatory authority. Pair any regulatory question with your own counsel.
- Classify your AI use as high-risk. That is a legal determination for you and your counsel under the Act.
- Assume the EU AI Act applies to you automatically. It reaches outside the EU only in specific conditions, such as when outputs are used in the EU.
Put a governance trail behind your AI before you need one.
For wellness, dental, contracting and professional teams who need to prove a human stayed in control. Start with the work getting done and grow into a full governance layer.