How does RelayLaunch protect my business data?

Data is encrypted in transit and at rest through our cloud providers. Client data is tenant-scoped with database policies, service-side tenant checks, and audit logging designed to prevent cross-tenant access.

Does RelayLaunch train AI models on my data?

No. RelayLaunch uses seven commercial API providers (Anthropic, DeepSeek, xAI, Zhipu AI, MiniMax, Perplexity, Google) under terms that prohibit training on customer inputs. Your documents and queries are never used to improve third-party models.

Is RelayLaunch SOC 2 compliant?

RelayLaunch is not SOC 2 certified today. We are scoping a lightweight control set around audit logging, encryption, access control, backups, and owner-approved AI operations before pursuing formal certification.

Can I export or delete my data from RelayLaunch?

Yes. You can request export or deletion of your business data. We support privacy requests and document the retention/deletion path before onboarding regulated or enterprise customers.

How RelayLaunch protects your data

Infrastructure

RelayLaunch is built with hardened cloud infrastructure patterns:

Cloudflare Workers: Edge compute with DDoS protection, WAF, and automatic TLS. Requests run in isolated per-request sandboxes on Cloudflare's edge network.
Supabase (Pro): PostgreSQL database with tenant-scoped access policies on application tables and provider-managed backup controls.
Vercel: Relay Deck console deployed with automatic HTTPS, preview deployments isolated by branch, and zero-downtime rollbacks.

Encryption

All data is encrypted in transit and at rest:

In transit: TLS 1.3 on every connection. HSTS headers enforced across all domains.
At rest: Provider-managed database encryption via Supabase/AWS infrastructure.
API keys: Service role keys are environment-scoped, never embedded in client bundles, and rotated on a regular cadence.

AI Safety & Deterministic Enforcement

Our safety model separates LLM analysis from dispatch execution, creating a redundant two-layer boundary:

Layer 1: NVIDIA NeMo Guardrails (Generation Layer): Safety filters run exclusively on the LLM/LiteLLM generation layer (port 8090). NeMo prevents prompt injection, sycophancy, and jailbreak attempts during daily brief drafting. NeMo advises and filters drafts, but does not control dispatch.
Layer 2: The 5 Dispatch Gates (Deterministic Execution Layer): All message dispatching is governed by five strict, code-enforced, non-LLM worker gates: pilot_lock, eval, consent, copy, and deliverability. Because these gates are written in deterministic TypeScript/Hono code, they are mathematically immune to prompt injection attacks and enforce absolute tenant isolation.
Auditable reasoning: Every AI recommendation includes a full reasoning trace: which models contributed, what they argued, and how the synthesis was reached.
No training on your data: We use seven commercial API providers (Anthropic, DeepSeek, xAI, Zhipu AI, MiniMax, Perplexity, Google) under terms that prohibit training on customer inputs. Optional local inference via Ollama is available for HIPAA-adjacent clients who require zero-egress. Your documents and queries are not used to improve third-party models.
Model isolation: AI analysis runs in tenant-scoped contexts with no persistent memory across sessions unless you enable it.
Disagreement preservation: Minority opinions are preserved in the audit trail, not discarded. You see what the AI disagreed on, not just the majority view.

Checking Guardrails...

Project Gaia

Daemon Endpoint 127.0.0.1:8090

Active Config unwired

Active Compliance Rails

Input Validation (Iron Rules) STANDBY

Founder Biography Guard STANDBY

PII Redaction Engine STANDBY

Topic Boundary Enforcement STANDBY

Glass Box vs. Black Box Security

Traditional AI assistants use a "Black Box" model—they send user inputs to a language model and trust the model's instructions to keep data secure. RelayLaunch uses a "Glass Box" security architecture. We enforce security policies at the code layer, ensuring that LLM generation cannot bypass operational guardrails.

Security Threat	Traditional "Black Box" AI	RelayLaunch "Glass Box"
Prompt Injection	Relies on instructing the AI model to "ignore malicious commands" in system prompts. Easily bypassed by jailbreaks.	Deterministic Filters: Version-pinned schemas and code-based sanitizers validate all payloads before the AI model ever processes them.
Tenant Data Isolation	Injects all tenant data into a single shared model context, risking cross-tenant data leaks and boundary violations.	Query-Level Isolation: Database Row Level Security (RLS) and server-enforced tenant context headers (`X-Relay-Tenant`) physically segregate data.
Unapproved Actions	Grants the AI model autonomous write permissions to dispatch emails or update external booking databases directly.	Owner-in-the-Loop: The deterministic Hono worker gates block any dispatch until the business owner clicks "Approve" in the Morning Brief.
Resource Exhaustion	Trusts LLM routing loops to manage budget constraints, leading to runaway costs and platform key drain.	Hard Budget Limits: Hard-coded rate limits and budget caps are enforced at the LiteLLM gateway, preventing platform key drain.

Access Control

Authentication: Supabase Auth with email/password and magic link support. Session tokens are short-lived with automatic refresh.
Tenant-scoped access: Application tables use tenant filters and service-side checks so customer data is only returned in the right tenant context.
Role-based access: Team plans support member, admin, and owner roles with scoped permissions.
Audit logging: Admin actions (data exports, deletions, configuration changes) are logged with timestamp, actor, and IP address.

Data Handling

Data residency: Primary database hosted in US-East (AWS). Cloudflare edge caching is read-only and contains no PII.
Retention: Active accounts retain all data. Deleted accounts are purged within 30 days. You can request immediate deletion at any time.
Backups: Provider-managed backups are part of the hosted database posture; enterprise retention and recovery windows are confirmed during onboarding.
No selling: We never sell, rent, or share your data with third parties for marketing or advertising purposes.

Compliance

SOC 2: Not certified today. Control scoping is in progress before a formal audit.
CCPA: Privacy request workflows are supported for access, deletion, and opt-out requests.
GDPR: Data processing and erasure requests are handled during onboarding and support.
HIPAA: Not yet certified. Healthcare clients should contact us to discuss requirements.

Vulnerability Reporting

Found a security issue? We take reports seriously. Email security@relaylaunch.com with details. We aim to acknowledge within 24 hours and will work with you on responsible disclosure.

Status & Uptime

Internal monitoring covers the website, Relay Deck console, Relay Pulse Workers, and the LiteLLM model gateway. Public incidents and recent platform changes are tracked on the status page and changelog as the public status process matures.

Our Commitment

RelayLaunch is founder-led. We build systems we trust with our own operations — because we do. Victor Medina uses Relay Deck to run RelayLaunch every day.

Questions about our security practices? Contact us at hello@relaylaunch.com.

Security & Trust