Security
Your data. Your infrastructure. No exceptions.
RelayData is built from the ground up for regulated industries. Every component runs entirely within your environment — no data ever leaves your infrastructure, no exceptions.
Data Sovereignty
Self-hosted. Your data, your infrastructure.
RelayData runs entirely on your servers. The entire application — AI intelligence layer, database, and orchestration engine — runs within your environment. No component phones home.
No SaaS component.
Unlike Fivetran, Weld, or Airbyte Cloud, RelayData does not send your data to third-party cloud platforms for processing or storage. Everything runs in your environment.
No telemetry or phone-home.
RelayData does not transmit usage metrics, error logs, or data flow activity to RelayData servers. Version update checks can be disabled if required.
Designed for regulated industries.
The architecture is compliant by design with GDPR, HIPAA, SOX, and data residency requirements — not through bolt-on configuration, but through how the product is built.
GDPR and Data Residency
Because all data processing happens in your own infrastructure, RelayData is GDPR-compatible by design. You retain full control over data location, retention, and processing.
Encryption
Encrypted at every layer.
From credentials at rest to data in transit, RelayData applies encryption consistently across all storage and communication paths.
At Rest — AES-256
All stored credentials — database passwords, API keys, tokens, and connection secrets — are encrypted at rest using AES-256 encryption (bank-grade). This is NIST-approved and suitable for protecting sensitive data. Key rotation is supported.
In Transit — TLS 1.2+
All communication between clients and RelayData, and between RelayData and external systems, uses TLS 1.2 or higher. HTTP is disabled in production deployments.
Sessions — Signed Cookies
Session authentication uses secure session management, which creates cryptographically signed and encrypted session cookies. Cookies are protected from script access and encrypted in transit. Session secrets are server-side only and never transmitted to clients.
Database SSL
When connecting to external databases, RelayData supports full certificate verification, hostname verification, and custom security certificates for your organisation when using an internal certificate authority.
Authentication & Access Control
Role-based access for every team.
Multi-User Role-Based Permissions
| Role | Permissions |
|---|---|
| Admin | Full access — create, modify, and delete data flows; manage users; configure settings and integrations |
| Editor | Create and edit data flows; trigger runs; view audit logs. Cannot manage users or system settings |
| Viewer | Read-only access — view data flows, runs, and logs. Cannot make changes |
API Keys with Scoped Permissions
Programmatic access via API keys with fine-grained scopes and optional expiry dates. Create separate keys per application to limit blast radius if a key is compromised.
Single Sign-On with Automatic Account Creation
Integrate with your identity provider using OpenID Connect — works with Okta, Azure AD, Google Workspace, Ping Identity, or any compatible provider. Accounts are automatically created on first login.
Configure single sign-on in Settings > Authentication
Users authenticate via your identity provider (Okta, Azure AD, Ping Identity, etc.)
Accounts are automatically created on first login with the appropriate role
Session tokens are validated on every request
Self-Service Password Reset
Users reset their own passwords via email. Reset tokens are designed to prevent account takeover even if email is intercepted.
Cryptographically secure tokens
Single-use only — invalidated after successful reset
Valid for 1 hour from issuance
Users self-serve via email — no admin intervention needed
Rate Limiting
Protection against abuse at every endpoint.
All API endpoints are rate-limited to prevent abuse, brute-force attacks, and denial-of-service. The default limit is 10 requests per 15-minute window per API key, with distributed rate limiting across multiple servers. High-risk endpoints apply stricter controls.
Login endpoint
Limits password guessing and brute-force attacks
Password reset
Prevents email flooding and account takeover attempts
API key creation
Prevents key farming and unauthorized access escalation
AI endpoints
Rate-limited by AI model limits and cost protection policies
Security Headers
Standard HTTP security headers, out of the box.
RelayData sends HTTP security headers on every response to prevent common web-layer attacks — no configuration required.
| Protection | Purpose |
|---|---|
| Script injection prevention | Prevents script injection and code injection attacks |
| Clickjacking prevention | Prevents attackers from overlaying invisible frames to hijack clicks |
| File type verification | Prevents file type spoofing attacks |
Audit Logging
Every administrative action, permanently recorded.
All administrative actions are logged with full user attribution. The audit log is searchable, filterable, and exportable for compliance reporting.
Actions tracked
User management — invite, deactivate, role changes
Integration management — create, test, update, delete
Data flow management and trigger actions
API key generation and deletion
Settings changes — authentication, security, rate limiting
Every entry includes
Timestamp (ISO 8601, UTC)
User who performed the action (email and user ID)
Action type — created, updated, deleted, etc.
Entity type and ID
Change details — what was modified
Searchable and exportable
Filter the audit log by:
Date range
User
Action type
Entity type
Export to CSV or JSON for external compliance systems or long-term archival.
Personal Data Detection & Masking
Built-in Personally Identifiable Information (PII) detection that runs with every data flow.
RelayData scans data during each data flow run and flags sensitive personal data automatically. Configure handling per data flow — no third-party data loss prevention tool required.
Detected automatically
Social Security Numbers (SSN)
Email addresses
Phone numbers
Credit card numbers
Passport and driver's license numbers
Handling options per data flow
Highlighted in data quality reports for review — no automatic action taken
Automatically obscured in destination systems (e.g., email becomes u***@example.com)
Not written to the destination at all — the personal data field is dropped before the write
Infrastructure Security
Infrastructure hardening, included in the security configuration.
The RelayData security configuration ships with security best practices enabled by default. No post-install hardening needed.
Runs with limited permissions
Application instances run without administrative privileges by default.
Core system files cannot be modified
The application instance filesystem is read-only except for designated temporary and log directories.
Elevated permissions removed
All elevated operating system permissions are removed to prevent privilege escalation.
System call filtering
Programs are restricted to only the system operations they need.
Network Firewall Rules
Network firewall rules restrict all traffic to and from RelayData application instances. Inbound access is allowed only from specified sources. Outbound access is permitted only to necessary services — database and external APIs.
Always-On Availability Guarantee
An always-on availability guarantee ensures at least one application instance is running at all times, protecting against disruptions such as planned maintenance and infrastructure upgrades.
Reporting Database Isolation
Complete database separation.
The reporting database runs in a completely separate process from the application database. This provides complete database separation — significantly stronger than table-level separation within a single shared instance.
Resource isolation.
A heavy reporting query cannot consume CPU, memory, or I/O bandwidth needed by the data flow engine. Each database has its own process, connection pool, and resource limits.
Credential isolation.
A read-only user account exists only on the reporting database. Data flow configurations, encrypted credentials, and user accounts are stored in a completely separate database.
Connection limits.
The reporting read-only user account is limited to 10 concurrent connections with a 30-second query timeout and controlled memory allocation, preventing resource abuse from reporting tools.
Failure isolation.
If the reporting database crashes or is restarted, data flow operations continue unaffected on the application database, and vice versa.
Compliance
Designed to meet the requirements of regulated industries.
Compliance is built into the architecture — not bolted on. For certifications such as SOC 2 (security audit certification) and ISO 27001 (international security standard), contact your sales representative.
By-design compliance through running on your servers and data residency control. No data leaves your infrastructure.
Suitable for healthcare organizations. A Business Associate Agreement (BAA) is available for enterprise deployments.
Audit logging and access controls support SOX compliance requirements for financial data governance.
Deploy in your country or region. Data never leaves your infrastructure regardless of where RelayData servers are located.
Responsible Disclosure
Found a vulnerability? Report it responsibly.
We treat all security reports seriously and will acknowledge receipt within 24 hours. Please do not post vulnerabilities publicly until a patch has been released.
Regulatory alignment
Regulatory alignment by architecture, not by contract.
RelayData's architecture — installed on your servers, no data leaving your environment — provides structural compliance advantages that cloud tools cannot match. This isn't a feature toggle, it's the architecture.
GDPR
RelayData does not constitute a data processor under GDPR for your data. All data remains within your infrastructure and jurisdiction. No Article 28 data processing agreement is needed because we never process your data — the software runs on your machines, under your control.
NIS2 (Network and Information Security Directive 2)
NIS2 requires organisations in essential and important sectors — healthcare, energy, transport, banking, manufacturing — to manage cybersecurity risks in their supply chain (Article 21). Every SaaS tool that processes your data is a third-party dependency you must assess, document, and monitor.
No third-party data processor. Your data integration runs on your infrastructure. No external service processing your data.
Source-available code. Your security team can audit the codebase — including the AI boundary, credential handling, and data flow paths.
Incident isolation. A vendor breach doesn't affect your data because your data was never in the vendor's infrastructure.
Air-gapped option. For the most sensitive environments, run with zero internet connectivity using local AI models.
DORA (Digital Operational Resilience Act)
For financial entities subject to DORA, RelayData's architecture reduces ICT third-party concentration risk (Article 28). Your data integration is software you operate, not a critical third-party service provider you depend on.
EU AI Act
RelayData's AI use cases — automatic field matching, error diagnosis, change classification — are infrastructure operations, not decisions about individuals. These fall under the AI Act's low-risk category. No registration, no conformity assessment required.
Ready to deploy with confidence?
Start with the free Community tier. Runs on your servers from day one. No credit card, no registration, no license key required.