SOC2 Type II
Annual audit by an accredited firm. Latest report (May 2026) available via NDA from security@relyvflow.demo.
Security + compliance
Security is the product, not the marketing page.
We treat security incidents like P0 bugs and publish post-mortems within 14 days. Our latest report is available under NDA — email security@relyvflow.demo.
GDPR + UK GDPR
DPA pre-signed in your contract. EU + UK data residency available on Enterprise plans.
HIPAA
BAAs signed for healthcare customers. PHI segregated into a separate inference and storage tier.
ISO 27001
In progress — Stage 1 audit scheduled Aug 2026.
Customer-managed keys
BYOK via AWS KMS or GCP KMS. We never see your encryption keys; key revocation = data revocation, within minutes.
SSO + SCIM
SAML 2.0 via Okta, Google, Azure AD, OneLogin, JumpCloud. SCIM 2.0 for auto-provisioning.
Audit log streaming
Push every audit event to your SIEM (Splunk, Datadog, Panther) via Kafka or webhook within 60s.
Encryption
AES-256 at rest, TLS 1.3 in transit. Field-level encryption for tokens + secrets.
Bug bounty
Public program at bounties@relyvflow.demo — paid responsibly, no surprise NDAs, valid scope ranges $250 to $20k.
Vendor questionnaires + DDQs
We respond to SIG, CAIQ, and custom DDQs within 5 business days. Send to security@relyvflow.demo.