Security & Privacy at Relay

Security is always top of mind for everything we've built and everything we will build -- We want our clients to feel confident entrusting their data with Relay.

Our policies are based on the following foundational principles:

  • Your company’s data is your company’s data - we will never collect or use your data beyond the scope of the project
  • We adhere to the Principle of Least Privilege (PoLP) This principle ensures that users are given only the minimum level of access necessary to perform their tasks and nothing more.
  • We conduct regular security audits and vulnerability assessments to ensure our systems are secure and up-to-date with the latest security standards.
  • We use industry-standard encryption protocols to protect your data in transit and at rest.

Data Protection

Our approach to data security includes the encryption of all sensitive data, whether in transit or at rest, using robust and industry-recognized algorithms. We conduct regular reviews of our encryption algorithms to ensure their compliance with the Advanced Encryption Standard, maintaining a high level of protection.

The generation, storage, and management of encryption keys are carried out in a manner that prioritizes security, aiming to prevent any potential loss, theft, or compromise of these keys. This helps safeguard the integrity and confidentiality of the encrypted data.

To strengthen the overall security posture, we enforce a strict password policy. This policy requires all passwords to be complex, different from the system default, and unique, reducing the risk of unauthorized access. By regularly updating passwords, we ensure ongoing protection against potential breaches.

In line with the principle of least privilege, we follow a controlled access approach for our systems and applications. Only authorized Scratchpad employees, who require access to fulfill their job responsibilities, have the privilege to access your account and data. We conduct regular audits of access permissions to ensure that the number of individuals with access to your data is kept to a minimum, further enhancing security and reducing potential risks.

By implementing these security measures, we strive to maintain the confidentiality, integrity, and availability of your data, while actively minimizing the likelihood of unauthorized access or data breaches.

Reporting Security Concerns

Data security is a top priority for Relay, and we believe that working with skilled security researchers can identify weaknesses in our technology. If you believe you’ve found a security vulnerability in Relay’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy

  • If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at
  • Please provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within seven business days of disclosure.
  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading Relay’s services. Please only interact with accounts you own or for which you have explicit permission from the account holder.


Relay is providing this service to help ensure a safe and secure environment for all of its users. As such, any users believed to be engaging in the below activities will have their user credentials immediately deactivated.

While researching, we’d like you to refrain from:

  • Denial-of-Service (DoS)
  • Spamming
  • Social engineering or phishing of Relay employees or contractors

Thank you for helping to keep Relay and our users safe!