Skip to main content
TrustRelay
Book a demo

Enterprise-Grade Security & Compliance

TrustRelay protects sensitive financial data with defense-in-depth controls, immutable audit trails, and a transparent compliance roadmap — built for enterprise procurement and due diligence review.

Book a Demo

Compliance Framework

Specific, verifiable claims — not marketing language. Every item below reflects the current state of TrustRelay's security posture.

SOC 2 Type II
TargetSOC 2 Type II audit in progress — target completion Q3 2026. Security policies, access controls, and audit logging infrastructure are deployed and under continuous review.
Data Encryption
AES-256 encryption at rest, TLS 1.3 in transit. Encryption keys managed via AWS KMS with automated rotation. Sensitive fields (bank account details) use field-level encryption.
Access Control
Role-based access control (RBAC) with Auth0 integration. Short-lived JWT tokens, scoped API permissions, and least-privilege enforcement across all services.
Audit Trail
Immutable audit logs for every data access and modification. Evidence Vault captures tamper-evident, timestamped records of decisions, policy changes, and payout events.
BAA Availability
Signed Business Associate Agreements (BAAs) available upon request for customers handling protected health information or requiring contractual security commitments.

Security Architecture

TrustRelay is built on AWS with multiple layers of isolation between users, services, and data stores.

Infrastructure Isolation

AWS VPC with private subnets for all services. Aurora PostgreSQL databases are not publicly accessible. All inter-service traffic stays within the VPC.

No Direct Database Access

Frontend clients never connect to databases. All data access flows through authenticated API endpoints with request validation and rate limiting.

JWT/JWKS Authentication

Every API call is authenticated via JSON Web Tokens verified against Auth0 JWKS endpoints. Tokens are short-lived with scoped permissions per service.

Evidence Vault

Immutable evidence snapshots capture the state of every decision. Snapshots are cryptographically sealed and retained for compliance and forensic review.

Data Handling

Data Residency

US-based data centers (AWS us-east-1).

Data Retention

Configurable per-tenant retention policies.

Data Isolation

Tenant-level data isolation at database layer.

Ready to Review Our Security Documentation?

Request SOC 2 readiness reports, security questionnaire responses, or schedule a walkthrough with our security team.

Book a DemoDownload Security QuestionnaireContact Our Security Team