// Trust & Security Report

    RelayThat Inc. logo

    RelayThat Inc.

    RelayThat is a single-product design automation SaaS for turning brand guidelines into consistent marketing images, display ads, and social graphics (one-click resize, headline generator, brand asset library). No separate consumer/enterprise product lines; tiers (Pro, Pro+, Enterprise) differ by seats and collaboration/white-label features, not by security posture.

    Certifications held

    0

    Maturity

    Startup

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 9 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    no public evidence - no trust center, security page, or SOC 2 mention found on relaythat.com; privacy policy and terms of service do not reference SOC 2

    source: relaythat.com
    ISO 27001
    NOT CONFIRMED

    no public evidence - no ISO 27001 mention found on relaythat.com privacy policy, terms of service, or homepage

    source: relaythat.com
    HIPAA
    NOT CONFIRMED

    no public evidence - no HIPAA mention found anywhere on relaythat.com; product is a marketing image design tool, not positioned for regulated health data

    source: relaythat.com
    PCI DSS
    NOT CONFIRMED

    no public evidence - payment processing is referenced generically ("payment processors") in the privacy policy but no PCI DSS attestation is made by RelayThat itself

    source: relaythat.com
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    no public evidence - not mentioned on relaythat.com

    source: relaythat.com
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    no public evidence - not mentioned on relaythat.com; no AI-governance-specific disclosures found

    source: relaythat.com
    CSA STAR
    NOT CONFIRMED

    no public evidence - not mentioned on relaythat.com

    source: relaythat.com
    FedRAMP
    NOT CONFIRMED

    no public evidence - not applicable/mentioned; RelayThat is a consumer/SMB marketing tool with no government cloud offering referenced

    source: relaythat.com
    GDPR (posture)
    NOT CONFIRMED

    Privacy policy references international/EEA data transfers using standard contractual clauses but does not make an explicit formal GDPR-compliance certification claim; treated as a documented posture, not a certification.

    source: relaythat.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    United States primarily, with data "stored and processed in United States, or where we or our partners, affiliates and third-party providers maintain facilities" (no specific data center/region named); EEA transfers referenced generically via standard contractual clauses.

    No statement found on relaythat.com privacy policy, terms of service, or homepage regarding whether user-uploaded brand assets/images are used to train AI or machine-learning models. No opt-out mechanism is documented. Treated as unknown rather than assumed either way.

    // Security controls

    Encryption in transit

    Not documented. Privacy policy only states "no method of electronic transmission or storage is 100% secure" with no specifics on TLS or encryption protocols.

    relaythat.com

    Encryption at rest

    Not documented on relaythat.com.

    relaythat.com

    SSO / enterprise auth

    Enterprise tier lists "Branded Sign-In Pages" as a feature; no detail on SSO/SAML protocol support is published.

    relaythat.com

    Subprocessors

    Privacy policy references disclosure to IT providers, data storage hosts, analytics providers, payment processors, and ad networks in general terms; no maintained subprocessor list is published.

    relaythat.com

    Security/trust page

    No dedicated /security or /trust page exists on relaythat.com (returns 404); no SafeBase, Vanta, Drata, or similar trust-center integration found.

    relaythat.com

    // Products & data scope

    RelayThat ProDesign automation (individual/small team)

    data: Uploaded brand assets, images, fonts, color palettes, generated marketing creatives

    Single-user or small-team plan; unlimited image downloads, single workspace-level features.

    RelayThat Pro+Design automation (small team)

    data: Same as Pro plus shared team access for 2 users

    Adds basic team collaboration on top of Pro.

    RelayThat EnterpriseDesign automation (agency/large team)

    data: Same brand asset/image data plus data integration features and white-label output

    Adds branded sign-in pages, large team collaboration, data integration, and white-label options; no distinct security certifications documented for this tier versus lower tiers.

    // What to watch

    • No trust center, security page, or third-party audit evidence found anywhere on relaythat.com; all certification fields graded held=false on absence of evidence, not on a confirmed negative statement from the vendor.
    • Web search for 'RelayThat trust center SOC 2' returned results for an unrelated company ('Relay' / relaypro.com, a business communication device maker with its own SOC 2 + HIPAA Type 2 and ISO 27001 certifications) and for 'Global Relay' (a financial compliance messaging company) - these are DIFFERENT companies from RelayThat Inc. (relaythat.com, design automation for marketing images) and their certifications must not be attributed to RelayThat. Flagging explicitly to prevent future identity conflation.
    • AI-training posture on user-uploaded creative assets is undocumented (neither confirmed nor denied) - worth a direct vendor inquiry before any AI-governance claim is made in a listing.
    • No DPA (Data Processing Agreement) template or Enterprise SSO/SAML protocol detail is publicly documented, which matters for any enterprise/agency buyer evaluating this tier.

    // At a glance

    Pricing model

    Per-seat subscription (Pro $15/mo, Pro+ $25/mo for 2 users, Enterprise custom pricing)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on RelayThat Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    relaythat.com

    > Browse all vendor trust reports