// Trust & Security Report
RelayThat Inc.
RelayThat is a single-product design automation SaaS for turning brand guidelines into consistent marketing images, display ads, and social graphics (one-click resize, headline generator, brand asset library). No separate consumer/enterprise product lines; tiers (Pro, Pro+, Enterprise) differ by seats and collaboration/white-label features, not by security posture.
Certifications held
0
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 9 unconfirmed / not-held certifications
source: relaythat.comno public evidence - no trust center, security page, or SOC 2 mention found on relaythat.com; privacy policy and terms of service do not reference SOC 2
source: relaythat.comno public evidence - no ISO 27001 mention found on relaythat.com privacy policy, terms of service, or homepage
source: relaythat.comno public evidence - no HIPAA mention found anywhere on relaythat.com; product is a marketing image design tool, not positioned for regulated health data
source: relaythat.comno public evidence - payment processing is referenced generically ("payment processors") in the privacy policy but no PCI DSS attestation is made by RelayThat itself
source: relaythat.comno public evidence - not mentioned on relaythat.com
source: relaythat.comno public evidence - not mentioned on relaythat.com; no AI-governance-specific disclosures found
source: relaythat.comno public evidence - not applicable/mentioned; RelayThat is a consumer/SMB marketing tool with no government cloud offering referenced
source: relaythat.comPrivacy policy references international/EEA data transfers using standard contractual clauses but does not make an explicit formal GDPR-compliance certification claim; treated as a documented posture, not a certification.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
United States primarily, with data "stored and processed in United States, or where we or our partners, affiliates and third-party providers maintain facilities" (no specific data center/region named); EEA transfers referenced generically via standard contractual clauses.
No statement found on relaythat.com privacy policy, terms of service, or homepage regarding whether user-uploaded brand assets/images are used to train AI or machine-learning models. No opt-out mechanism is documented. Treated as unknown rather than assumed either way.
// Security controls
Encryption in transit
Not documented. Privacy policy only states "no method of electronic transmission or storage is 100% secure" with no specifics on TLS or encryption protocols.
relaythat.comSSO / enterprise auth
Enterprise tier lists "Branded Sign-In Pages" as a feature; no detail on SSO/SAML protocol support is published.
relaythat.comSubprocessors
Privacy policy references disclosure to IT providers, data storage hosts, analytics providers, payment processors, and ad networks in general terms; no maintained subprocessor list is published.
relaythat.comSecurity/trust page
No dedicated /security or /trust page exists on relaythat.com (returns 404); no SafeBase, Vanta, Drata, or similar trust-center integration found.
relaythat.com// Products & data scope
data: Uploaded brand assets, images, fonts, color palettes, generated marketing creatives
Single-user or small-team plan; unlimited image downloads, single workspace-level features.
data: Same as Pro plus shared team access for 2 users
Adds basic team collaboration on top of Pro.
data: Same brand asset/image data plus data integration features and white-label output
Adds branded sign-in pages, large team collaboration, data integration, and white-label options; no distinct security certifications documented for this tier versus lower tiers.
// What to watch
- No trust center, security page, or third-party audit evidence found anywhere on relaythat.com; all certification fields graded held=false on absence of evidence, not on a confirmed negative statement from the vendor.
- Web search for 'RelayThat trust center SOC 2' returned results for an unrelated company ('Relay' / relaypro.com, a business communication device maker with its own SOC 2 + HIPAA Type 2 and ISO 27001 certifications) and for 'Global Relay' (a financial compliance messaging company) - these are DIFFERENT companies from RelayThat Inc. (relaythat.com, design automation for marketing images) and their certifications must not be attributed to RelayThat. Flagging explicitly to prevent future identity conflation.
- AI-training posture on user-uploaded creative assets is undocumented (neither confirmed nor denied) - worth a direct vendor inquiry before any AI-governance claim is made in a listing.
- No DPA (Data Processing Agreement) template or Enterprise SSO/SAML protocol detail is publicly documented, which matters for any enterprise/agency buyer evaluating this tier.
// At a glance
Pricing model
Per-seat subscription (Pro $15/mo, Pro+ $25/mo for 2 users, Enterprise custom pricing)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on RelayThat Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
relaythat.com