// Trust & Security Report
Tray.ai, Inc. (formerly Tray.io, Inc.)
Enterprise integration/automation and AI-orchestration platform: Intelligent iPaaS (700+ connectors), Merlin Agent Builder (no-code AI agents), Agent Gateway for MCP (governed MCP tool calls), and Tray Headless (code-first automation for AI IDEs like Claude Code/Codex).
Certifications held
6
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.tray.ai“Badges: SOC 2 Type II. "This achievement complements our existing SOC 2 Type 2 certification, reinforcing our dedication to security, compliance, and operational excellence..."”
Verify on trust.tray.ai“"We're pleased to announce that we have successfully completed our SOC 1 Type 2 examination, conducted by Schellman & Company, LLC... The examination covered the period from August 1, 2024, to July 31, 2025."”
Verify on trust.tray.ai“Badge: GDPR. "Tray complies with GDPR, CCPA, and HIPAA"; provides "a standard DPA and maintains a current sub-processor list."”
Verify on tray.ai“Badge: HIPAA. "Tray is compliant in the role as a Business Associate with the HIPAA Security Rule and the HITECH Breach Notification Requirement and has independent audits to verify this."”
Verify on trust.tray.ai“Badges: EU-US DPF, Swiss-US DPF, UK-US DPF.”
> Show 6 unconfirmed / not-held certifications
source: tray.aiNot a Tray.ai certification. The security statement states "Data centers shall be certified against ISO 27001, ISO 27017, and ISO 27018" attributing this to the underlying AWS data-center partner, not to Tray.ai itself. No ISO 27001 badge appears on Tray.ai's own Trust Center.
source: tray.aiSame as ISO 27001: attributed to AWS data-center infrastructure ("data centers shall be certified against ISO 27001, ISO 27017, and ISO 27018"), not a Tray.ai corporate certification.
source: trust.tray.aiNo public evidence. PCI DSS is not listed among the Trust Center's 7 badges (SOC 2 Type II, GDPR, HIPAA, CCPA, EU-US DPF, Swiss-US DPF, UK-US DPF) and is not mentioned in the security statement.
source: trust.tray.aiNo public evidence. Not referenced on the Trust Center, security statement, or AI-governance marketing pages as of verification date.
source: trust.tray.aiNo public evidence found on Tray.ai's own domains.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Customer-selectable hosting: US (West Coast, default), EU (Ireland), and APAC (Australia), all on AWS infrastructure.
Merlin AI (native AI connectors/Agent Builder): inputs/outputs stored only in the customer's own workflow logs and not used beyond providing the service. Foundation models are hosted on AWS Bedrock (Anthropic, Amazon); Tray states AWS Bedrock 'does not store or use customer data to train models.' Workflow Summaries and Merlin Chat/Build features may use retained or fully anonymized outputs to 'personalize and improve the customer experience' -- this is limited product-improvement use on anonymized/session data, not model training on raw customer data, and admins can disable these Merlin AI features entirely. Third-party sub-processor OpenAI is opt-in only, and per Tray's subprocessor list 'OpenAI will not be allowed to use customer data for its own training purposes.' No free/enterprise tier distinction on this policy was found in available documentation.
// Security controls
Encryption in transit and at rest
All data encrypted at rest and in transit using NIST-approved standards (e.g., SSH, TLS); additional safeguards applied to stored credentials.
tray.aiAuthentication
Enforces single sign-on (SSO) and phishing-resistant two-factor authentication (2FA).
tray.aiPenetration testing
Annual third-party penetration tests conducted; also runs a public bug bounty program.
tray.aiAudit logging
Every platform action is logged; customers can stream logs to their own systems.
tray.aiBackup and disaster recovery
Daily backups stored in separate geographic locations; Recovery Time Objective (RTO) of 14 hours, Recovery Point Objective (RPO) of 24 hours.
tray.ai// Products & data scope
data: Full access to connected third-party app data and credentials via 700+ connectors, processed under the same platform-wide security/compliance program.
Core legacy Tray.io product line; primary subject of the SOC 1/SOC 2/HIPAA/GDPR scope described in the Trust Center.
data: Workflow, connector, and conversational data used to build/run agents; inputs/outputs stored in customer workflow logs.
Uses AWS Bedrock-hosted foundation models (Anthropic, Amazon); admin-controlled opt-out available; no separate certification scope disclosed from the core platform.
data: Mediates and audits MCP tool calls and connector access for AI agents (RBAC, audit trail, instrumentation).
Marketed as an AI-governance layer; no distinct compliance certification found beyond the shared Tray.ai Trust Center scope.
data: Workflow definitions authored via API/CLI from tools like Claude Code and Codex.
Newly announced (2026) developer-facing product; no separate compliance documentation found, assumed to share the platform Trust Center scope.
// What to watch
- Host-vs-vendor cert ambiguity: Tray.ai's own security statement discusses AWS data-center ISO 27001/27017/27018 certification in the same document as Tray's own SOC/HIPAA compliance; a careless reader could mistake the AWS ISO certs for Tray.ai's own. Verified these ISO certs are NOT held by Tray.ai itself -- graded held=false.
- Vendor rebranded from Tray.io to Tray.ai (legal entity now 'Tray.ai, Inc.', per its Master Subscription Agreement) in connection with the Dec 2024 Merlin product launch; identity for slug 'tray-io' confirmed as continuous with the current tray.ai entity, not a different/similarly-named company.
// At a glance
Pricing model
Sales-led / custom enterprise quote ("Book a demo"); no public self-serve pricing tiers found on current site.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Tray.ai, Inc. (formerly Tray.io, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.tray.ai