// Trust & Security Report

    Tray.ai, Inc. (formerly Tray.io, Inc.) logo

    Tray.ai, Inc. (formerly Tray.io, Inc.)

    Enterprise integration/automation and AI-orchestration platform: Intelligent iPaaS (700+ connectors), Merlin Agent Builder (no-code AI agents), Agent Gateway for MCP (governed MCP tool calls), and Tray Headless (code-first automation for AI IDEs like Claude Code/Codex).

    Certifications held

    6

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Badges: SOC 2 Type II. "This achievement complements our existing SOC 2 Type 2 certification, reinforcing our dedication to security, compliance, and operational excellence..."

    Verify on trust.tray.ai
    SOC 1 Type II
    HELD

    "We're pleased to announce that we have successfully completed our SOC 1 Type 2 examination, conducted by Schellman & Company, LLC... The examination covered the period from August 1, 2024, to July 31, 2025."

    Verify on trust.tray.ai
    GDPR (compliance posture)
    HELD

    Badge: GDPR. "Tray complies with GDPR, CCPA, and HIPAA"; provides "a standard DPA and maintains a current sub-processor list."

    Verify on trust.tray.ai
    HIPAA
    HELD

    Badge: HIPAA. "Tray is compliant in the role as a Business Associate with the HIPAA Security Rule and the HITECH Breach Notification Requirement and has independent audits to verify this."

    Verify on tray.ai
    CCPA
    HELD

    Badge: CCPA, alongside "Tray complies with GDPR, CCPA, and HIPAA."

    Verify on trust.tray.ai
    EU-US / Swiss-US / UK-US Data Privacy Framework (DPF)
    HELD

    Badges: EU-US DPF, Swiss-US DPF, UK-US DPF.

    Verify on trust.tray.ai
    > Show 6 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    Not a Tray.ai certification. The security statement states "Data centers shall be certified against ISO 27001, ISO 27017, and ISO 27018" attributing this to the underlying AWS data-center partner, not to Tray.ai itself. No ISO 27001 badge appears on Tray.ai's own Trust Center.

    source: tray.ai
    ISO 27017 / ISO 27018
    NOT CONFIRMED

    Same as ISO 27001: attributed to AWS data-center infrastructure ("data centers shall be certified against ISO 27001, ISO 27017, and ISO 27018"), not a Tray.ai corporate certification.

    source: tray.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence. PCI DSS is not listed among the Trust Center's 7 badges (SOC 2 Type II, GDPR, HIPAA, CCPA, EU-US DPF, Swiss-US DPF, UK-US DPF) and is not mentioned in the security statement.

    source: trust.tray.ai
    ISO/IEC 42001 (AI management systems)
    NOT CONFIRMED

    No public evidence. Not referenced on the Trust Center, security statement, or AI-governance marketing pages as of verification date.

    source: trust.tray.ai
    CSA STAR / CSA STAR for AI
    NOT CONFIRMED

    No public evidence found on Tray.ai's own domains.

    source: trust.tray.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence found on Tray.ai's own domains.

    source: trust.tray.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Customer-selectable hosting: US (West Coast, default), EU (Ireland), and APAC (Australia), all on AWS infrastructure.

    Merlin AI (native AI connectors/Agent Builder): inputs/outputs stored only in the customer's own workflow logs and not used beyond providing the service. Foundation models are hosted on AWS Bedrock (Anthropic, Amazon); Tray states AWS Bedrock 'does not store or use customer data to train models.' Workflow Summaries and Merlin Chat/Build features may use retained or fully anonymized outputs to 'personalize and improve the customer experience' -- this is limited product-improvement use on anonymized/session data, not model training on raw customer data, and admins can disable these Merlin AI features entirely. Third-party sub-processor OpenAI is opt-in only, and per Tray's subprocessor list 'OpenAI will not be allowed to use customer data for its own training purposes.' No free/enterprise tier distinction on this policy was found in available documentation.

    // Security controls

    Encryption in transit and at rest

    All data encrypted at rest and in transit using NIST-approved standards (e.g., SSH, TLS); additional safeguards applied to stored credentials.

    tray.ai

    Authentication

    Enforces single sign-on (SSO) and phishing-resistant two-factor authentication (2FA).

    tray.ai

    Penetration testing

    Annual third-party penetration tests conducted; also runs a public bug bounty program.

    tray.ai

    Audit logging

    Every platform action is logged; customers can stream logs to their own systems.

    tray.ai

    Backup and disaster recovery

    Daily backups stored in separate geographic locations; Recovery Time Objective (RTO) of 14 hours, Recovery Point Objective (RPO) of 24 hours.

    tray.ai

    Employee offboarding

    Access revoked within 24 hours of employee termination.

    tray.ai

    Multi-tenant isolation

    Multi-tenant architecture with logical segregation between customers.

    tray.ai

    // Products & data scope

    Intelligent iPaaSIntegration platform as a service

    data: Full access to connected third-party app data and credentials via 700+ connectors, processed under the same platform-wide security/compliance program.

    Core legacy Tray.io product line; primary subject of the SOC 1/SOC 2/HIPAA/GDPR scope described in the Trust Center.

    Merlin Agent BuilderNo-code AI agent builder

    data: Workflow, connector, and conversational data used to build/run agents; inputs/outputs stored in customer workflow logs.

    Uses AWS Bedrock-hosted foundation models (Anthropic, Amazon); admin-controlled opt-out available; no separate certification scope disclosed from the core platform.

    Agent Gateway for MCPMCP governance / gateway

    data: Mediates and audits MCP tool calls and connector access for AI agents (RBAC, audit trail, instrumentation).

    Marketed as an AI-governance layer; no distinct compliance certification found beyond the shared Tray.ai Trust Center scope.

    Tray HeadlessCode-first automation for AI IDEs

    data: Workflow definitions authored via API/CLI from tools like Claude Code and Codex.

    Newly announced (2026) developer-facing product; no separate compliance documentation found, assumed to share the platform Trust Center scope.

    // What to watch

    • Host-vs-vendor cert ambiguity: Tray.ai's own security statement discusses AWS data-center ISO 27001/27017/27018 certification in the same document as Tray's own SOC/HIPAA compliance; a careless reader could mistake the AWS ISO certs for Tray.ai's own. Verified these ISO certs are NOT held by Tray.ai itself -- graded held=false.
    • Vendor rebranded from Tray.io to Tray.ai (legal entity now 'Tray.ai, Inc.', per its Master Subscription Agreement) in connection with the Dec 2024 Merlin product launch; identity for slug 'tray-io' confirmed as continuous with the current tray.ai entity, not a different/similarly-named company.

    // At a glance

    Pricing model

    Sales-led / custom enterprise quote ("Book a demo"); no public self-serve pricing tiers found on current site.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Tray.ai, Inc. (formerly Tray.io, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.tray.ai

    > Browse all vendor trust reports