11 — Security
Built with security in mind.
Owned by you.
Security isn't only about encryption. It's also about knowing where your data lives, who controls it, and who has access to it.
With Relay, your infrastructure remains under your ownership.
01 — Foundation
Security starts with
ownership.
Traditional cloud software stores your business on someone else's infrastructure.
With Relay, everything stays inside your own environment — the code you own, the server you rent, the database you back up.
Everything stays under your control.
Architecture / Yours
v.own
Business
Your server
Relay
Database
Meta
AI provider
02 — By design
Security
by design.
Role-based access control
Granular permissions for every team member.
JWT authentication
Secure authentication with token-based access.
Workspace isolation
Every workspace operates independently.
HTTPS ready
Deploy behind SSL using Nginx or your preferred reverse proxy.
Environment variables
Sensitive credentials remain outside source code.
Official Meta authentication
Uses your own Meta Business credentials.
Bring your own AI
AI API keys remain yours, on your server only.
Secure REST APIs
Protected endpoints with authentication and scoping.
03 — Your infrastructure
Your business.
Your infrastructure.
- 01Customer databaseYours
- 02Meta Business accountYours
- 03WhatsApp numberYours
- 04AI API keysYours
- 05BackupsYours
- 06ServerYours
- 07DeploymentYours
- 08BrandYours
- 09Source codeYours
04 — What we never control
What we
never control.
We don't host your database.
We don't own your Meta Business.
We don't access your AI provider.
We don't store your conversations.
We don't control your deployment.
We don't decide your infrastructure.
05 — Deployment flexibility
Deploy on your
preferred infrastructure.
Relay runs on standard Node.js and Postgres. If it runs Linux, it runs Relay. You're never locked into a single hosting provider.
06 — Engineering practices
Engineering
best practices.
Environment configuration
Secure secret management
Role-based permissions
Separate workspaces
API authentication
Deployment documentation
Logging
Future security improvements
07 — Customer responsibilities
Because Relay is self-hosted,
you own a few things too.
Our engineering team is available if you'd like assistance during initial setup, hardening, or ongoing operations.
Server security
Firewalls, SSH hardening, and access rules for the hosts you run Relay on.
Backups
Regular Postgres dumps and object-storage snapshots on a cadence you choose.
SSL certificates
Renewals via Let's Encrypt, your CA, or your load balancer.
Operating system updates
Kernel and package updates on your servers.
Infrastructure monitoring
Uptime, resource, and log monitoring for the platform you own.
08 — Security FAQ
Questions,
answered plainly.
Q.01Does Relay store my customer data?+
No. Every conversation, contact, deal, and note lives inside the Postgres database on your own server. Relay operates no shared cloud storage for customer data.
Q.02Can Relay access my conversations?+
No. Your Relay installation runs entirely inside your infrastructure. Our team has no default access to your database, your inbox, or your logs.
Q.03Who owns the database?+
You do. The database is provisioned under your credentials on the server you choose. All schemas, tables, and backups belong to your organization.
Q.04Can I deploy inside my company network?+
Yes. Relay runs on a VPS, a dedicated server, a private VPC, or a machine behind your corporate firewall. Nothing about the platform requires public inbound access beyond what your reverse proxy allows.
Q.05Can I change hosting providers later?+
Yes. Relay is standard Node.js and Postgres. Migration between providers is a database dump and an environment file — no proprietary lock-in.
Q.06Do I own my Meta Business account?+
Yes. Your Meta Business account, WhatsApp phone number, and templates stay entirely under your Business Manager. Relay uses your credentials via the official Cloud API.
Q.07Will my AI API keys remain private?+
Yes. AI API keys are stored in your environment variables on your server. They are never proxied through us and never leave your infrastructure.