Relentio Security and Risk Focus

Commitment to Security

At Relentio, safeguarding customer data is our highest priority. We have invested significantly in corporate, product, and infrastructure security programs designed to protect the information entrusted to us. Our Legal Team, in collaboration with various departments, ensures the effective implementation of these programs.

Security and Compliance Goals

Our security framework is built on SaaS industry best practices. Our core objectives include:

Customer Trust and Data Protection: Deliver high-quality services while ensuring the privacy and confidentiality of customer data.
Service Availability and Continuity: Maintain service uptime and mitigate disruptions.
Data Integrity: Protect customer information from unauthorized alteration or corruption.
Standards Compliance: Align with or exceed recognized industry standards and best practices.

Security Controls Overview

To protect customer data, Relentio employs a layered approach involving administrative, technical, and physical safeguards. Below is a summary of frequently asked control topics:

Infrastructure Security

Cloud Hosting

Relentio hosts all product infrastructure with leading providers like Google Cloud Platform and Amazon Web Services (AWS), exclusively within the United States. We rely on their audited security and compliance measures to ensure robust infrastructure protection.

Google Cloud guarantees 99.5% monthly uptime.
AWS offers up to 100% reliability and has validated business continuity plans (SOC 2 Type 2, ISO 27001).

Network Security

We enforce multiple layers of inspection across our application using logical firewalls and security groups. Default firewall settings deny all unauthorized traffic. Rule changes undergo formal change control processes and are periodically reviewed.

Configuration Management

Our infrastructure scales dynamically using automation. All servers are configured via version-controlled images and hardened setup files. Deviations from baseline configurations are detected and automatically corrected within 30 minutes. Patch management is automated and outdated servers are replaced.

Logging and Monitoring

Relentio logs all application activity to centralized, secure storage. Logs relevant to security are retained and indexed for incident response. Only select engineers have tightly controlled write access.

Monitoring systems trigger alerts and automated responses when anomalies—such as attack patterns or system errors—are detected. Actions include throttling, process shutdowns, and team notifications.

Application Security

Web Protection

All hosted content is protected by application firewalls. Real-time monitoring identifies malicious activity and enforces OWASP Top 10 aligned protection, including DDoS mitigation.

Development and Release Pipeline

We follow a continuous delivery model with thorough code reviews, automated testing, and static analysis. New features pass through staging and QA environments before being deployed to production. Segregation between QA and production prevents unauthorized access. Deployment is fully automated and supports rapid rollback if necessary.

Vulnerability Management

Relentio runs routine vulnerability scans using advanced tools and threat intelligence. Annual penetration testing helps uncover deeper risks. Findings are prioritized and addressed based on severity.

Customer Data Protection

Data Classification

Per our Terms of Service, Relentio products are not designed for storing sensitive personal data like SSNs, financial details, or health information unless explicitly allowed.

Tenant Separation

Relentio uses logical separation of customer data through unique identifiers and strict authorization rules. Application access and changes are logged and reviewed regularly.

Data Encryption

All data in transit uses TLS 1.2 or 1.3 with 2048-bit keys or higher. At rest, data is encrypted with AES-256. Passwords are securely hashed and encrypted.

Key Management

Encryption keys are managed using a hardened Key Management System. TLS keys are maintained via our content delivery partner. Key rotations occur at defined intervals depending on data sensitivity. At this time, customer-supplied keys are not supported.

Backup and Disaster Recovery

Reliability and Recovery

Relentio infrastructure is built with high availability, using multiple availability zones and virtual private networks. Backup systems support point-in-time recovery.

Backup Process

Backups occur daily and are retained for at least seven days. Monitoring systems alert for failures, which are promptly investigated. Backups are secured with access controls and WORM protections.

Customer Data Recovery

Customers cannot directly trigger infrastructure failovers. However, deleted items such as contacts and tasks can be restored within 30 days. Many features allow manual data exports or API-based synchronization for added protection.

Access Management

User Control

Customers can assign granular permissions and manage user access within their portals.

Authentication

Relentio enforces a strong password policy and supports native login with mandatory two-factor authentication. Admins can require 2FA for all users.

Internal Access Control

Employee access to production environments is limited and based on RBAC principles. Persistent administrative access is minimized. Engineers access infrastructure through secure bastion hosts or IAM roles.

Corporate Security Measures

Internal systems require multi-factor authentication. Passwords follow best practices, and critical credentials are managed through password vaults. Access reviews are conducted semi-annually.

Organizational Security

Hiring Practices

All employees undergo background checks before joining. They must acknowledge our Employee Handbook and Code of Conduct, which outline responsibilities around data protection.

Policy Management

Relentio maintains a comprehensive Written Information Security Policy, which includes data handling and disciplinary measures for violations. Policies are reviewed annually.

Security Training

CyberSafety training, including phishing awareness, is required at onboarding and provided annually.

Vendor and Endpoint Security

Third-party vendors must meet our privacy and security standards. Company devices are protected with full-disk encryption and are centrally managed via a Mobile Device Management platform.

Compliance

Relentio does not store or process customer credit card data. All transactions are handled through PCI-compliant providers. We are committed to protecting customer privacy and never sell personal data.

Data Retention and Deletion

Customer data is retained while accounts are active. Deletion requests can be submitted and are fulfilled in line with applicable regulations. Some logs and metadata are retained for compliance purposes. Custom data retention policies are not currently supported.

Privacy Management

Relentio’s Legal Team works closely with product and engineering teams to ensure effective data privacy practices. Additional information is available in our Privacy Policy and Data Processing Agreement.

Incident Response

In the event of a breach, Relentio will notify customers as required by applicable laws.

Document Use

This document serves as an informational resource and does not create binding obligations. Our security practices evolve over time and are subject to change.