Security

Our approach

Security is foundational to how Relevance operates. We handle client GTM data, prospect lists, and campaign infrastructure — and we treat that data with the same rigor we'd expect from any serious vendor in our stack.

Infrastructure

• All production systems run on managed, SOC 2 / ISO 27001 compliant cloud providers.
• Data in transit is encrypted via TLS 1.2+.
• Data at rest is encrypted using industry-standard AES-256.
• Access to production infrastructure is restricted, logged, and reviewed.

Access control

• Single sign-on and multi-factor authentication are enforced for all internal accounts.
• Least-privilege access: team members only get access to the data needed for their role.
• Credentials and API keys are stored in a managed secrets vault — never in source code.

Data handling

• Client data is logically isolated per engagement.
• We do not sell, resell, or share client prospect lists with third parties.
• Prospect data sourced on a client's behalf is owned by the client and deleted on request.
• Backups are retained for operational continuity and pruned on a defined schedule.

Vendor management

We use a curated set of subprocessors (CRM, email infrastructure, enrichment, analytics) and require each to meet baseline security and privacy standards. A list is available on request.

Incident response

We maintain an incident response process covering detection, containment, notification, and post-mortem. Affected clients will be notified without undue delay if a security incident materially impacts their data.

Reporting a vulnerability

If you believe you've found a security issue affecting Relevance, please email panos@relevanceai.io with details. We'll respond promptly and work with you in good faith to resolve it.