Enterprise Security & Trust Center
Security-First Architecture | GDPR Compliant | Enterprise-Ready Last Updated: February 2026 Operated by 10x Galaxy Ltd (United Kingdom)
1. Security Governance & Program
Our Information Security Program is designed to protect the confidentiality, integrity, and availability of customer data. Controls are aligned with SOC 2 Trust Services Criteria and GDPR requirements. Relan AI does not currently claim ISO 27001 or SOC 2 certification, but architecture supports future certification readiness.
2. Compliance & Regulatory Alignment
Relan AI complies with EU GDPR, UK GDPR, UK Data Protection Act 2018, Standard Contractual Clauses (SCCs), and UK International Data Transfer Addendum. Relan acts as Data Controller for account/billing data and Data Processor for customer engagement data.
3. Infrastructure & Cloud Security
Enterprise-grade cloud infrastructure hosted primarily in UK/EU regions. High-availability architecture, environment isolation, secure network configuration, DDoS mitigation, and WAF protection.
4. Data Protection & Encryption
TLS 1.2+ encryption in transit. AES-256 encryption at rest. Encrypted database storage and backups. Secure key management practices.
5. Identity & Access Management
Role-Based Access Control (RBAC), least-privilege access, administrative logging, MFA for privileged access, secure password policies, and periodic access reviews.
6. Secure Development Lifecycle (SDLC)
Code review procedures, secure coding practices, vulnerability monitoring, patch management, and structured change management controls.
7. Monitoring & Threat Detection
System monitoring, audit logging, anomaly detection mechanisms, and alert escalation procedures.
8. Incident Response
Internal incident response process including detection, containment, investigation, remediation, customer notification without undue delay, and regulatory reporting where required.
9. Business Continuity & Resilience
Redundant infrastructure, backup and restoration procedures, periodic recovery validation, and defined internal recovery objectives.
10. Vendor & Sub-Processor Management
Due diligence prior to onboarding vendors, Data Processing Agreements in place, and periodic vendor risk evaluation. Sub-Processor List available upon request.
11. Data Retention & Minimization
Account data retained while active. Engagement metadata retained per configuration. Billing records retained per legal obligations. Backups purged per retention cycle.
12. International Data Transfers
Transfers protected through Standard Contractual Clauses (SCCs), UK IDTA Addendum, and encryption safeguards.
13. Data Subject Rights
Right of access, rectification, erasure, restriction, objection, and portability. Privacy inquiries handled within statutory timeframes.
14. Enterprise Documentation Available
DPA, Sub-Processor List, Security Overview Summary, Incident Response Summary, and GDPR Compliance Statement available upon request.
15. Contact Information
Privacy: privacy@relan.ai
Security: security@relan.ai
10x Galaxy Ltd
61 Bridge Street
Kington, Herefordshire
HR5 3DJ
United Kingdom
16. Our Commitment
Relan AI never sells customer data, encrypts data in transit and at rest, maintains transparency in data practices, and continuously improves security controls.