Table of Contents

Security & Compliance

19 Jun 2026 - relaso.com
 Print

Security & Compliance

At Relaso, security is built into every layer of our platform. We are committed to protecting your data with industry-standard practices and maintaining compliance with applicable regulations.

Data Encryption

  • In transit: All data is encrypted using TLS 1.2+ (256-bit encryption) between your browser and our servers.
  • At rest: Sensitive data is encrypted at rest using AES-256 encryption.

Infrastructure Security

  • Hosted on secure, redundant cloud infrastructure with RAID-10 hardware for instant backups.
  • Daily offsite backups to geographically separated data centers.
  • Dual firewall protection against network-level threats.
  • Regular security patches and infrastructure updates.

Access Controls

  • Role-based access control (RBAC): Users can only access data relevant to their role.
  • Multi-factor authentication (MFA): Available for all user accounts.
  • Audit logging: All access and changes to sensitive data are logged with timestamps and user identity.
  • Session management: Automatic session timeout and secure session handling.

Application Security

  • Input validation and output encoding to prevent injection attacks.
  • Regular security assessments and code reviews.
  • Secure software development lifecycle (SDLC) practices.
  • Protection against OWASP Top 10 vulnerabilities.

GDPR Compliance

For users in the European Economic Area, we provide:

  • Right to access, rectify, and delete your personal data.
  • Data portability — export your data in standard formats.
  • Consent management — clear opt-in/opt-out mechanisms.
  • Data Processing Agreements (DPA) — available on request for enterprise customers.
  • No third-party tracking — we do not use advertising cookies or share data with ad networks.

For GDPR-related inquiries, contact legal@relaso.com.

Healthcare Compliance

Our healthcare products (Relaso Clinic, Relaso for Doctors, Relaso HospiTech) are designed with healthcare data protection in mind:

  • Data encryption at rest and in transit for all patient data.
  • Role-based access controls to restrict access to patient records.
  • Audit trails for all access to and modifications of patient data.
  • Consent logging for data collection and processing.
  • Business Associate Agreements (BAA) — available for healthcare customers who require HIPAA compliance.

For healthcare compliance inquiries, contact support@relaso.com.

Incident Response

  • Dedicated incident response procedures for security events.
  • Affected users will be notified within 72 hours of a confirmed data breach, in compliance with GDPR requirements.
  • Post-incident reviews and remediation.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@relaso.com. We take all reports seriously and will respond within 48 hours.