Introducing Relm Reports.

Schedule a Call
In this sectionPrivacy & AI

Privacy & AI

Privacy & data handling

How we store, isolate, and protect your data — encryption at rest, encryption in transit, tenant isolation, retention.

Relm TeamUpdated 3 min read
On this page

This page is the operational summary of how Relm Pro handles your data. For deeper detail, see our privacy policy and terms.

Tenant isolation

Every property, document, chat thread, and pro-forma is scoped to your organization. Cross-org access requires an explicit identity mechanism (SSO, dual membership) — there's no path for one org to read another's data.

Within an org, the visibility is "anyone in the org can see everything" by default. There's no per-property ACL today. If you need stricter isolation between teams in the same firm, set up multiple organizations.

Encryption

  • In transit: every connection uses TLS 1.2+. HSTS is on for relm.ai and excel-plugin.relm.ai.
  • At rest: every database, blob, and document store is encrypted using cloud-provider-native at-rest encryption (AES-256-GCM under the hood). Keys are managed by the cloud provider.
  • Backups: also encrypted, same posture.

Where data lives

  • Application data — managed cloud database in US regions.
  • Documents and large blobs — encrypted object storage in US regions.
  • Search indexes — managed vector index in US regions.
  • AI provider inference — frontier model providers, US regions.

For Enterprise customers with EU residency requirements, talk to us — we can scope an EU-only deployment.

Authentication

Authentication is handled by a SOC 2-compliant identity provider, with support for password, magic link, Google SSO, and enterprise SSO (SAML/OIDC for Enterprise customers). Multi-factor authentication is supported and recommended — see MFA.

Data retention

  • Active properties and documents — retained while the property exists.
  • Deleted properties — soft-deleted with a 30-day recovery window, then permanently destroyed.
  • Soft-deleted accounts — same 30-day window.
  • Operational backups — retained 30 days, then rotated out.
  • Audit logs — retained 90 days minimum, longer for Enterprise customers per contract.

Subprocessors

We use a small set of subprocessors to operate Relm. The current list is on the privacy policy page. We notify customers in advance of subprocessor changes per our DPA.

Compliance posture

We're SOC 2 Type II-ready as of 2026, with full Type II report available to Enterprise customers under NDA. See SOC 2 posture.

For HIPAA, FedRAMP, or other specialized compliance regimes, those are Enterprise conversations.

Data export

You own your data and can export it at any time:

  • Excel pro-formas — from any property's Financial section.
  • Raw uploaded documents — from each property's Documents section, click download.
  • Property data dump — Enterprise feature; reach out for a JSON export of a property.

Reporting a security issue

If you've found a security issue, email security@relm.ai rather than the support form. We treat security reports with priority and reply within 24 hours.

What's next

Was this article helpful?

Still need help?

Our team usually responds within one business day. Tell us what you're trying to do and we'll get you unstuck.

Related articles

Relm Pro Help Center