Overview

Relational Intelligence (“RI”) analyzes message text to score a range of relational markers, including Positivity, Warmth, Clarity and Safety. Our security program combines administrative, technical, and organizational measures aligned with industry best practices for cloud applications.

Data handling & retention

Demo defaults: The public demo is configured for no persistent storage of message content. Minimal request metadata (e.g., timestamp, status code) may be logged for reliability and abuse prevention.
API customers: Retention can be configured contractually. We support short rolling windows and/or anonymization where feasible.
Data minimization: Only the fields required to provide the service are processed. Optional redaction/scrubbing modes are supported in the pipeline.

Encryption

In transit: TLS 1.2+ for all client–server and service–service traffic exposed to public networks.
At rest: Encrypted storage for databases, object storage, and backups where applicable.
Key management: Managed encryption keys via the cloud provider; strict separation between environments.

Identity, access, and audit

Least privilege: Access is role-based, time-bounded where possible, and reviewed regularly.
MFA: Multi-factor authentication required for administrative access.
Secrets management: Environment-scoped secrets; no secrets in code repositories.
Audit: Administrative actions and critical system events are logged.

Application security

Secure SDLC: Code review, dependency scanning, and linting in CI.
Dependency hygiene: Regular updates with vulnerability monitoring.
Input handling: Strict validation and sanitization at API edges.
Isolation: Logical and environment separation for dev/test/prod.

Infrastructure & operations

Cloud hardening: Baseline security controls, network segmentation, and security groups.
Backups & recovery: Encrypted backups and documented restoration procedures.
Monitoring: Health, performance, and anomaly monitoring with alerting.

Responsible disclosure

We welcome reports from the security community. If you believe you’ve found a vulnerability, please email security@relationalmanager.com with details and reproduction steps. We’ll acknowledge receipt, triage the issue, and keep you informed until resolution. Please avoid data exfiltration and service disruption.

Compliance & regional privacy

GDPR/UK GDPR: Lawful bases (contract, legitimate interests, consent where required), DPA on request, and transfer mechanisms as applicable.
POPIA (South Africa): Conditions for lawful processing observed; data subject rights supported.
CCPA/CPRA: Disclosures of categories, rights to know/delete/correct, opt-out of sale/share (not applicable in ordinary course), and non-discrimination.

For full details, see our Privacy Policy and Terms of Use.

Subprocessors

We use vetted infrastructure and tooling providers (e.g., cloud hosting, logging/monitoring). All subprocessors are bound by data-processing terms appropriate to their services. A current list is available on request.

Business continuity

Redundancy: Critical services run with provider-grade durability.
Incident response: Defined runbooks for security and availability incidents, including communication procedures.

FAQ

Do you store message content?

The public demo is configured to avoid persistent storage of message content. For API customers, retention is configurable and can be set to zero-retention or short rolling windows by agreement.

Can you sign a DPA?

Yes. We provide a standard Data Processing Addendum (DPA) aligned with GDPR/POPIA/CCPA requirements. Custom terms can be negotiated for enterprise plans.

Where is data processed?

Primarily in the cloud region(s) specified in your agreement. Cross-border transfers, if any, use appropriate safeguards.

Contact

Security inquiries: security@relationalmanager.com
General privacy: privacy@relationalmanager.com