Security and Compliance

Privacy and security are top priorities at Prelay. We employ enterprise-grade best practices in our organization and product development to protect our customers.

We are

Enterprise Ready & Compliant

SOC 2 Type 2

Prelay is SOC 2 Type 2 compliant, as audited by an independent firm.


Prelay is GDPR compliant and handles personal data in compliance with EU laws.

World Class

Security and Reliability


All data is encrypted at-rest with full-disk encryption using AES-256 or better. All data transmitted to Prelay, or transmitted within the Prelay network, is encrypted in-transit using TLS 1.2 or newer.

Secure Infrastructure

Prelay uses Google Cloud Platform (GCP) for hosting of staging and production environments. GCP data centers are protected by 24/7 security monitoring, biometrics, and are ISO 27001 and SOC 1/2/3 certified.

Single Sign-On (SSO)

Prelay offers Single Sign-On, which allows customers to authenticate users using their own systems, eliminating the need for users to maintain and protect additional login credentials.

Fault Tolerance and Data Durability

Prelay deploys multiple redundant application servers and databases with automatic failover to ensure high availability, along with regular automated backups.

Our Ongoing

Commitment to Security

Penetration Testing

Prelay employs independent security firms to perform annual penetration testing, to actively uncover and eliminate vulnerabilities in our application.

Employee Security Training

Securing our customer's data is a team effort. Prelay employees undergo annual security training to stay up-to-date with security best practices. Employee laptops are protected by security policies, including strong passwords and full-disk encryption.

Secure Software Development

The Prelay engineering team utilizes secure coding practices, and employs manual and automated vulnerability testing as part of our software development lifecycle.

Restricted Data Access

Access to customer data is limited to authorized employees who require it for their job, data access is logged and protected by two factor authentication.

Reporting Issues

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at