Security Policy

Relio implements administrative, technical, and organizational measures appropriate for a B2B SaaS CRM handling personal information.

1. Authentication

• Passwords hashed with bcrypt
• Optional multi-factor authentication (TOTP)
• OAuth sign-in with Google and Microsoft
• Session management with database-backed sessions

2. Access control

• Organization-level tenant isolation
• Admin and Member roles with assignment-based contact access
• Admin-only organization and billing settings

3. Infrastructure

• TLS for data in transit
• Encrypted MFA secrets at rest
• Hashed API keys (developer features)
• Stripe webhook signature verification

4. Incident response

Report security concerns to security@userelio.com. We investigate credible reports and notify affected customers when required by law.