Data boundary

RelayGuard is a BYO-RPC gateway. You bring provider URLs and API keys; we route traffic and store configuration needed to operate your workspace.

What we store

• Account email and password hash (bcrypt)
• Workspace name, slug, and plan
• Provider names, weights, independence groups, and encrypted RPC URLs (AES-256-GCM)
• API key prefixes and bcrypt hashes (plaintext shown once at creation)
• Security Mode settings per chain
• Session tokens for dashboard login

What we do not store

• Your JSON-RPC request bodies or responses (not persisted in the database)
• Plaintext provider URLs after initial save
• Plaintext API keys after creation

What we log

Gateway and control plane emit structured JSON logs for operations:

• Request metadata: chain, method, request ID, routing decisions
• Provider health transitions and failover events
• Security Mode quorum outcomes and divergence (no full RPC payloads in logs)
• Authentication failures and rate-limit events

Provider URLs and API keys are never written to logs. Suspicious patterns in provider URL fields trigger internal alerts only.

Encryption

• Provider URLs encrypted at rest with a platform encryption key
• TLS in transit for all public endpoints
• Dashboard session cookies are HttpOnly and Secure in production

Subprocessors

Hosted beta runs on Fly.io (compute) and Fly Managed Postgres (database), US East (iad). See our Security page for the current subprocessor list. A formal DPA is available on request before general availability.

Related

• Privacy Policy
• Security
• Responsible disclosure

Your responsibilities

• Only add RPC endpoints you are authorized to use under your provider's terms
• Rotate API keys if compromised
• Configure independent provider groups for meaningful Security Mode quorum