← Home

Security isn't a feature.
It's where we started.

Rlly processes the most sensitive conversations in your business — live sales calls with real prospects, real numbers, real risk signals. On Rlly Max, that data runs entirely inside your own Microsoft Azure tenant. You own the cloud. You own the perimeter. You own the keys. No third-party transit, no shared infrastructure, no boundary you don't control.

[05] Security & data residency

Azure-native. Global-ready.
Governed top to bottom.

Rlly runs entirely on Microsoft Azure. Choose your region for data residency. Rlly Max customers self-host in their own Azure tenant with Microsoft Confidential Ledger, Azure Confidential Computing, Entra ID, and private endpoints — so transcripts, embeddings, and audit logs never cross a boundary you don't control.

Encryption
TLS 1.3 + AES-256
All customer data encrypted in transit (TLS 1.3) and at rest (AES-256 via Azure Storage Service Encryption).
Residency
Choose your Azure region
US, EU, UK, and APAC regions available. Rlly Max customers pick their own data residency at deploy time. No third-cloud transit.
Compliance
SOC 2 path · GDPR aligned
SOC 2 Type I audit scheduled H2 2026. GDPR, CCPA aligned. DPAs available on request.
◈ Subprocessors · Updated April 2026
Microsoft Azure
Cloud hosting, compute, storage, networking, Entra ID authentication. Rlly runs entirely within Azure. No third cloud.
Global · Customer-selected region
Azure OpenAI Service
GPT-5 family models for real-time coaching and post-call agent reasoning. Whisper for speech-to-text transcription. Runs inside Microsoft's Azure OpenAI boundary — no data flows to OpenAI, no training on customer data.
Azure US · No training opt-in
Microsoft Confidential Ledger
Tamper-evident, cryptographically verifiable audit log for every Rlly agent action. Available on Rlly Max.
Azure · Customer tenant
Azure Confidential Computing
Hardware-encrypted enclaves for customer transcripts and embeddings at rest and in use. Available on Rlly Max.
Azure · Customer tenant
Stripe
Payment processing for Rlly Notes and Rlly Pro subscriptions. PCI-DSS Level 1 certified. No card data touches Rlly servers.
US-hosted
Cloudflare
CDN, DDoS protection, WAF for rlly.ai. Edge caching of static assets only — no customer transcripts or call data at the edge.
Global edge
◈ YOUR TENANT. YOUR BOUNDARY.
Rlly Max deploys into your own Azure subscription. With Microsoft Confidential Ledger, Confidential Computing, Entra ID, and private endpoints, your transcripts and agent actions stay inside a perimeter your RevOps and security teams already control — and already audit. One audit trail. One source of truth.
◈ What we will not do
  • × Train foundation models on your call data. Ever.
  • × Sell, rent, or share your data with third parties.
  • × Record a call without participant consent.
  • × Retain data past contract termination. 30-day deletion guarantee.
◈ Reports & documents

Ten design partners.
Seven spots left.

Ship the Rlly that works for your sales org, not someone else's. Design partners get a direct line to the founders, Max-tier pricing locked for two years, and a quarterly roadmap vote. In exchange, we get real calls, real playbooks, and the brutal feedback that makes Rlly defensible.

Apply to the Design Partner Program → See the ROI math first