The server needs the encrypted blob, a derived vault lookup key, browser-limit metadata, rate-limit metadata, and plan state to operate sync.
End-to-end encrypted
Zero-knowledge vault
No analytics SDK
Independent review planned
What Relay can and cannot see
Readable bookmark titles, URLs, folders, and profiles are encrypted in the browser before upload. The password is not sent to Relay.
Sensitive actions require a local ownership token recovered only after a browser decrypts the vault with the correct password.
Password recovery would require Relay to hold a decryption path. Relay intentionally does not.
Extension permissions
Relay requests only the permissions needed for bookmark sync:
- bookmarks: read and update the browser bookmark tree during sync and profile switching.
- storage: keep local session state, browser identity, plan cache, and sync metadata.
Independent verification roadmap
Relay is preparing for an independent browser-extension security review. We will publish only completed review summaries, not future-tense certification claims. The planned review scope is:
- Manifest permissions and Content Security Policy.
- Bookmark sync, profile switching, and restore behavior.
- Client-side encryption and key handling.
- Backend API boundaries, rate limiting, and ownership checks.
- Public website claims against real implementation behavior.
Current status: no third-party certification has been claimed yet. Chrome Web Store distribution is the normal install path, and independent audit evidence will be added after completion.
Report a security issue
Please use the support page for a private reporting path. Do not send passwords, full bookmark exports, private URLs, or exploit playbooks in an initial report.