Reads bookmarks, computes health checks, derives the encryption key, encrypts the vault, decrypts restores, validates payloads, and applies cleanup or profile changes locally.
Trust Center
Trust claims with receipts.
Relay keeps bookmark sync useful without turning your bookmark library into readable cloud data. This page explains the product boundary, permissions, review status, and what evidence we maintain before making trust claims.
Security architecture
Readable bookmarks stay in the browser.
Relay syncs encrypted vault data. The browser reads bookmarks, checks library health, derives the encryption key from your password, validates restore payloads, and applies cleanup or profile changes locally.
Stores encrypted vault blobs, applies rate limits, checks ownership proofs, handles plan state, and never receives a readable bookmark library.
Trust signals
The claims are intentionally narrow.
Relay avoids broad certification language until evidence exists. These are the concrete boundaries the product currently maintains.
Bookmark titles, URLs, folders, profiles, and restore snapshots are encrypted before upload.
Relay can move encrypted data and enforce ownership, but it does not receive the password needed to read the vault.
Relay does not require name or email collection for core bookmark sync.
The public site and extension avoid analytics SDKs, ads, tracking pixels, and content scripts.
Relay asks for bookmarks and storage because those are the permissions needed to sync and maintain local state.
Independent review summaries will be published only after completion, not promised as current certification.
Permission model
Only the permissions the product needs.
The extension permission surface is deliberately narrow and reviewed in CI.
- bookmarks: read, create, move, and replace bookmark trees during sync/profile switching.
- storage: keep local browser identity, session state, plan cache, and sync metadata.
- No browsing-history permission.
- No all-sites host permission.
- No content scripts.
- No remote script execution.
Review status
Trust is evidence, not decoration.
Relay is preparing for independent browser-extension security review. Until that review is complete, the site will say review planned, not certified.
Current status: Chrome Web Store distribution is the normal install path. Independent audit summaries will be published after completion. Relay does not currently claim SOC 2, ISO, or third-party certification.