Trust
Proven foundation for
integration, automation, and AI.
Built with enterprise security, compliance, and reliability standards, Tray gives teams the control to scale integration and automation safely with AI.
- execution uptime
- 100%
- audited annually
- SOC 2 Type 2
- data residency
- US / EU / APAC
- integrations / year
- 150B+
Why trust matters
Buyers ask for proof. Tray brings the receipts.
Before choosing a platform, enterprise buyers look for proof. Tray embeds governance into the platform and provides the compliance evidence, residency options, and reliability reporting that legal, procurement, IT, and business leaders need to reduce risk.
Security standards
Security in every layer
Data is encrypted, access is limited to the right people, and systems are monitored around the clock. This reduces risk and keeps enterprise projects moving.
Encryption
Tray encrypts all data at rest and in transit. Sensitive credentials such as tokens and API keys receive additional safeguards to prevent misuse.
Identity and access
Tray enforces single sign-on (SSO) and phishing-resistant two-factor authentication. Role-based permissions control access so users view only what is relevant to their role.
Monitoring and auditing
Tray monitors systems around the clock with automated alerts and on-call security experts. Every action is logged, and customers can stream logs to their own systems.
Independent testing
Tray’s security is tested by independent experts. We complete SOC 1 and SOC 2 Type 2 audits, conduct annual penetration tests, and run a bug bounty program with the security community.
Compliance standards
Built for legal and procurement reviews
Tray meets global compliance standards including GDPR, CCPA, and HIPAA. Customers can host data in the US, EU, or APAC. We provide signed DPAs and transparent vendor lists.
Privacy laws
Tray complies with GDPR, CCPA, and HIPAA. Our security and privacy controls are designed to meet strict legal obligations across regions.
Data residency
Customers choose US, EU, or APAC hosting to meet regional requirements. Local hosting supports compliance with privacy regulations and data transfer rules.
Data processing agreements
Tray provides a standard DPA and maintains a current sub-processor list. Vendors we work with must meet the same standards we commit to.
Governance and oversight
Tray maintains a privacy function that oversees data protection policies and regulatory compliance. Every employee completes required training on privacy and data handling each year.
AI and data use
Your data. Your AI. Your controls.
Tray’s AI features are designed for flexibility and transparency, giving customers full control. You own all AI output, can opt out at any time, and decide where prompts and models are used. Tray never trains on your data, and AI providers do not retain prompts or responses after processing.
Operational controls
Customers control how Tray operates
Set data retention, decide when support can access accounts, and stream logs to your own systems. Every action is recorded, keeping operations transparent and accountable.
Log retention
Set retention from 30 days to 24 hours, or disable it. You control the data footprint without losing error visibility.
Audit logs
Tray records every action across the platform. Stream logs to your own systems to create a complete record for oversight and compliance reporting.
Support access
You grant time-limited access when you need Tray’s support team to view your data. All access requests and actions generate audit events for compliance tracking.
AI data security
Tray Guardian protects sensitive information in AI workflows. It applies tokenization, redaction, and policy controls so teams can use Tray AI safely without exposing confidential data.
Resilient operations
Always on, always recoverable
Tray runs across multiple AWS regions with encrypted backups and tested recovery plans. Defined recovery objectives and continuous monitoring keep services available at all times.
High availability
Tray uses AWS multi-region hosting with availability zones to keep services running. Systems are monitored continuously to prevent and detect downtime.
Backups and recovery
Customer data is backed up at least daily and stored in separate locations. Disaster recovery is tested annually, with recovery time and point objectives clearly defined.
Incident response
Confirmed incidents trigger immediate investigation and notification. Tray provides customers details on impact, remediation, and prevention.
Business continuity
Security and engineering teams are on call 24/7 to respond to incidents. Plans are in place to maintain critical operations during unexpected events, and policies keep security and compliance standards active under stress.
Resources
Everything legal and procurement need
Certifications, agreements, the live status page, and the trust center.
-
Trust Center
Certifications, audit reports, sub-processor lists, and privacy commitments.
-
Status page
Real-time uptime, incident history, and scheduled maintenance.
-
Data processing agreement
The standard DPA Tray executes with customers handling personal data.
-
Sub-processor list
Current vendors that process customer data on Tray’s behalf, with regional context.
-
Master services agreement
The contractual basis of every Tray subscription.
-
Support terms
Severity definitions and response-time targets for Advantage and Advantage Plus.
-
Privacy policy
How Tray collects, uses, and protects personal information across products and websites.
Need a security questionnaire, pen test report, or signed DPA?
The trust team responds in one business day.