This document provides details about our security practices and policies. You will find detailed information about the measures we have implemented to ensure the safety and privacy of your data.

Secure infrastructure

  • RelativeCI services run on Google Cloud Platform(GCP). GCP provides a robust infrastructure with advanced security features, ensuring your data's confidentiality, integrity, and availability.
  • Access to the platform, source code, and third-party tools is secured with two-factor authentication.

Data encryption

  • Data in transit (transmitted between your device or services to RelativeCI or between RelativeCI services) is encrypted using Transport Layer Security (TLS)
  • Data at rest (processed data, containers, archives, etc.) is encrypted using AES-256 keys.

Data retention and removal

  • Projects data - based on the subscription type:
    • PRO and Open Source subscriptions: until the project is deleted
    • Free: 1 year
  • Admin logs - one year
  • Service logs - 30 days


  • RelativeCI uses Firebase Authentication with GitHub for authorization and authentication
  • We use third-party services to monitor exceptions, logs, and the performance of our services


The agents run on the client infrastructure and are responsible for collecting and sending the bundle stats and build information to RelativeCI.

Secure development

We use best practices to develop secure and reliable software:

  1. Code review, automated testing, and static analysis for every change
  2. Automated dependency updates
  3. Automated build and release flow


We backup and encrypt the project data regularly:

  1. Daily backups stored for 7 days
  2. Weekly backups stored for 1 month

Payment security

RelativeCI uses as a Merchant of Record. We do not process or store any information about the payment method(e.g: credit card data).

If you have any questions about this Security Policy, please get in touch with us by email:

Last update: 01/12/2023, Effective date: 12/01/2020