Relay LogoRelay

Security

Your secrets never leave your device.

Zero-Compromise Privacy

Relay is a "Local First" app. We do not have servers, we do not track you, and we cannot see your API keys.

Secure Secret Storage

When you add an environment variable to a server configuration (like `OPENAI_API_KEY` or `GITHUB_TOKEN`), you can toggle the Lock Icon to mark it as a secret.

Secrets are handled differently than normal variables:

  • Storage: They are NOT stored in Relay's database or configuration files. Instead, they are saved directly to your operating system's native keychain (Windows Credential Manager, macOS Keychain).
  • Runtime: When you start a server, Relay retrieves the secret from the keychain in memory and injects it into the process environment.
  • Export: When you export configurations to other clients (like Claude), secrets are NOT exported by default to prevent accidental leaks, unless the target client supports secure storage references.

Network Activity

Relay makes network requests only for:

  1. Fetching the Marketplace Catalog (public JSON file).
  2. Checking for App Updates (GitHub Releases).

Relay does not proxy your MCP traffic. When you use a server (e.g., Brave Search), the traffic goes directly from the local server process to the API provider.