Tray.ai

Tray.ai

Search the Trust Center...
Ctrl +K

Tray.ai | Trust Center

Everything you need to complete your security review is here. Browse documents, certifications, and compliance details with confidence. Our Trust Center is regularly updated to reflect the latest audit results, and subprocessor disclosures.


Announcements

Tray.ai Achieves SOC 1 Type 2

We're pleased to announce that we have successfully completed our SOC 1 Type 2 examination, conducted by Schellman & Company, LLC.

This independent audit validates that our controls relevant to user entities' internal control over financial reporting are suitably designed and operating effectively. The examination covered the period from August 1, 2024, to July 31, 2025, and demonstrates our commitment to maintaining robust controls that support our customers' financial reporting requirements.

What This Means for You

SOC 1 Type 2 compliance provides assurance that:

  • Our control environment meets rigorous industry standards for financial reporting controls
  • Independent auditors have verified both the design and operational effectiveness of our controls over a 12-month period
  • Your organisation can rely on our platform as part of your own internal control over financial reporting (ICFR) framework

This achievement complements our existing SOC 2 Type 2 certification, reinforcing our dedication to security, compliance, and operational excellence across all aspects of our service delivery.


XZ Utils (liblzma) SSH Vulnerability - No Impact

CVE-2024-3094: We can confirm that Tray is not affected by this vulnerability. Tray uses Amazon Linux which AWS has confirmed that neither their customer nor infrastructure is impacted https://aws.amazon.com/security/security-bulletins/AWS-2024-002/


MOVEit Vulnerability - No Impact

We can confirm that Tray does not use this software and is therefore not affected by this vulnerability.



Badges

gdpr
GDPR
ccpa
CCPA
eu-us-data-privacy
EU-US DPF
swiss-us-dpf
Swiss-US DPF
uk-extension-to-eu-us-dpf
UK-US DPF

Documents & Knowledge Base FAQs


Subprocessors
4

Subprocessor
Location of Processing
Usage Details
AWS

AWS

United States, Ireland, Australia
Tray uses AWS for all infrastructure and uses US (West coast) regions by default. EU (Ireland) and APAC (Australia) are also available on request.
Datadog

Datadog

United States, Germany
Internal system and error logs.
OpenAI

OpenAI

United States
Opt-in sub-processor. Details of OpenAI’s processing is described during the opt-in. OpenAI will not be allowed to use customer data for its own training purposes. More info at https://tray.ai/documentation/tray-uac/merlin-ai/how-does-merlin-ai-use-my-data/
Twilio

Twilio

United States
Twilio Sendgrid processes emails used by customers in the v3 and below "Send Email" connector. Since v4 "Send Email", the connector uses AWS SES.
Last updated . .
View as:
Powered by Conveyor, the first end-to-end customer trust platform.
Learn more