Relpin is designed around private internal apps, tenant isolation, server-side secret handling, and auditable release paths.
Tenant isolation
Tenant data access is scoped by organization and environment. App code should reach data through governed server-side paths, not by receiving raw credentials in browser or user-code surfaces.
Secrets
Secrets, connector tokens, database credentials, and secret_ref values must stay out of browser-facing surfaces. App code can request governed actions; Relpin resolves the sensitive material server-side.
Auth and permissions
Runtime access should require verified identity and explicit permission checks. Standard roles are presets, not the final authorization boundary for sensitive product surfaces.
Audit
Important platform actions should be explicit, scoped, and auditable. Release promotion, app access, sensitive data actions, and admin operations should leave reviewable history.
Open beta status
Relpin is in open beta. The security model is architecture-first, but public certifications are not claimed yet.