Text messaging for compliance and GRC apps.
Failing controls, overdue reviews, security tasks — the texts that reach the right person before a compliance gap becomes an audit finding.
Free to author & testNo credit cardUS & Canada
Acme: Acme GRC Critical: Control failing — MFA enforcement on prod-auth. Details: acme.app/controls/4821 Reply STOP to opt out.
Our free message templates are live.
Sending arrives Summer 2026.
A text can change the outcome.
A control drifts out of compliance at 2am. The on-call security lead gets a text and remediates before the audit window closes.
Compliance & GRC SaaS messages. And all of the others.
All nine message categories are included — one registration.
Keeps the customer's own GRC-platform account secure and active.
Notifies the control owner the moment a continuous test detects drift, then escalates if unacknowledged.
Pushes approvers toward an access review or control-approval deadline before it lapses.
Assigns a security task to an individual and nudges until complete.
Common questions
Who gets the alert when a control falls out of compliance — the control owner or the whole security team?
The control owner first, then escalate if they don't acknowledge. Most GRC platforms assign each control to a named owner — that person is responsible for remediating it. The first text goes to them. If they don't reply ACK within your configured window, the escalation ping fires to a security lead or manager. Broadcasting to the whole team before the owner has a chance to respond creates noise and diffuses accountability.
What's the difference between an access review deadline text and a failing-control alert?
One is time-bound and scheduled; the other fires when continuous monitoring detects drift. An access review deadline has a known date — it's a calendar event with a text reminder. A failing-control alert fires the moment an automated check detects a control is out of compliance, which can happen any time. The remediation urgency is similar, but the trigger logic in your system is different. Build them as separate notification flows even if they go through the same channel.
Do I need to ask employees before texting them security tasks?
Yes — being part of your organization doesn't automatically mean they agreed to receive texts. The right place to capture it is during onboarding or their first login to the compliance tool. RelayKit hosts an opt-in page for your app — your AI tool will know how to wire it in once you tell it where new employees set up their profile.
How many reminders should I send for an overdue employee task before stopping?
Weekly nudges until complete, with a cap of three or four before escalating to a manager. Security tasks have a completion deadline that matters — policy acceptance, device enrollment, training — so you can't just stop after one miss. Weekly reminders work for most cadences. After three or four with no action, the right move is a manager escalation rather than another employee text. At that point the person knows about the task; the problem is motivation, not awareness.
You build the feature. We handle the bureaucracy.
Every text message carries a stack of carrier rules. We've read all of it, so you don't have to.
Registration handled
Getting approved on your own can take weeks.
Most registrations clear in about three days. We handle the filing, so you can keep building your app.
Messages compliant
Send the wrong kind of message and carriers block it — silently.
Every message is checked against carrier rules before it sends, not just passed through.
Opt-ins & opt-outs covered
Miss a single STOP and the fines add up fast.
We stop instantly. Consent is tracked and enforced at delivery, not wired up by you.
Give your AI tool a build spec, not a pile of docs.
RelayKit generates implementation instructions for your AI tool. Messages, variables, event triggers, testing steps, and integration guidance arrive for smooth integration.
Slots into ShipFast, Supastarter, MakerKit, and Vercel + Supabase.
import { RelayKit } from 'relaykit'; const relaykit = new RelayKit(); await relaykit.appointments.sendConfirmation(customer.phone, { date: 'Fri, Jun 6', time: '2:00 PM', });
That's the send.
Preview list
Your safe audience for sending test messages, before and after launch.
- JoelVerified(555) 867-8842
- SarahVerified(555) 412-5519
- MikeInvited(555) 290-3301
Run test messages through real phones.
Add yourself, your team, your beta testers. Each person verifies once. After that, your app's messages work for them exactly the way they'll work for customers.
Trigger your real flows — a booking, a code, a reminder — and see the whole loop land: sent, delivered, your database updated.
What it takes to go live.
No telecom expertise required. We handle the carrier side.
Choose your messages
Pick the messages your app needs from templates that already know the rules.
Browse the messages →Build and test
Hand the spec to your AI tool, then test the full flow on real phones before launch.
Go live
RelayKit handles registration and delivery. A few days to approval.
Simple pricing.
Build for free
Set up your messages. Add the code to your app. Test with real phones. No credit card.
Go live for $49 + $19/mo
We file your registration with carriers. Approval takes a few days. 500 messages included per month, then $8 per additional 500. Full refund if you're not approved.
What $19/mo includes.
Marketing messages add $10/mo. Volume pricing above 5,000 messages. US and Canada at launch. We don't handle HIPAA, healthcare-regulated workflows, or enterprise procurement.
When a message can't wait, send a text.
Messages from an app only work when someone sees them. Here's how text and email compare.
Industry SMS-vs-email benchmarks, 2025–26 — open and response from SMS-marketing aggregates; email inbox placement from Validity's 2025 deliverability report. SMS open is inferred from delivery, not pixel-tracked; reported email open rates are distorted by tracking-pixel prefetch and blocking.
The rules show up after you start building.
US carriers require these from every business that sends texts. Getting approved can take weeks if not done right.
Registration
Before anything sends, your business gets registered in a central registry that every US carrier checks — legal name, tax ID, website, and what you plan to send. Details have to match your IRS records exactly, or the application bounces.
RelayKit collects this during setup and files the registration for you.
Carrier review
Reviewers check your registration and your messages against carrier rules before you're allowed to send. Other providers typically take two to three weeks — and every rejection restarts the clock, with no guarantee the next round clears.
RelayKit submissions are prepared to pass the first time; approval typically takes a few days.
Consent requirements
You have to collect and keep proof that every recipient agreed to get texts from you — how they opted in, when, and which kinds of messages they agreed to. Someone who signed up for appointment reminders hasn't agreed to marketing.
RelayKit provides the opt-in language and keeps the consent records automatically.
Build a compliance website
Reviewers visit your website looking for a privacy policy with specific mobile-data language, posted terms, and a visible description of your texting program. A missing or half-finished site is the single most common reason registrations get rejected.
RelayKit generates and hosts a compliance site for you — privacy policy, terms, and opt-in page included.
STOP and HELP handling
A reply of STOP has to halt messages to that person immediately, and HELP has to get a real answer — automatically, every time. Getting it wrong is a fast way to get a number shut down.
RelayKit handles both at the delivery layer; when someone replies STOP, we stop.
Message restrictions
Carriers limit what businesses can say over text: entire content categories are banned, links get scrutinized, and messages outside your registered use case can get your number flagged. The rules live across multiple carrier policies, and they change.
RelayKit's templates already follow them, and custom messages are checked before they send — not just passed through.
The messages are ready now.
Sending arrives Summer 2026.
You can start with the messages today. When sending launches, your AI tool wires up the integration, you test on real phones, and registration and opt-outs stay handled behind the scenes.