Text messaging for cybersecurity and threat detection apps.
Detection alerts, escalation pings, incident resolution — the texts that reach an on-call engineer at 3am before dwell time compounds.
Free to author & testNo credit cardUS & Canada
Acme: Acme Security P1: Brute-force, 40 failed logins from 203.0.113.9 on prod-auth-gateway. acme.app/incidents/4821 Reply STOP to opt out.
Our free message templates are live.
Sending arrives Summer 2026.
A text can change the outcome.
A brute-force burst hits the auth gateway at 2:47am. The on-call engineer gets a text and locks the account before the attacker moves laterally.
Cybersecurity SaaS messages. And all of the others.
All nine message categories are included — one registration.
Notifies the on-call analyst the instant a detection crosses threshold, with enough context to start investigating from the phone.
Tracks a formal incident against its service-level commitment and closes the loop when resolved.
Requires an explicit ACK from the primary responder or auto-escalates to the next person in the rotation.
Common questions
What's the right message when a detection fires — system alert or on-call text?
On-call text for anything that needs a human right now; system alert for everything else. An on-call text is the shortest, most urgent message in the set — it fires when a system is confirmed down or compromised and someone needs to act immediately. A system alert is for informational or mid-severity detections: a threshold crossed, an anomaly logged, a finding that needs review but isn't actively burning. Build your severity-to-message-type mapping before you wire up the notifications — P1/P2 and critical get the on-call text; everything else gets the system alert.
How does the ACK escalation work — does the engineer reply to the text?
Yes — they reply ACK to claim the incident, and your backend handles the rest. When an escalation ping fires, the engineer replies ACK from their phone. Your backend receives that inbound reply and marks the incident claimed. If no ACK arrives within your configured window, your app fires the next alert to the secondary on-call. RelayKit delivers the inbound reply to your webhook — your app logic handles the claim and escalation timer.
Should I include the raw detection details in the SMS body?
Include enough to act on, but link to the console for the rest. ’40 failed logins from 203.0.113.9’ in the body tells the engineer what they're looking at. A token, a raw log line, or a full payload in the body is wrong — both for message length and for credential exposure. The rule of thumb: enough context to make the first triage decision from a locked phone, then a link to the full incident record for everything else.
Do I need to text an all-clear when an incident is resolved?
Yes — responders need to know when to stand down. Every alert that pulls someone into an incident needs a matching resolution notice. Without it, the responder doesn't know if they're still on watch or can go back to sleep. The resolution text is short: system name, incident ID, and a link to the post-mortem or closure record. It also creates a natural audit trail of when the incident was officially closed.
You build the feature. We handle the bureaucracy.
Every text message carries a stack of carrier rules. We've read all of it, so you don't have to.
Registration handled
Getting approved on your own can take weeks.
Most registrations clear in about three days. We handle the filing, so you can keep building your app.
Messages compliant
Send the wrong kind of message and carriers block it — silently.
Every message is checked against carrier rules before it sends, not just passed through.
Opt-ins & opt-outs covered
Miss a single STOP and the fines add up fast.
We stop instantly. Consent is tracked and enforced at delivery, not wired up by you.
Give your AI tool a build spec, not a pile of docs.
RelayKit generates implementation instructions for your AI tool. Messages, variables, event triggers, testing steps, and integration guidance arrive for smooth integration.
Slots into ShipFast, Supastarter, MakerKit, and Vercel + Supabase.
import { RelayKit } from 'relaykit'; const relaykit = new RelayKit(); await relaykit.appointments.sendConfirmation(customer.phone, { date: 'Fri, Jun 6', time: '2:00 PM', });
That's the send.
Preview list
Your safe audience for sending test messages, before and after launch.
- JoelVerified(555) 867-8842
- SarahVerified(555) 412-5519
- MikeInvited(555) 290-3301
Run test messages through real phones.
Add yourself, your team, your beta testers. Each person verifies once. After that, your app's messages work for them exactly the way they'll work for customers.
Trigger your real flows — a booking, a code, a reminder — and see the whole loop land: sent, delivered, your database updated.
What it takes to go live.
No telecom expertise required. We handle the carrier side.
Choose your messages
Pick the messages your app needs from templates that already know the rules.
Browse the messages →Build and test
Hand the spec to your AI tool, then test the full flow on real phones before launch.
Go live
RelayKit handles registration and delivery. A few days to approval.
Simple pricing.
Build for free
Set up your messages. Add the code to your app. Test with real phones. No credit card.
Go live for $49 + $19/mo
We file your registration with carriers. Approval takes a few days. 500 messages included per month, then $8 per additional 500. Full refund if you're not approved.
What $19/mo includes.
Marketing messages add $10/mo. Volume pricing above 5,000 messages. US and Canada at launch. We don't handle HIPAA, healthcare-regulated workflows, or enterprise procurement.
When a message can't wait, send a text.
Messages from an app only work when someone sees them. Here's how text and email compare.
Industry SMS-vs-email benchmarks, 2025–26 — open and response from SMS-marketing aggregates; email inbox placement from Validity's 2025 deliverability report. SMS open is inferred from delivery, not pixel-tracked; reported email open rates are distorted by tracking-pixel prefetch and blocking.
The rules show up after you start building.
US carriers require these from every business that sends texts. Getting approved can take weeks if not done right.
Registration
Before anything sends, your business gets registered in a central registry that every US carrier checks — legal name, tax ID, website, and what you plan to send. Details have to match your IRS records exactly, or the application bounces.
RelayKit collects this during setup and files the registration for you.
Carrier review
Reviewers check your registration and your messages against carrier rules before you're allowed to send. Other providers typically take two to three weeks — and every rejection restarts the clock, with no guarantee the next round clears.
RelayKit submissions are prepared to pass the first time; approval typically takes a few days.
Consent requirements
You have to collect and keep proof that every recipient agreed to get texts from you — how they opted in, when, and which kinds of messages they agreed to. Someone who signed up for appointment reminders hasn't agreed to marketing.
RelayKit provides the opt-in language and keeps the consent records automatically.
Build a compliance website
Reviewers visit your website looking for a privacy policy with specific mobile-data language, posted terms, and a visible description of your texting program. A missing or half-finished site is the single most common reason registrations get rejected.
RelayKit generates and hosts a compliance site for you — privacy policy, terms, and opt-in page included.
STOP and HELP handling
A reply of STOP has to halt messages to that person immediately, and HELP has to get a real answer — automatically, every time. Getting it wrong is a fast way to get a number shut down.
RelayKit handles both at the delivery layer; when someone replies STOP, we stop.
Message restrictions
Carriers limit what businesses can say over text: entire content categories are banned, links get scrutinized, and messages outside your registered use case can get your number flagged. The rules live across multiple carrier policies, and they change.
RelayKit's templates already follow them, and custom messages are checked before they send — not just passed through.
The messages are ready now.
Sending arrives Summer 2026.
You can start with the messages today. When sending launches, your AI tool wires up the integration, you test on real phones, and registration and opt-outs stay handled behind the scenes.