Privacy Policy

1. Introduction

Relay (“we”, “us”) takes your privacy seriously. This Privacy Policy explains how we collect, use, protect, and share information about you and your team when you use Relay.

2. What information we collect

We collect the following information to operate Relay:

• Account information: Email address, name, job title, and company name when you sign up.
• Workspace data: All tasks, announcements, meetings, and team structure data you create or input into your workspace.
• Team information: Names, email addresses, and roles of team members you invite.
• Diagnostic data: Error reports, performance traces, operational logs, route and path metadata, and pseudonymous account and workspace identifiers used for debugging and to keep the service stable and secure. We do not attach your email or name to this telemetry.
• Billing information: We do not store credit card data. Paddle handles all payment processing.

3. Authentication and sessions

We use WorkOS user management for authentication, email verification, and session handling. Your session is maintained with secure HttpOnly cookies, and we also store a theme preference cookie for UI personalization.

Relay does not store raw payment credentials. Authentication credentials are handled through the identity provider and related session infrastructure we configure for the service.

4. Where your data is stored

Relay stores workspace data in PostgreSQL infrastructure configured for the environment where the app is deployed. The current production deployment runbooks in this repository are built around Railway PostgreSQL and Railway app hosting. We do not currently offer an in-product control for customer-selected data residency.

5. Billing and payment

Relay uses Paddle for billing. Paddle collects and processes all payment information. Relay stores only your Paddle customer ID and subscription status, never your card details.

6. Analytics and tracking

This codebase does not include a general-purpose product analytics suite such as Google Analytics or Mixpanel. We do use Sentry for error monitoring, performance traces, and operational logs. Session replay is disabled by default and only enabled if we explicitly turn on masked replay collection for incident investigation.

7. Data retention and deletion

Canceling a subscription does not by itself delete workspace data. Subscription cancellation is configured to take effect at the end of the current billing period, and unpaid workspaces may have access restricted while billing is unresolved.

If a company administrator deletes a workspace from settings, Relay first queues secure deletion, cancels active billing, and removes external identity records before permanently deleting the local workspace. Backup copies, provider logs, and monitoring data may remain in provider systems until their normal retention windows expire.

8. Your rights

You have the right to access, correct, or delete your personal information. You can request a copy of all data we hold about you. Contact us at [email protected] to exercise these rights.

9. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our site before the changes take effect.