Privacy Policy

This Policy covers personal data we collect through the Service, our marketing websites, our communications with you, and our events. It does not apply to third-party products or services that we do not control, even where they integrate with the Service. Those products are governed by their own privacy policies.

Capitalized terms not defined here have the meanings given in our Terms of Service. If there is a conflict between this Policy and a separately executed data processing addendum, the addendum controls with respect to processing of customer personal data.

We collect information that you provide directly when you use the Service, including:

• Account and profile data, such as your name, email address, password, display name, avatar, role, time zone, and organization.
• Billing data, such as your plan, billing contact, and transaction history. Payment-card details are handled by our payment processors and are not stored by us in full.
• Content you submit, such as meeting recordings, audio, video, transcripts, chat messages, reactions, agendas, documents, and other materials you upload or generate.
• Communications, such as the contents of your messages to our support, sales, or community channels, and any feedback or survey responses you provide.

When you use the Service, we automatically collect certain technical and usage information, including:

• Device and connection data, such as IP address, browser type, operating system, device identifiers, and language settings.
• Usage data, such as features used, pages and screens viewed, actions taken, timestamps, and performance and error diagnostics.
• Audio and media metadata necessary to operate calls, such as device selection, microphone levels, and network quality metrics.
• Cookies and similar technologies used to keep you signed in, remember preferences, secure the Service, and understand usage, as described in our cookie disclosures.

We may receive information about you from third parties, such as identity and single-sign-on providers when you authenticate, calendar and conferencing platforms you connect, payment processors, marketing and analytics partners, and publicly available sources. We combine this information with data we collect directly to operate and improve the Service.

If you connect a third-party integration, we receive information from that service consistent with the permissions you grant. You can review and revoke these permissions at any time through the relevant integration settings.

We use personal data for the following purposes:

• To provide, operate, maintain, and secure the Service, including hosting meetings, generating transcripts and summaries, and delivering features you request.
• To create and manage your account, authenticate you, and process transactions and billing.
• To communicate with you about the Service, including service announcements, security alerts, support, and administrative messages.
• To personalize your experience, remember your preferences, and improve usability.
• To develop, train, and improve features and machine-learning models, subject to the controls and choices described in this Policy and applicable agreements.
• To monitor, detect, prevent, and address fraud, abuse, security incidents, and other harmful or unlawful activity.
• To comply with legal obligations, enforce our Terms, and protect the rights, property, and safety of Relay, our users, and others.
• For marketing and promotional purposes, where permitted, including sending you communications you can opt out of at any time.

Some features rely on machine-learning models to generate transcripts, translations, summaries, and suggestions. To provide these features, content is processed by automated systems and may be processed by trusted subprocessors under contractual confidentiality and security obligations.

We do not use the private contents of business customers’ meetings to train general-purpose models except as permitted by the applicable customer agreement or with appropriate consent. Where we improve models using content, we apply measures such as access controls, minimization, and, where feasible, de-identification or aggregation. Administrators may have controls to manage these settings for their organization.

Where the General Data Protection Regulation or similar laws apply, we process personal data on one or more of the following legal bases: performance of a contract with you; your consent, which you may withdraw at any time; our legitimate interests, such as operating, securing, and improving the Service, balanced against your rights; and compliance with legal obligations.

Where we rely on legitimate interests, you have the right to object, and where we rely on consent, you may withdraw it without affecting the lawfulness of processing carried out before withdrawal.

We and our partners use cookies, local storage, pixels, and similar technologies to operate and secure the Service, remember your settings, analyze usage, and, where permitted, support marketing. Strictly necessary technologies are required for the Service to function and cannot be switched off in our systems.

You can control non-essential cookies through your browser settings or any cookie-preference tools we provide. Disabling certain cookies may affect the functionality and performance of the Service.

We do not sell your personal data for money. We share personal data only in the following circumstances:

• With service providers and subprocessors who perform services on our behalf, such as hosting, storage, analytics, payment processing, customer support, and machine-learning infrastructure, under contracts that limit their use of the data.
• Within your organization, where you use the Service through a business account, with administrators and other authorized users as configured by your organization.
• With third-party integrations you choose to connect, consistent with the permissions you grant.
• In connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case personal data may be transferred subject to this Policy.
• To comply with law, respond to lawful requests and legal process, enforce our Terms, and protect the rights, property, and safety of Relay, our users, and the public.
• With your consent or at your direction for any other purpose disclosed at the time of collection.

We retain personal data for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data and the purpose for which it is processed.

Where we act as a processor, retention of customer content is generally controlled by the customer’s configuration and instructions. When data is no longer needed, we delete or de-identify it in accordance with our retention schedules and applicable law. Backups may persist for a limited additional period before being overwritten.

We maintain administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit and at rest where appropriate, access controls, network protections, logging, and regular security reviews.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and for using available security features. If we become aware of a security incident affecting your personal data, we will notify you as required by applicable law.

We operate globally and may transfer, store, and process personal data in countries other than your own, including the United States, where data-protection laws may differ from those in your jurisdiction. Where required, we implement appropriate safeguards for such transfers, such as the European Commission’s Standard Contractual Clauses or other lawful transfer mechanisms.

By using the Service, you understand that your information may be transferred to and processed in jurisdictions with different data-protection rules, subject to the safeguards described above.

Depending on where you live, you may have some or all of the following rights regarding your personal data:

• The right to access the personal data we hold about you and to receive a copy of it.
• The right to correct inaccurate or incomplete personal data.
• The right to delete personal data, subject to certain exceptions.
• The right to restrict or object to certain processing, including processing based on legitimate interests.
• The right to data portability, where applicable.
• The right to withdraw consent at any time where processing is based on consent.
• The right to lodge a complaint with a supervisory authority or regulator.

You can exercise many rights directly within your account settings, such as updating your profile, managing communications preferences, and deleting your account. For other requests, contact us at privacy@relay.app. We may need to verify your identity before fulfilling a request and may decline requests as permitted by law.

If you use the Service through a business customer, please direct your request to that organization, which acts as the controller of the relevant data; we will assist them as required.

The Service is not directed to children under the age of sixteen (16), or the applicable age of digital consent in your jurisdiction, and we do not knowingly collect personal data from such children. If we learn that we have collected personal data from a child without appropriate consent, we will take steps to delete it. If you believe a child has provided us with personal data, please contact us at privacy@relay.app.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described above under the GDPR and equivalent laws, and you may contact our data-protection point of contact for related inquiries.

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended, including the right to know, delete, and correct personal information, and to opt out of certain sharing. We do not sell personal information for monetary value, and we honor recognized opt-out preference signals where required. We will not discriminate against you for exercising your rights.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will provide notice through the Service, by updating the “Last updated” date, or by other appropriate means. Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at privacy@relay.app, or write to Relay AI, Inc., Attn: Privacy, 548 Market Street, San Francisco, CA 94104, United States.

We will respond to inquiries within the timeframes required by applicable law. If you are not satisfied with our response, you may have the right to escalate your concern to your local data-protection authority.