Privacy

Three categories, nothing else:

• Account data. The email address you sign in with, your workspace name, and the role of each member (admin or viewer).
• Upstream API credentials you choose to store. When you connect an integration, you give us the underlying vendor API key (HubSpot, Resend, etc.) so we can call the vendor on your behalf. We encrypt these with AES-256-GCM using a key we control and never echo them back in the dashboard.
• Audit data. Every proxy call (method, path, status, source IP, user-agent, decision, duration) and every admin action (who did what, when, from what IP). This is the audit log you see at /app/audit.

We do not store request or response bodies. We do not log query strings unless you explicitly opt in per-integration.

Account data identifies who can do what. Upstream credentials let us forward your calls. Audit data is for you to review what your team / agents did and to debug issues.

We do not use any of this for advertising. We do not sell or rent it. We do not train AI models on it.

Services we use that touch your data:

• Fly.io — hosts the application and the encrypted database volume.
• Resend — sends magic-link sign-in emails, invite emails, and first-use credential alerts.
• Cloudflare — DNS for relaykey.ai (no app data flows through Cloudflare today; this is DNS-only).
• Google Analytics 4 — page-view + CTA tracking on the marketing site only (relaykey.ai). No app or audit data is sent. We respect your browser's Do-Not-Track when present.
• Stripe — when paid plans launch, Stripe will process payments. They never see your upstream credentials or audit log.

Audit-log retention varies by plan: 7 days (free), 30 days (Solo), 90 days (Starter), 1 year (Agency). Older rows are deleted on a daily worker. Account and credential data are kept until you delete them.

If you revoke an integration, the encrypted upstream key is marked revoked in the database; if you delete the integration outright the row is removed. Sessions are 30 days.

Email privacy@relaykey.ai from your account email and we'll:

• Send you everything we have linked to your account.
• Delete your account on request. This wipes account, user, invite, integration, credential, recipient, and admin-audit rows tied to your workspace. Proxy-traffic audit rows are removed too.
• Correct anything that's wrong.

We'll act within 30 days. We don't require you to cite a specific regulation (GDPR, CCPA, etc.) — the path is the same.

If RelayKey has a security incident that materially affects your data, we'll email the workspace admins within 72 hours of confirming it, with what we know and what we're doing about it. We'll keep updating until it's closed out.

One first-party cookie: rk_session, set on app.relaykey.ai when you sign in. HttpOnly, SameSite=Lax, Secure in production, 30-day TTL. No third-party tracking cookies on the marketing site.

RelayKey is a B2B tool. We don't knowingly collect data from anyone under 16. If you think we have, email and we 'll delete it.

If we change anything material, we'll email account admins and update the date at the top.