Privacy Policy

This Privacy Policy explains how the Relay platform ("Relay," "we," "us") collects, uses, and protects information when you use our website and services at relayai.dev (the "Service").

Relay is an early-stage, pre-incorporation project. We do not yet have a dedicated Data Protection Officer or formal privacy program. That said, we take your privacy seriously and are committed to being transparent about what data we collect, why we collect it, and how we handle it. This policy reflects our actual practices, not aspirational ones.

1. Information We Collect

1.1 Account Information

When you create an account, we collect information through our authentication provider, Clerk. This includes your email address, name, and profile information associated with your authentication method (email, Google, or GitHub). We do not store your passwords directly; authentication is managed entirely by Clerk.

1.2 Audio Data

You upload audio files to the Service for the purpose of training custom detection models and running inference. These files are stored in AWS S3 and are associated with your account. We also generate machine learning embeddings (numerical representations) from your audio, which are stored separately.

1.3 Annotations and Model Data

You provide labeled annotations that identify artifact types and timestamps within your audio files. These annotations, along with trained model artifacts, are stored and associated with your account.

1.4 Billing Information

Payment information is collected and processed by Stripe. We do not store credit card numbers, bank account details, or other sensitive financial data on our servers. We receive from Stripe limited information such as the last four digits of your card, subscription status, and billing history.

1.5 Usage Data

We collect usage data including inference minutes consumed, number of models trained, API call counts, and feature usage patterns. This data is used for billing, enforcing plan limits, and improving the Service.

1.6 Technical Data

We automatically collect standard technical data such as IP addresses, browser type, device information, and access timestamps when you interact with the Service. This data is used for security monitoring and service operation.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service, including storing your audio, generating embeddings, training your custom models, and running inference.
• Authenticate your identity and secure your account.
• Process billing and manage your subscription.
• Monitor and enforce usage limits under your plan.
• Communicate with you about your account, service updates, and support requests.
• Maintain, troubleshoot, and improve the Service.
• Detect and prevent fraud, abuse, and security incidents.

Importantly, we do not:

• Use your audio data to train shared, general-purpose, or cross-tenant models. Your models are trained exclusively on your own data.
• Sell, rent, or trade your personal information or audio data to third parties.
• Use your data for advertising or marketing profiling.

3. Third-Party Services

We rely on the following third-party services to operate Relay. Each has its own privacy policy governing the data it processes:

4. Data Storage and Security

Your data is stored on AWS infrastructure in the United States (us-east-2 region). We implement reasonable security measures including:

• Encryption in transit via TLS for all connections.
• Encryption at rest for stored audio files (S3) and database records (RDS).
• Tenant isolation to prevent cross-account data access.
• Database credentials managed through AWS Secrets Manager.
• Infrastructure deployed in private subnets within a Virtual Private Cloud (VPC).

As an early-stage project, our security practices are evolving. For more details on our current security posture, see our Security page.

5. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. Specific retention periods depend on your subscription plan (for example, 7 days for Starter plans, 30 days for Pro plans).

When you delete data through the Service (datasets, audio files, models), we initiate deletion from our storage systems. Due to the nature of distributed storage and backup systems, complete removal may take up to 30 days.

After account termination, we retain Your Data for up to 30 days to allow for export, after which it is scheduled for permanent deletion.

We may retain anonymized, aggregated usage statistics (not linked to your account or audio data) for analytical purposes indefinitely.

6. Data Deletion and Your Rights

You have the right to:

• Access the data we hold about you by contacting us.
• Delete your audio data, annotations, and models through the Service interface or API.
• Request full account deletion by emailing us. We will process deletion requests within 30 days.
• Export your data (audio files, annotations, detection results) through the Service's API before deletion.

We do not currently have an automated self-service tool for full data export or account deletion. To exercise these rights, please contact us at the email address below.

7. Cookies and Tracking

The Service uses essential cookies required for authentication and session management (provided by Clerk). We do not use third-party advertising or behavioral tracking cookies.

We may use basic analytics to understand how the Service is used in aggregate. If we add analytics tools in the future, we will update this policy accordingly.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete that information promptly.

9. International Users

The Service is operated from and data is stored in the United States. If you access the Service from outside the United States, be aware that your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

We acknowledge that various jurisdictions (including the EU under GDPR) provide specific data protection rights. While we are not yet subject to formal regulatory obligations as a pre-incorporation project, we aim to respect these rights and will work with you to address legitimate data requests.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you by email or through the Service. The "Last updated" date at the top indicates when this policy was most recently revised.