Your data, kept honest.

Relay is operated by Relay Pty Ltd, an Australian proprietary company registered in Queensland. Our registered address is in Brisbane, Australia. Throughout this policy, “Relay,” “we,” and “us” mean Relay Pty Ltd.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you're in the EU/UK, your data is also handled in line with the GDPR's lawful-basis requirements (legitimate interest for marketing waitlist; consent for product use).

Early-access waitlist form. When you request early access via our landing page, we collect your name, work email address, company name, role, weekly call volume, current CRM, current dialler/softphone, and any free-text fill-in you provide. We also record the marketing surface you submitted from (e.g. “hero,” “nav”), your IP address, and your browser user-agent string. This is the minimum needed to triage your request and prioritise onboarding.

Product usage (when you become a customer). Once you sign up, we process the phone calls you connect to Relay (audio for live transcription, transcripts for AI extraction, extracted structured fields, summaries, and the workflow outputs we generate). We also store your CRM credentials (encrypted at rest), your team members' identities, and audit logs of who did what.

Telemetry. Aggregate, non-personal usage analytics via Vercel Analytics (page views, performance metrics). No identifying cookies beyond the functional ones needed for the app to work.

Form data is used solely to triage your waitlist position and contact you about onboarding. Product data is used to deliver the service: transcribing calls, extracting structured fields, and firing the post-call workflows you've configured. Telemetry is used to keep the service fast and reliable.

We will not use any of this data to train external AI models, to sell to third parties, or to target you with unrelated marketing.

Sub-processors. We share only what's necessary with these vendors, each contractually bound to handle your data lawfully:

• Supabase (database hosting, Sydney ap-southeast-2 region). Stores all your customer data encrypted at rest.
• Anthropic (Claude API). Receives call transcripts for extraction, outcome classification, and summary generation. Anthropic does not train on data sent through their API.
• Deepgram (speech-to-text). Receives call audio for transcription. Audio is processed and discarded; transcripts are returned to us.
• Resend (transactional email). Receives the email addresses needed to send you account or waitlist notifications.
• Fly.io / Vercel (hosting and CDN). Receives standard server logs.

CRM and integration providers. When you connect your CRM (HubSpot, Salesforce, etc.), email (Gmail, Outlook), or dialler (Twilio, Aircall, etc.), we share the data needed for the integrations you've enabled. Those providers' privacy policies govern what they do with that data on their side.

Legal obligation. We'll disclose data if we're served with a valid legal order. We'll let you know unless the order forbids it.

We will never sell your data.

Primary data is stored in Supabase's Sydney (ap-southeast-2) region. Some sub-processors (Anthropic, Deepgram, Resend) may process data in the United States during the request lifecycle. We're working to expand region selection for customers with strict data-residency requirements.

Waitlist form submissions are kept until you become a customer or for 24 months, whichever is shorter. After that we delete the row.

Customer call data, transcripts, and workflows are retained for as long as your account is active, plus 30 days after cancellation (so you can export). After 30 days, hard-deleted.

Under Australian and EU/UK privacy law you can: access the personal data we hold about you, correct it, delete it, restrict its processing, object to it, and (for waitlist data) withdraw consent at any time.

To exercise any of these rights, email privacy@userelay.com.au. We'll respond within 30 days.

We encrypt data at rest (database column-level encryption for credentials, transparent encryption for the rest) and in transit (TLS 1.2+). Multi-tenancy is enforced at the database row level. Every privileged action is audit-logged.

For more on how we handle data day-to-day, see our Security page.

We'll post any updates here and bump the “last updated” date. Material changes that affect how your data is used will be emailed to active customers at least 30 days before they take effect.

Privacy concerns: privacy@userelay.com.au
General contact: see our Contact page.

If you're unhappy with how we've handled your data, you have the right to complain to the Office of the Australian Information Commissioner (oaic.gov.au).