Relay AI (“Relay AI,” “we,” “us,” or “our”) operates an AI-agency platform that lets marketing agencies build, deploy, and manage AI assistants for their own clients. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have. It applies to our marketing site, the Relay AI dashboard, and the APIs and services that power them (together, the “Service”).
1. Who we are and our two roles
Relay AI plays two distinct roles depending on the data involved:
- Controller — for the account and billing information of the agencies (our direct customers) and their team members. We decide how that data is handled and this Policy governs it.
- Processor / service provider — for the tenant data an agency and its clients put into the platform (leads, conversations, knowledge-base content). The agency is the business/controller of that data; we process it only to provide the Service on the agency’s instructions. The agency’s own privacy policy also applies to the people it serves.
2. Information we collect
Account & profile
When you create an account we collect your name, email address, password credentials (stored only as a salted hash by our authentication provider), agency name, role, and preferences such as language and theme.
Agency & client (tenant) data
To deliver the Service we store the content you and your clients put into the platform: client/business profiles, AI assistant configurations and knowledge-base content, leads and their contact details, and conversation transcripts exchanged with your AI assistants. This data belongs to your agency; we handle it on your behalf.
Usage & billing
We record usage metrics (AI token consumption, message counts, feature usage, plan and subscription status) to operate the product, meter billing, and show you your own analytics. Payment card details are handled directly by our payment processor and are never stored on our servers.
Technical & cookies
Like most web applications we collect limited technical data — IP address, device and browser type, timestamps, and pages viewed — to operate, secure, and debug the Service. We use strictly-necessary cookies and local storage for authentication sessions and to remember your theme and language. We do not use third-party advertising or cross-site tracking cookies.
3. How we use information
We use personal information only to:
- provide, maintain, and secure the Service and your account;
- run AI assistants, generate responses, and route captured leads to your systems;
- meter usage, process subscriptions, and send billing documents;
- send transactional and service messages (welcome, confirmations, receipts, security and usage alerts), and — where you have opted in — product updates;
- provide support, debug issues, and improve the Service;
- comply with law and enforce our Terms.
We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising. We do not use your tenant data to train third-party public AI models.
4. AI processing
Relay AI assistants are artificial intelligence, not human agents, and disclose this to end users. To generate responses we send the relevant prompt and knowledge-base context to our AI inference providers (see below). Providers process this content transiently to return a response and, under our agreements, do not use it to train their models. AI output can be inaccurate; it is informational only and is not professional, legal, or financial advice.
5. Third-party sub-processors
We rely on a small set of vetted infrastructure providers strictly to run the Service. Each is bound by a data-processing agreement:
- Supabase — database, authentication, and file storage.
- Vercel — application hosting and content delivery.
- Groq and, where configured, OpenAI — AI model inference.
- Stripe — subscription billing and payment processing.
- Resend — transactional and campaign email delivery.
We may add or change sub-processors as the Service evolves; a current list is available on request and material changes are communicated as described in Section 10.
6. How we share information
Beyond the sub-processors above, we share personal information only: with your own agency and its authorized team members; with a client the assistant serves (as the recipient of an inquiry); in connection with a merger, acquisition, or asset sale (with notice); and where required by law or to protect rights and safety.
7. Data retention
We keep account data for as long as your account is active. Tenant data (leads, conversations) is retained while your account is active and for a limited period afterward so you can export it, then deleted or de-identified. You may request earlier deletion at any time; some records (e.g., invoices) are kept as required for legal and accounting purposes.
8. Security
Data is encrypted in transit (TLS) and at rest. Access is restricted to authorized personnel, tenant data is isolated per agency with row-level security, and credentials are stored only as salted hashes. No system is perfectly secure, but we work to protect your information and to notify you of material incidents as required by law.
9. Your rights (CCPA/CPRA and other US state laws)
Depending on your state of residence, you may have the right to know, access, correct, delete, and obtain a portable copy of your personal information, and to opt out of any sale or sharing (we do not sell or share). California residents have these rights under the CCPA/CPRA; residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have comparable rights. To exercise a right, email privacy@relay.ai. If your data was submitted through an agency’s assistant, contact that agency, and we will assist them as their processor. We verify requests, respond within the statutory window, and never discriminate against you for exercising a right.
10. Children
The Service is a business tool that is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.
11. International users
The Service is operated from the United States and intended for US businesses. If you access it from outside the US, you understand your information is processed in the US, which may have different data- protection laws than your country.
12. Changes to this Policy
We may update this Policy from time to time. When we make material changes we will update the “Last updated” date above and, for significant changes, notify account owners by email or in the dashboard. Continued use of the Service after an update means you accept the revised Policy.
13. Contact us
Questions about privacy? Email privacy@relay.ai. Relay AI — [operating entity, mailing address].