Privacy Policy
This Policy explains what personal data Relay processes, why, who we share it with, how long we keep it, and the rights you have under UK and EU GDPR (and, where applicable, other privacy laws including the California CCPA/CPRA).
1. Who we are and how to contact us
1.1 Controller.
Relay is operated as a UK sole trader by the founder of the service. For the purposes of the UK General Data Protection Regulation ("UK GDPR"), the EU General Data Protection Regulation ("EU GDPR"), and the UK Data Protection Act 2018, Relay is the controller of personal data described in this Policy. If and when the business is incorporated as a company, this section will be updated to name the company and its Companies House registration number.
1.2 Contact channels.
Privacy-specific enquiries, including the exercise of any of the rights at §11: privacy@relaycall.app. General enquiries: support@relaycall.app. Abuse reports (third-party reports of unwanted calls): abuse@relaycall.app. We will respond to data-subject-rights requests within one calendar month of receipt as required by GDPR Article 12(3). If a request is complex or we receive many requests from you, we may extend that period by up to two further months and will tell you within the initial month if we do.
1.3 Representative and DPO.
Relay does not currently have an appointed UK or EU representative under UK GDPR Article 27 / EU GDPR Article 27, and is not required to appoint a Data Protection Officer under Article 37 of either regulation. We will update this section if either position changes.
2. Categories of personal data we collect
We process the categories of personal data set out below. Where a category is processed only in specific circumstances, that is noted. We do not knowingly collect personal data we do not need.
2.1 Account data.
Your email address (provided when you sign in) and the unique account identifier we assign you. Your sign-in events (timestamp, IP address, browser user-agent) are recorded for security purposes by our authentication provider.
2.2 Call-Plan data.
The information you enter when creating a Call Plan: the target organisation, the destination phone number, the objective, any context or notes you provide, and the data items ("Chips") you approve for disclosure on the call.
2.3 Call-Run data.
For each call placed: the audio recording of both sides of the call ("Recording"); a text transcript of the call ("Transcript"); the structured outcome summary produced from the Transcript; metadata about the call (start time, end time, duration, the destination number, the outcome category, agent step events, provider cost telemetry); and the granular consent record (the version of the Terms and the AUP shown to you, the time-stamped check-box selections, and your authorisation event).
2.4 Third-party personal data within Call-Plan and Call-Run data.
The Call Plan, Recording, and Transcript may contain personal data about a third party — the destination party (typically an employee of the target organisation), and in some cases other identified or identifiable individuals you mention in the call context (for example, a person on whose behalf you are calling). Relay processes this third-party personal data as a processor of your instructions for the purpose of fulfilling the Call Run, and as a controller for the limited purposes of operating the Service safely, retaining the audit trail, and complying with our own legal obligations.
2.5 Billing data.
If and when paid billing is introduced, the Service will process billing-related data: your token balance and ledger, the time-stamped events that adjust the balance, and (if you make a payment) the payment-method metadata returned to us by our payment processor (a card type, last four digits, billing country). Relay does not see or store full card numbers; those are handled directly by the payment processor.
2.6 Device and usage data.
Information about the device, browser, and network you use to access the Service, collected via our hosting provider's standard access logs (IP address, user-agent string, request path, response status, timestamp). Limited functional cookies as described in the Cookie Policy.
2.7 Communications data.
If you contact us at any of the addresses in §1.2, the content of your communication and any reply we send. We retain this for our records and to provide you with continuity of support.
3. How we collect personal data
We collect personal data: (a) directly from you, when you create an account, create a Call Plan, authorise a Call Run, or contact us; (b) from your interaction with the Service, when the Recording and Transcript are produced and when device and usage data are logged; (c) from third-party providers acting on our behalf (for example, Supabase records authentication events; Telnyx and OpenAI process audio in real-time during the call; Resend records email-delivery events); and (d) if and when you contact us, from the message you send us.
4. Why we process personal data, and our legal basis
We process personal data only for one or more specific purposes and only where we have a lawful basis under UK GDPR Article 6 (and EU GDPR Article 6 where applicable). The table below sets out each processing purpose, the categories of data involved, and the legal basis.
4.1 Providing the Service to you.
Processing: account creation and sign-in; receiving Call Plans; placing Call Runs; producing Recordings and Transcripts; producing outcome summaries; managing your token balance. Data: §§2.1, 2.2, 2.3, 2.5. Basis: performance of the contract between you and us (UK GDPR Article 6(1)(b)).
4.2 Disclosing data on the call.
Processing: speaking on the call to the destination party the items you have approved on the Plan. Data: subset of §2.2 you have explicitly authorised. Basis: your explicit consent given through the granular per-call authorisation flow (UK GDPR Article 6(1)(a)) and, where the data falls within UK GDPR Article 9 special categories, your explicit consent under Article 9(2)(a).
4.3 Operating the Service safely.
Processing: applying the destination-safety gate; balance gating; refusal-and-stop-condition enforcement; AUP enforcement; abuse detection; fraud prevention; rate-limiting; logging and monitoring; investigating security incidents. Data: §§2.1, 2.3, 2.6, 2.7. Basis: our legitimate interest in operating the Service safely and lawfully (UK GDPR Article 6(1)(f)). We have assessed our interest and consider that it is not overridden by your interests, rights or freedoms; you may object to processing on this basis under §11.4.
4.4 Complying with legal obligations.
Processing: responding to lawful requests from law enforcement, regulators or courts; meeting our tax-record-keeping obligations; responding to data-subject-rights requests; reporting suspicious activity where required by law. Data: any category, as required. Basis: compliance with our legal obligations (UK GDPR Article 6(1)(c)).
4.5 Improving the Service.
Processing: analysing aggregated, anonymised, or pseudonymised data about how the Service is used, including outcomes of Call Runs, to identify bugs and to improve product features. Data: pseudonymised subsets of §§2.3, 2.6. Basis: our legitimate interest in improving the Service (UK GDPR Article 6(1)(f)). We do not use Recordings or Transcripts for AI model training, except for the limited and clearly-purposed quality-assurance use described at §5.3.
4.6 Communicating with you.
Processing: sending sign-in links, transactional emails about your account or a call, and responses to enquiries you initiate. Data: §§2.1, 2.7. Basis: performance of the contract (Article 6(1)(b)) and our legitimate interest in service administration (Article 6(1)(f)).
4.7 Marketing.
We do not currently send marketing communications. If we begin to do so, we will rely on your opt-in consent under PECR Regulation 22 and you will have the right to withdraw consent at any time using the unsubscribe link in any such message.
5. Recipients and sub-processors
We disclose personal data to the recipients set out below. Each sub-processor is contractually bound to process your personal data only on our documented instructions, to apply appropriate technical and organisational measures, to assist us with data-subject-rights requests and security incidents, to support audits, and to delete or return personal data on termination. We carry out due diligence on each sub-processor before engaging them and review the engagement periodically.
5.1 Hosting and database (Supabase).
Supabase provides our Postgres database and authentication service. Data: §§2.1, 2.2, 2.3 (metadata; not audio), 2.5. Location of processing: the EU (Frankfurt region) for the production project as at the date of this Policy. Role: processor.
5.2 Application hosting (Vercel).
Vercel hosts the Service's web application and serves requests. Data: §§2.1, 2.2, 2.3 (metadata; not audio), 2.6. Location of processing: Vercel's global edge network, including the United States. Role: processor.
5.3 Realtime bridge hosting (Railway).
Railway hosts the Service's realtime bridge process, which relays audio between the carrier and the AI model during a call. Data: audio packets in transit (not stored on the bridge), §2.3 metadata. Location of processing: the United States. Role: processor.
5.4 Telephony (Telnyx).
Telnyx provides the carrier minutes for the Call Run and the bidirectional audio stream. Data: the destination number, the audio of the call in transit, call metadata (start, end, duration, cost). Location of processing: Telnyx's global network, including the United States. Role: processor for the call audio; an independent controller for telecom regulatory and billing purposes as required by carrier law. Telnyx's privacy policy applies in addition to ours for its independent-controller processing.
5.5 Conversational AI (OpenAI).
OpenAI provides the real-time AI model that generates Relay's voice on the call, and the model that produces structured outcomes from Transcripts. Data: audio of the call in transit, Transcript (post-call), and a system instruction set that includes the Plan context. Location of processing: OpenAI's infrastructure, including the United States. Role: processor. Our agreement with OpenAI restricts use of your data for model training; OpenAI's published API terms apply in addition. Where you opt in to a future feature whose terms require additional data use by OpenAI, we will tell you and seek your consent.
5.6 Transactional email (Resend).
Resend sends the sign-in links and any other transactional emails. Data: your email address, the email body, and email-delivery telemetry. Location of processing: Resend's infrastructure, including the United States. Role: processor.
5.7 DNS and edge network (Cloudflare).
Cloudflare provides DNS and (where applicable) edge protection for the Service's domains. Data: §2.6. Location of processing: Cloudflare's global network. Role: processor.
5.8 Payments (Stripe — when introduced).
When paid billing is introduced, Stripe will process payments. Data: §2.5 plus payment-method information you provide directly to Stripe (not seen by Relay beyond the metadata Stripe returns). Location of processing: Stripe's infrastructure, including the United States. Role: independent controller as defined by Stripe for the purposes of payment processing.
5.9 Other recipients.
We may disclose personal data: (a) to law enforcement, regulators, courts, or other public authorities, where required by law or where we reasonably believe disclosure is necessary to protect a person's life or safety; (b) to our professional advisers (lawyers, accountants, auditors), bound by confidentiality, where reasonably necessary; (c) to a buyer or successor in connection with a sale of the business, subject to appropriate confidentiality and to the recipient agreeing to be bound by a privacy policy at least as protective as this one. We do not sell personal data and we do not share personal data for cross-context behavioural advertising.
6. International transfers
Where a sub-processor is located outside the United Kingdom or the European Economic Area, we transfer personal data to that country only with appropriate safeguards in place.
6.1 UK / EEA transfers.
Transfers between the United Kingdom and the European Economic Area are made on the basis of the UK's adequacy regulations (currently in force) and the European Commission's adequacy decision in respect of the United Kingdom.
6.2 Transfers to the United States.
Several sub-processors identified at §5 process personal data in the United States. We transfer personal data to those sub-processors using one or more of the following mechanisms: (a) the European Commission's Standard Contractual Clauses (Module 2 controller-to-processor or Module 3 processor-to-processor, as appropriate) supplemented by the UK International Data Transfer Addendum where the transfer is also a restricted transfer under UK GDPR; (b) reliance on the sub-processor's certification under the EU-US Data Privacy Framework and the UK Extension to that Framework, where the sub-processor is so certified at the time of transfer; and (c) where applicable, derogations under UK GDPR Article 49 (for example, your explicit consent to the transfer for a specific purpose).
6.3 Transfers elsewhere.
Where a sub-processor processes personal data in a country other than the UK, the EEA, or the United States, we apply the same approach: an appropriate Article 46 transfer mechanism (typically the SCCs plus the UK Addendum) and a transfer-impact assessment where the law of the destination country is materially less protective than UK / EEA law.
6.4 Copies of the safeguards.
You may request a copy of the safeguards used for a specific transfer by emailing privacy@relaycall.app, redacted where appropriate to protect the sub-processor's confidential information.
7. How long we keep personal data
We keep personal data only for as long as is necessary for the purpose for which it was collected, after which we either delete it or anonymise it.
7.1 Recordings.
Retained for 30 days from the end of the Call Run, then deleted automatically. You may delete a Recording immediately at any time from your account.
7.2 Transcripts and outcome summaries.
Retained as part of the Call Run record for as long as your account exists or until you delete the Call Run, whichever is earlier.
7.3 Call Plans.
Retained for as long as your account exists or until you delete the Plan or the parent Call Run.
7.4 Account data.
Retained for the duration of your account. On account deletion, the account record is erased within seven days and propagated to backups within our standard backup-rotation window (currently 35 days).
7.5 Authentication audit logs.
Retained according to our authentication provider's standard retention policy (currently 90 days for detailed records).
7.6 Billing records.
Where paid billing applies, retained for at least six years to meet UK tax-record-keeping obligations under section 12B of the Taxes Management Act 1970 and equivalent.
7.7 Communications with us.
Retained for three years after the last communication, unless required to be kept longer for a specific reason (for example, an ongoing complaint or dispute).
7.8 Aggregated and anonymised data.
Where data has been irreversibly anonymised so that it can no longer be associated with any identifiable individual, we may retain it indefinitely for the purpose of operating and improving the Service.
8. Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, as required by UK GDPR Article 32. These measures include: encryption of personal data in transit (HTTPS / TLS for application traffic; SRTP-equivalent encryption for the bidirectional audio bridge); encryption of personal data at rest by our database and storage sub-processors; access controls based on least-privilege principles (per-user authentication, row-level security policies on database tables, scoped API tokens for inter-service calls); time-bound voice-fetch tokens that prevent unauthenticated telephony fetches; segregation of administrative and user roles; logging and monitoring of access to personal data; and periodic review of the foregoing. No security measure is perfect. If we become aware of a breach of personal data that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours where required by UK GDPR Article 33, and will notify you without undue delay where required by Article 34.
9. AI and machine-learning processing
9.1 Inputs and outputs.
During a Call Run, audio packets and the Plan-derived system instructions are sent to OpenAI's real-time conversational model, which returns audio packets. After the call, the Transcript is sent to OpenAI's Chat Completions model, which returns the structured outcome. These are the inputs and outputs of the AI processing.
9.2 Training restrictions.
Our agreement with OpenAI restricts the use of your inputs and outputs for training generally-available models. Where a feature requires data to be used differently, we will tell you and obtain your consent before enabling that feature for your account.
9.3 Automated decision-making.
The Service does not make solely automated decisions about the destination party that produce legal effects concerning them or similarly significantly affect them. Refusal of a call by the destination-safety gate at the start of a Call Run, or by the balance gate, is an automated decision about you, the user; you may request a human review of any refusal by emailing privacy@relaycall.app. Beyond that, you have the right under UK GDPR Article 22 not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.
9.4 EU AI Act disclosure.
Relay is an AI system that interacts with natural persons in a way that may not be obvious to them. In accordance with Article 50(1) of Regulation (EU) 2024/1689 (the EU AI Act), Relay discloses to the destination party at the start of every call that it is an AI assistant. Recordings are subject to the EU AI Act's transparency obligations as Relay's deployer; this Policy and the Terms together meet those obligations.
10. Cookies and similar technologies
The Service uses a small number of strictly necessary cookies (principally an authentication session cookie issued by Supabase Auth, and Next.js routing cookies). We do not currently use analytics cookies, advertising cookies, or any non-essential cookies. The full list, and instructions for controlling cookies in your browser, are in the Cookie Policy at /cookies.
11. Your rights
Under UK GDPR (and EU GDPR where applicable), you have the rights set out below. You may exercise any of them by emailing privacy@relaycall.app. We will respond within one calendar month of receipt; if a request is complex or numerous we may extend that period by up to two further months and will tell you within the initial month if we do.
11.1 Right to be informed (Articles 13–14).
The information in this Policy is the principal means by which we discharge this right. If you would like more detail about a specific processing operation, ask us.
11.2 Right of access (Article 15).
You may obtain confirmation of whether we process your personal data and, if so, a copy of that data and the information listed in Article 15(1).
11.3 Right to rectification (Article 16).
You may have inaccurate personal data corrected and incomplete personal data completed. For account email, you can update this directly in the Service; for other items, contact us.
11.4 Right to erasure / right to be forgotten (Article 17).
You may have personal data erased where one of the Article 17 grounds applies. Deleting your account in the Service is the most direct way to exercise this right for most of your data; for residual records (for example, those kept for tax or audit-trail reasons under §7.6), we will erase them when the legal retention period ends.
11.5 Right to restrict processing (Article 18).
You may require us to suspend processing of your personal data while we verify a request under §11.3 or §11.4 or while you object to processing under §11.7.
11.6 Right to data portability (Article 20).
Where we process your personal data on the legal basis of consent or contract and by automated means, you may receive that data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
11.7 Right to object (Article 21).
You may object at any time, on grounds relating to your particular situation, to processing of your personal data carried out on the basis of our legitimate interests (§§4.3, 4.5). On receiving your objection, we will stop the relevant processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or unless the processing is necessary for the establishment, exercise, or defence of legal claims.
11.8 Rights relating to automated decision-making (Article 22).
See §9.3 for the limited automated decisions made about you.
11.9 Right to withdraw consent.
Where we rely on your consent, you may withdraw it at any time, with effect for the future. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
11.10 Right to lodge a complaint.
You have the right to lodge a complaint with a supervisory authority. In the United Kingdom, that is the Information Commissioner's Office (https://ico.org.uk). In Germany, the federal authority is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) and there is also a Land-level supervisory authority. In other EEA countries, the supervisory authority in your country of residence or place of work. We would welcome the opportunity to address your concerns directly before you contact a regulator.
11.11 Verifying your identity.
Where the request you make is one we need to authenticate in order to perform it safely, we will ask you to confirm a one-time verification step from the email address registered to your account. We charge no fee for handling requests, unless a request is manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse the request).
12. Other jurisdictions
12.1 California (CCPA / CPRA).
If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") gives you rights similar to those at §11, including the right to know what personal information we have collected about you, the right to delete it, the right to correct it, the right to opt out of any sale or sharing (we do not currently sell or share your personal information as those terms are defined in the CCPA/CPRA), the right to limit use and disclosure of sensitive personal information, and the right to non-discrimination for exercising these rights. To exercise a right, email privacy@relaycall.app. We will respond within 45 days, with an extension of up to a further 45 days if needed (notifying you within the initial period). An authorised agent may submit a request on your behalf with written authorisation that we can verify.
12.2 Other US states.
Privacy laws in Colorado, Connecticut, Utah, Virginia, Texas, Oregon, and other US states that have enacted comprehensive consumer-privacy legislation give residents of those states a similar set of rights to those described at §11 and §12.1. We honour those rights regardless of state of residence and you may exercise them by emailing privacy@relaycall.app.
12.3 Other countries.
Where you use the Service from a country whose data-protection law differs from UK / EU GDPR, we will honour the data-subject rights granted to you under that law as if they were rights under this Policy, except where doing so would conflict with our other legal obligations.
13. Children's privacy
The Service is not intended for, and may not be used by, children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to the Service, please contact us at privacy@relaycall.app and we will erase the data.
14. Changes to this Policy
We may update this Privacy Policy from time to time. The current version is always at /privacy with a last-updated date at the foot of the page. Material changes will be notified to signed-in users by email at the address associated with the account at least 14 days before the change takes effect, and will be surfaced in the Service. Minor clarifications that do not alter the substance of how we process personal data may take effect immediately on publication.
Last updated: 29 May 2026.