Legal

Privacy Policy

We collect the minimum we need to run Relay reliably for you, and we tell you exactly what that is.

Last updated May 14, 2026
01

Who we are

Relay is a developer infrastructure product built by an independent team based in Pavlodar, Kazakhstan. In this policy “Relay”, “we”, “our” and “us” refer to that team and the legal entity operating the service. “You” refers to the individual or organisation using the service or the public website.

For any privacy question, write to privacy@relay.dev. We respond to verified requests within 30 days.

02

Data we collect

The data we hold falls into four buckets:

  • Account data. Email, optional display name, hashed password (or OAuth identifier), creation date.
  • Waitlist data. Email and the page that referred you. We use this only to invite you to the product. You can ask us to delete it at any time.
  • Request metadata. For every API call routed through Relay we record the timestamp, model, provider, HTTP status, latency, token counts, cache hit/miss, retry count and IP. We do not store the bodies of your prompts or model responses unless you explicitly enable the debug log on a per-key basis.
  • Billing data. Plan, billing cycle, invoice history. Card numbers are handled by our payment processor (Paddle); we never see or store them.
03

How we use data

  • To provide the service: route, retry, cache, fail over.
  • To show you a dashboard of your own traffic and bill you accurately.
  • To debug incidents and detect abuse (e.g. rate-limit floods).
  • To send transactional emails (account confirmation, invoices, outage notifications) and waitlist updates you opted in to.
  • To improve the product, only in aggregate. We do not train any model on your data.

We never sell your data, and we do not use it for advertising.

04

Your API keys (BYOK)

Relay is bring-your-own-key. You give us the keys to your Anthropic, OpenAI or other LLM provider and we proxy your traffic through to them. Specifically:

  • Keys are encrypted with AES-256-GCM at rest, using an envelope key held in Cloudflare Workers Secrets that is inaccessible to operations staff at runtime.
  • Keys are decrypted only inside the edge worker at the moment we need to forward a request. They are never written to logs.
  • You can rotate or delete a key from the dashboard. Deletion is immediate and irreversible.
  • We are not your contracting party with the upstream provider — their charges land on your bill, on their card.
05

Sharing & sub-processors

We share the minimum data required with the following sub-processors, each under a written data-processing agreement:

  • Cloudflare — edge compute, KV storage and DDoS protection.
  • Supabase — Postgres database for account and request-metadata storage.
  • Paddle — payments and tax-compliant invoicing.
  • Resend — transactional and waitlist email delivery.
  • Your chosen LLM provider (Anthropic, OpenAI, etc.) — your prompts pass through us to them so they can return a response. Their privacy policy then applies to that hop.

We may disclose data when legally compelled (a valid court order or equivalent), and we will tell you when we're allowed to.

06

Security

  • TLS 1.3 for all data in transit.
  • AES-256-GCM encryption at rest for provider keys.
  • Strict separation of logs (Supabase Postgres) from secrets (Cloudflare Workers Secrets / KV).
  • Hardware-key MFA mandatory for all team members with admin access.
  • Audit logging of every access to your account, keys or request history.

No system is unbreakable. If we discover a breach affecting your data, we will notify you and the relevant regulator within 72 hours of confirming it.

07

Retention

  • Account data — kept while your account is active, deleted within 30 days of closure.
  • Request metadata — kept for 90 days for billing, debugging and abuse-detection, then anonymised and aggregated.
  • Waitlist email — kept until you ask us to remove it or until 12 months after the product launches, whichever comes first.
  • Backups — encrypted, kept for 30 days on a rolling window.
08

Your rights

Wherever you live, we honour the rights granted to EU/UK residents under GDPR and to California residents under CCPA. That means you can:

  • Access a copy of the data we hold about you.
  • Correct anything that's wrong.
  • Have your data erased (subject to legal retention duties).
  • Export your data in a portable format.
  • Restrict or object to specific processing.
  • Lodge a complaint with your local data-protection authority.

Request anything from this list at privacy@relay.dev. We'll verify you are the account holder and act within 30 days.

09

International transfers

Relay runs on Cloudflare's global edge — your data is processed in the region geographically closest to you. Storage is centralised in the EU. Where we transfer personal data outside the EEA or UK, we rely on Standard Contractual Clauses approved by the European Commission.

10

Cookies

The marketing site sets only first-party cookies that are strictly necessary (e.g. session, CSRF). We use privacy-respecting product analytics that do not place cross-site tracking cookies. No advertising cookies, ever.

11

Children

Relay is not directed at children. We do not knowingly collect data from anyone under 16. If you believe a minor has signed up, write to privacy@relay.dev and we will delete the account.

12

Changes to this policy

We may update this policy as the product evolves. Material changes are announced by email to account holders and via a banner on the dashboard at least 14 days before they take effect. The “last updated” date at the top reflects the current version.

13

Contact

Questions, complaints, requests: privacy@relay.dev.