Privacy Policy

Last updated: April 10, 2026

What We Collect

Account data: Name, email address, and password hash when you register.

Usage data: Connection counts, message volumes, API request counts, and channel activity — aggregated per app, per day.

Payment data: Processed by Stripe. We store your Stripe customer ID but never your card number.

Technical data: IP addresses, user agent strings, and timestamps in server logs. Retained for 30 days.

How We Use It

• To provide and operate the Service
• To enforce plan limits and billing
• To monitor and improve performance
• To communicate with you about your account
• To comply with legal obligations

What We Don't Do

• We don't sell your data
• We don't read the content of your realtime messages
• We don't use your data for advertising
• We don't share data with third parties except as needed to operate (Stripe for payments, infrastructure providers for hosting)

Data Retention

• Messages: Transient by default. Cache channels retain the last event. Message history is kept per your plan's retention period (1–90 days), then automatically purged.
• Usage records: Retained for 1 year.
• Activity logs: Retained for 90 days.
• Webhook delivery logs: Retained for 30 days.
• Account data: Retained until you delete your account, then purged within 30 days.

Your Rights

You can:

• Access your data via the dashboard and API
• Export your app configurations and usage data
• Delete your account and all associated data
• Correct your profile information at any time

Security

• API secrets are encrypted at rest
• App tokens are stored as SHA-256 hashes
• All dashboard access requires authentication
• WebSocket connections support TLS

Cookies

We use session cookies for authentication. No tracking cookies, no analytics cookies.

Changes

We may update this policy. We'll notify you of material changes via email.

Contact

Privacy questions? Email privacy@relay.dev.