Relayna logo Relayna

Privacy Policy

Last updated: April 1, 2026

1. Introduction

Relayna ("we", "us", "our") operates relayna.app, an agent-native human-in-the-loop review platform. This Privacy Policy explains what information we collect when you use our service, how we use it, and the choices available to you. By accessing or using Relayna, you agree to the practices described in this policy.

2. Information We Collect

We collect information necessary to provide and improve the Relayna service. This includes:

  • Account data — your email address and a secure hash of your password when you register with email and password, or your email address from your Google profile when you sign in with Google.
  • API keys — we store a hashed representation of any API keys you generate. The plaintext key is shown only once at creation and is never stored.
  • Uploaded assets — files and data you submit via the API as part of a review checkpoint. These are stored encrypted at rest and are subject to the TTL you configure.
  • Review session data — titles, instructions, reviewer decisions, decision notes, and associated timestamps for each review checkpoint you create.
  • Webhook configuration — the per-checkpoint callback URLs you configure to receive decision notifications, and (if you use the webhook inspector) the body, headers, and originating IP address of webhook requests we receive on your behalf, retained for inspection.
  • Usage logs — API request metadata including endpoints called, response codes, and originating IP addresses, used for security monitoring and abuse prevention.

3. How We Use Your Information

We use the information we collect solely to operate and improve the Relayna platform. Specifically, we use it to:

  • Authenticate your account and authorise API access.
  • Store, serve, and expire the assets and checkpoints you create.
  • Process review sessions and record decisions made by reviewers.
  • Deliver webhook notifications to the callback URLs you have configured.
  • Detect, investigate, and prevent abuse, fraud, and unauthorised access.
  • Analyse aggregate usage patterns to improve platform reliability and features.

We do not sell your data to third parties or use it for advertising purposes.

4. Magic Link Reviewers

Reviewers access review sessions through single-use magic links that you or your AI agent share with them. No account is created for reviewers and no login is required. When a reviewer submits a decision, we record their decision, any notes they provide, and the timestamp of submission. Reviewers may optionally enter their name and email address before submitting — if provided, these are stored alongside the decision record and are visible to the account holder. No reviewer information is collected beyond what the reviewer voluntarily enters. Reviewer sessions are scoped to the specific checkpoint they were invited to review and carry no persistent identity across sessions.

5. Data Storage and Security

Assets uploaded to Relayna are stored in Cloudflare R2, which encrypts objects at rest by default. Review links and assets expire automatically according to the TTL (time-to-live) value you specify when creating a checkpoint — after expiry, links become inaccessible and assets are scheduled for deletion. We employ standard security practices including TLS in transit, hashed credential storage, and access controls to protect your data against unauthorised access or disclosure.

6. Data Retention

Assets are deleted on or shortly after their configured TTL expires. Review session metadata — including decisions and timestamps — is retained as part of your account history until you delete your account or request deletion of specific records. Account data, including your email, name, and API key records, is retained for as long as your account is active. Upon account deletion, your data is removed within 30 days. You may request deletion of specific records or your entire account at any time by contacting us at [email protected] or through your account settings.

7. Third-Party Services

When a reviewer submits a decision, Relayna delivers a webhook payload to the callback URL you have configured. These payloads include the decision, reviewer notes, and timestamps. You are solely responsible for how your systems handle and store the data contained in webhook payloads. We use Stripe to process payments — your payment details are handled directly by Stripe and are not stored on Relayna's servers. We also rely on standard cloud infrastructure providers for hosting and storage. These providers operate under their own privacy policies and may process your data in data centres outside your jurisdiction.

8. Your Rights

You have the right to access, correct, or delete the personal data we hold about you at any time. You can update your account information directly from your account settings, or contact us at [email protected] to request a copy of your data or its deletion. Users in the EU, EEA, and UK have additional rights under applicable data protection law, including the right to object to processing, the right to data portability, and the right to lodge a complaint with your local supervisory authority. We will respond to all verified requests within 30 days.

9. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes — those that meaningfully affect how we collect or use your data — we will notify registered account holders by email prior to the change taking effect. The updated policy will also be published on this page with a revised "Last updated" date. Your continued use of Relayna after receiving notice of a material change constitutes your acceptance of the updated policy.

10. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us at [email protected]. We take privacy inquiries seriously and will respond promptly.