Privacy Policy

To provide our cross-AI context synchronization features, we collect the following types of information:

Account & Authentication Data: When you sign in with Google, we receive your name, email address, and profile picture via Google OAuth. We securely handle authentication tokens but do not store your Google password.

Website Content: When the Relay Chrome extension is active, connected, and capture is explicitly enabled by you, we capture and store the full text content of your AI chat sessions on supported platforms (ChatGPT, Claude, Gemini, Grok, Codex, Perplexity, and DeepSeek). This includes your messages, the AI's responses, and associated HTML markup from the chat interface. Relay uses this website content only to provide the product's project-memory and context-sync features.

Derived Data: Relay processes your captured chats to generate project summaries, decisions, open tasks, constraints, and session digests. These derived items are stored alongside your original chat content.

Project Data: Project names, descriptions, objectives, and configurations you create within Relay.

Extension Data: Relay Chrome extension 0.6.0 collects and stores only the extension data needed to connect your browser to your Relay account: device tokens, connection status, capture state, and extension preferences. This data is stored locally in your browser via Chrome storage APIs and, where needed, on Relay servers to authenticate the extension connection.

Ask Relay Messages and Files: When you use Ask Relay, we collect the messages, instructions, and files you choose to submit so Relay can answer your request. Uploaded files and source documents may include their file name, type, content, and extracted text.

Browser Page Data Accessed by the Extension: The extension can read the URL, title, visible page text, and relevant chat interface markup on supported AI chat websites only when capture is enabled. We do not collect browsing history, bookmarks, keystrokes, passwords, payment information, or content from unsupported websites.

Usage & Analytics Data: We collect privacy-respecting analytics to understand how you interact with the Service and to improve it. This includes: page views and navigation paths; feature usage events (e.g., project creation, extension connection, MCP tool calls, digest generation); session and activation milestones; error events and exception traces; browser type, OS, and approximate geographic region (country-level); and extension version. Analytics are collected via PostHog and are associated with a randomly generated anonymous ID until you sign in, at which point they are linked to your user account. Analytics tracking is enabled by default across the web dashboard, browser extension, and MCP server. To opt out or request deletion of your analytics data, contact support@onrelay.app.

Chrome Extension Permissions: The Relay Chrome extension requests only the permissions it needs, each tied directly to the single purpose of syncing your project context across AI chats. We prominently disclose this data collection here and in the Chrome Web Store listing, and capture only begins after you explicitly enable it:

• storage: stores your device connection token, connection status, capture on/off state, and extension preferences locally in your browser. No chat content is kept in extension storage.
• tabs: identifies which supported AI chat tab is active so capture targets the correct conversation.
• activeTab: reads the current tab's URL, title, and visible chat content — only on supported AI chat sites and only when you have enabled capture.
• sidePanel: renders the Relay side panel interface.
• identity: signs you in and links the extension to your Relay account via Google OAuth.
• scripting: injects the content script that extracts chat turns on supported AI chat sites.
• alarms: schedules one low-frequency background timer (every 2 minutes) so Relay can refresh your project context in the side panel after Chrome suspends the extension service worker. When the alarm fires, Relay may fetch updated project state for the active supported AI tab from your Relay account over HTTPS. If the local cache is still fresh, no network request is made. The alarm does not read new page content, track browsing history, or collect data beyond what is already described for tabs and activeTab when capture is enabled.
• contextMenus: provides the right-click "Save to Relay" action for text you select.
• audioCapture (optional): enables the voice-input button in the Relay side panel so you can dictate notes or chat messages instead of typing. Microphone access is requested only when you tap the mic button, transcribed locally / via your AI provider, and never stored as audio. The permission is optional — declining it disables the mic button and nothing else.
• optional audioCapture: accesses microphone audio only after you choose voice input in Ask Relay. Relay does not store or send raw microphone audio to Relay servers. Chrome's browser-provided speech recognition may process the audio to return dictated text.
• Host access to AI chat sites (ChatGPT, Claude, Gemini, Grok, Codex, Perplexity, DeepSeek): reads conversation content on those sites only while capture is enabled. Host access to onrelay.app domains is used solely to communicate with the Relay backend, and the analytics host is used only to send privacy-respecting usage events (never chat content).

We use the data we collect exclusively for the core functionality of the Relay service:

• Maintaining project canon (stable truth) and context packets from your chat history and MCP interactions
• Generating tentative updates that may be promoted to canon after review or automatic confidence checks — you can lock any canon entry to prevent automatic changes
• Enabling context insertion into new AI chat sessions
• Displaying your project dashboard, activity feed, and saved context
• Demoting or archiving raw memory items once they are covered by canon or summary snapshots — demoted items are retained for provenance and historical queries, not deleted
• Authenticating your identity and managing your session
• Improving service reliability and diagnosing failures
• Answering Ask Relay messages and processing files or source documents you explicitly submit

Relay handles captured chat content as user-controlled project memory. The extension sends captured content to Relay over HTTPS only after you enable capture for a supported AI chat session. Relay processes that content to extract summaries, decisions, tasks, and constraints for your projects, and then displays or returns that context to you through the dashboard, extension, and MCP tools.

Relay does not allow humans to read your captured chat content or derived project memory except when you explicitly ask us to review specific data for support, when access is necessary for security or abuse investigation, when access is required to comply with applicable law, or when the data has been aggregated or anonymized for internal operations.

We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

We take data protection seriously and implement robust measures to secure your information:

Storage Location: Account, project, captured chat, derived memory, and billing records are stored in a Neon PostgreSQL database with encryption at rest and in transit. Uploaded source documents and Ask Relay attachments are stored as encrypted objects in Cloudflare R2 or another S3-compatible object-storage service.

Local Storage: Certain data, such as your immediate extension state and local preferences, is stored locally on your device within Chrome's storage mechanisms.

Extension Content Storage: Captured chat transcripts and derived project memory are stored in Relay's server-side database so they can sync across your Relay account. The extension does not store captured chat transcripts permanently in Chrome storage.

Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard protocols (HTTPS/TLS). We use secure session management via httpOnly cookies and scoped device tokens for extension authentication.

We do not sell your personal data or chat content to third parties. We share data only as needed to provide Relay, comply with law, or protect the Service. The parties that may receive user data are:

• Vercel: hosts Relay's web application and API and therefore processes requests, account identifiers, submitted content, IP addresses, and operational logs needed to deliver and secure the Service.
• Neon and Neon Auth: store Relay account, authentication, project, captured chat, derived memory, extension-token, and billing records.
• Google Gemini API / Google AI: receives the portions of captured chat content, project context, Ask Relay messages, submitted files or extracted text, and instructions needed to generate answers, summaries, embeddings, classifications, and other user-requested Relay features. When you choose voice input, Chrome's browser-provided speech-recognition service may also send microphone audio to Google to return dictated text; Relay does not store the raw audio.
• Cloudflare R2 or configured S3-compatible object storage: stores encrypted source documents and Ask Relay attachments that you upload.
• PostHog: receives product-usage events, error traces, account or anonymous analytics identifiers, browser and operating-system metadata, approximate country-level location, and extension version for analytics and error tracking. PostHog does not receive captured chat content, Ask Relay messages, uploaded files, or AI responses.
• Google OAuth: processes sign-in requests and provides your name, email address, and profile picture when you choose Google sign-in.
• Polar: receives your Relay account identifier, name, email address, selected plan, and subscription metadata when you start or manage a paid subscription. Payment details are handled by Polar and its payment processor, not stored by Relay.
• Resend: receives your email address and the transactional email content and delivery metadata needed when Relay sends account, verification, billing, or service emails.
• Legal authorities or a successor: we may disclose data when required by applicable law or to protect against fraud, abuse, or security threats. Data would be transferred as part of a merger, acquisition, or sale only after obtaining any consent required by applicable policy or law.

Captured chat content, project memory, Ask Relay messages, and uploaded files are not shared with analytics, billing, or email providers. They are shared only with the infrastructure, storage, and AI-processing providers described above as needed to deliver the feature you requested.

We are not responsible for the privacy practices of the AI tools you use (such as ChatGPT, Claude, Gemini, Grok, Codex, Perplexity, and DeepSeek). We recommend reviewing their respective privacy policies.

Relay's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

• We do not use or transfer your data for serving personalized, retargeted, or interest-based advertisements.
• We do not use or transfer your data to determine creditworthiness or for lending purposes.
• We only use the data to provide or improve our single-purpose features.

For the Chrome Web Store privacy disclosure, Relay may collect the following categories when you use the extension: personally identifiable information (name, email address, and profile picture for account sign-in), authentication information (session and device tokens), website content (supported AI chat text and relevant chat markup), personal communications and user-generated content (Ask Relay messages, selected text, and files you submit), optional microphone access for voice input handled by Chrome's speech-recognition service, user activity and analytics events (feature usage, errors, browser type, operating system, approximate country-level region, and extension version), and extension settings (connection state, capture preferences, project selection, and enabled platforms).

Relay's use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Depending on your location (e.g., under GDPR or CCPA), you have the right to:

• Access: Request a copy of the personal data we hold about you (also available via the dashboard and project detail pages).
• Delete: Delete any individual item from your dashboard at any time. To delete all data tied to your Relay account, use Settings → Account → Delete account in the dashboard, or email support@onrelay.app from the address tied to your account. Account-wide deletions are processed within 7 days; analytics events held by PostHog are deleted on the same request.
• Revoke Access: Disconnect the Chrome extension at any time, which stops all data capture immediately.
• Opt Out of Analytics: Contact us to opt out of analytics tracking or to request deletion of your analytics data held by PostHog.

To exercise any of these rights, contact us at support@onrelay.app. We will respond to your request within 30 days.