Privacy Policy

Last updated: 4 July 2026

This Privacy Policy explains what data Relay collects, why, and what choices you have. It applies to the Relay desktop app and related services (the "Service"). We aim to collect as little as we need to run Relay.

Relay is operated by Relay Server Hosting ("Relay", "we", "us"), the data controller responsible for the personal data described in this policy. You can reach us about privacy at [email protected].

1. What we collect

Account information

Server and world data

Payment information

Operational data

We do not sell your data, and we don't use it for advertising.

2. How we use your data

Legal bases (EEA & UK users)

If you're in the EEA or UK, we rely on these GDPR/UK-GDPR legal bases:

3. Service providers

We use a small number of third parties to run Relay, including:

These providers process data only to provide their service to us, under contracts that require them to protect it and process it solely on our instructions. If you buy an upgrade or extra server, our payment processor handles your card details — we don't store your full card information ourselves. We keep only what's needed to manage your plan, such as your subscription status and the processor's customer/subscription identifiers. We can provide the current list of the specific providers we use on request — email [email protected].

4. Your choices and rights

To make a request, email us at [email protected]. We may need to verify your identity first, and we'll respond within the time the law requires (generally within 30 days under GDPR/UK-GDPR, or 45 days under CCPA/CPRA). You also have the right to complain to your data-protection authority — in the UK the ICO, in the EEA your national supervisory authority — though we'd appreciate the chance to put things right first.

5. Data retention

We keep your data while your account is active. Deleting a server or your account is a 30-day soft-delete: the data (your servers, world storage, friends, and settings) is retained for 30 days and can be recovered during that window, after which it is permanently purged, except where we must keep limited records for legal, security, or fraud-prevention reasons. Backups may persist for a short period before being overwritten. Typical retention periods:

6. Security

We use reasonable technical and organisational measures to protect your data, including hashed passwords and access controls. No system is perfectly secure, so we can't guarantee absolute security, but we work to protect your information and to limit what we collect. If a breach affecting your personal data occurs, we'll notify affected users and any relevant authority where the law requires it, without undue delay.

7. Children

You must be at least 13 — or the higher minimum age of digital consent in your country — to use Relay, and we ask you to confirm this when you sign up. Relay isn't directed at children under 13, and we don't knowingly collect personal data from them. If you're a parent or guardian and believe a child under 13 has given us personal data, contact us at [email protected] and we'll delete it. Because Relay servers are private and invite-only, the group admins who send invites are responsible for who joins their server.

8. International users

Relay may store and process data in countries other than where you live, including the United States. Where we transfer personal data out of the EEA or UK, we rely on an appropriate safeguard — such as the European Commission's Standard Contractual Clauses (with the UK Addendum where relevant), or a transfer to a country covered by an adequacy decision — so your data keeps a comparable level of protection. You can ask us for more detail at [email protected].

9. Your California privacy rights

If you're a California resident, the CCPA/CPRA gives you the right to know what personal information we collect and why, to access and delete it, to correct inaccuracies, and not to be discriminated against for exercising these rights. In the past 12 months we've collected the categories described in "What we collect" — identifiers such as username and email, account credentials stored as a hashed password, the content you upload, commercial information such as your plan and subscription status, and internet/network activity such as logs and connection details — used them for the purposes in "How we use your data", and disclosed them only to the service providers listed in "Service providers". We do not sell or share your personal information as those terms are defined under the CPRA, and we don't process it for cross-context behavioural advertising. To exercise your rights, email [email protected]; you may use an authorised agent, and we'll verify your request before acting on it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We'll update the date above and, for material changes, notify you in the app or by email where appropriate.

11. Contact

Relay is operated by Relay Server Hosting, the data controller. Questions about your privacy or this policy? Email [email protected].