Privacy Policy

Last updated: 29 May 2026

This Privacy Policy explains what data Relay ("we", "us") collects, why, and what choices you have. It applies to the Relay desktop app and related services (the "Service"). We aim to collect as little as we need to run Relay.

1. What we collect

Account information

• Username — how you and your friends identify each other.
• Email address — for verification, security, and account-related messages. You must verify it to create or host servers.
• Password — stored only as a salted hash; we never store your password in plain text and can't see it.

Server and world data

• World data and plugins you and your group upload, stored in cloud object storage so hosting can pass between members.
• Server metadata — server names, membership, roles, invites, and which member is currently hosting.

Operational data

• Basic logs needed to operate and secure the Service (for example, timestamps and error information). We keep these for as long as needed for security and troubleshooting.
• Storage usage totals, so we can enforce plan limits.

We do not sell your data, and we don't use it for advertising.

2. How we use your data

• To operate the Service — store and sync worlds, manage servers, and hand hosting between members.
• To verify your email and secure your account.
• To send important account or Service notices.
• To enforce storage limits and these terms, and to prevent abuse.
• To diagnose problems and improve reliability.

3. Service providers

We use a small number of third parties to run Relay, including:

• Cloud object storage to hold world and plugin data.
• An email provider to send verification and account emails.
• Hosting/tunnel infrastructure used to connect players to a host's server.

These providers process data only to provide their service to us. If and when paid plans launch, a payment processor (such as Stripe) will handle payment details — we would not store your full card information ourselves.

4. Your choices and rights

• Access & deletion — you can delete your account from the app at any time, which removes your account data. Depending on where you live (for example, under GDPR or CCPA), you may have rights to access, correct, or delete your personal data, and to object to certain processing.
• Email — account and security emails are necessary to use the Service, so they aren't optional, but we keep them to a minimum.
• World data — server admins control their group's worlds and can remove them.

To make a request, contact us through the project page below.

5. Data retention

We keep your data while your account is active. When you delete your account, we remove your account data and associated world storage, except where we need to keep limited records for legal, security, or fraud-prevention reasons. Backups may persist for a short period before being overwritten.

6. Security

We use reasonable technical and organisational measures to protect your data, including hashed passwords and access controls. No system is perfectly secure, so we can't guarantee absolute security, but we work to protect your information and to limit what we collect.

7. Children

Relay isn't directed at children under 13, and we don't knowingly collect data from them. If you believe a child under 13 has given us personal data, contact us and we'll delete it.

8. International users

Relay may store and process data in countries other than where you live. By using the Service, you understand your data may be transferred to and processed in those locations, which may have different data-protection laws.

9. Changes to this policy

We may update this Privacy Policy from time to time. We'll update the date above and, for material changes, notify you in the app or by email where appropriate.

10. Contact

Questions about your privacy or this policy? Reach us through the project page on GitHub.