Privacy Policy for Relay

1. Information We Collect

We collect information that you provide directly to us, information generated when you use the Service, and information from third-party sources.

A. Information You Provide

• Account Information: When you register, we collect your first name, last name, email address, and password. Your email is used for account verification and service communications. Your first and last name are used to identify your account and may be included in AI system instructions so the AI can address you and call recipients appropriately during calls.
• Call Purpose & Instructions: When you initiate a call, you provide text instructions describing the purpose of your call (e.g., "Schedule a dentist appointment for next week"). This text is transmitted to our AI providers for pre-call validation and is used to guide the AI's behavior during the call.
• Language Selection: You select a call language, which is sent to our AI providers as a transcription language hint and included in system instructions to the AI agent.
• Phone Numbers: You provide the recipient's phone number to place calls. Phone numbers are transmitted to our telephony provider to connect the call but are not sent to AI providers.
• Feedback: Any information you provide when contacting support or sending feedback.

B. Information Generated By Your Use of the Service

• Live Audio Streaming: During a call, your audio is captured and streamed in real time as PCM16 audio chunks (16kHz sample rate) to our AI providers. Audio is never stored as files on your device or our servers — it is streamed and processed in memory only for the duration of the call. Audio is not recorded first and sent later; transmission is continuous and automatic once the call connects.
• Call Transcripts: During the call, our AI providers transcribe the conversation in real time. After the call ends, the full transcript is stored on our servers so you can review your call history. Transcripts may also be sent to OpenAI for post-call summarization and foreign-language translation.
• AI-Generated Summaries: After each call, OpenAI generates a call summary including a title, summary text, bullet points, action items, and key facts. These summaries are stored with your call record.
• Call Metadata: We collect metadata about calls made through our Service, including the phone numbers involved, call duration, time of call, call status (e.g., completed, busy, failed), and language selection.
• Usage Data: We may collect information about how you access and use the Service, such as your device type, operating system version, and interaction logs for debugging and service improvement.

C. Payment & Subscription Information

If you purchase Call Credits or a subscription, your payment information is processed by our third-party payment processors: Apple App Store (for iOS in-app purchases) and RevenueCat, Inc. for subscription management. We do not store your full credit card details on our servers. RevenueCat receives your app user ID and subscription events for subscription state management, but no AI-related or call content data.

D. Information We Do NOT Collect

• Location Data: We do not collect, access, or transmit your device location.
• Device Identifiers: We do not collect or send your device ID, advertising ID, or analytics IDs to AI providers.
• Contacts: We do not access or upload your device contacts.
• Files/Images: The app does not support file uploads of any kind. No files or images are transmitted.
• Call History for AI Context: We do not include your previous call transcripts or history in AI prompts. Each call is treated independently using only the information you provide for that specific call.

2. How We Use Your Information

We use the information we collect exclusively for the following purposes:

• To Provide the AI Calling Service: To initiate calls, stream live audio to AI providers for real-time conversation and translation, transcribe calls, validate call instructions, and generate post-call summaries.
• To Manage Your Account: To maintain your profile, authenticate your identity, manage your Call Credits and subscription, and process account changes.
• To Communicate with You: To send you service updates, security alerts, verification codes, and support messages via email.
• To Improve Our Service: We may use anonymized, aggregated call data to analyze the performance of our AI models and improve their accuracy and helpfulness. This does not include using your personal content for model training (see Section 3).
• To Enforce Policies: To prevent fraud, abuse, and violation of our Terms of Use.

We do NOT sell your personal data. We do not use your personal data for advertising, marketing profiling, or any purpose other than providing and improving the Relay service.

3. Third-Party AI Services & Data Sharing

The core functionality of Relay depends on third-party artificial intelligence (AI) services. Below we disclose exactly which third parties receive your data, what data each receives, why it is sent, and when transmission occurs. All data is transmitted through our backend server — the mobile app never calls AI providers directly.

A. Third-Party AI & Service Providers

B. When Data Is Transmitted

• Pre-Call (before the call is placed): When you tap "Start Call," your call purpose text is sent to OpenAI GPT for instruction validation — checking whether critical information is missing from your call instructions. This happens before the phone call is initiated.
• During the Call (automatically): Once the call connects, your live audio is streamed continuously and in real time to Google Gemini Live (for AI conversation) and OpenAI (for transcription and translation). This happens automatically — no additional button press is required during the call.
• Post-Call (automatically after the call ends): After you hang up, the call transcript is sent to OpenAI GPT for summarization (generating a title, summary, bullet points, action items, and key facts) and for translation if the call was in a language other than English.

C. AI Provider Data Use & Model Training

• Google Vertex AI (Google LLC): Per Google's Vertex AI terms, Google does not use customer data submitted through Vertex AI services for training or improving their foundation models. Google's Data Processing Addendum (DPA) governs data processing and provides the same or equal level of protection as described in this policy.
• OpenAI API (OpenAI, L.P.): Per OpenAI's API data usage policies, OpenAI does not train models on data submitted through their API by business customers. Data submitted via the API may be retained for a maximum of 30 days solely for abuse monitoring purposes. OpenAI's Data Processing Addendum provides the same or equal level of protection as described in this policy.
• We do not use your content to train AI models. Relay does not use your audio, transcripts, or any user content to train our own or third-party AI models.

D. Data Minimization Practices

We minimize the personal data sent to third parties:

• No account IDs or user UUIDs are sent to AI providers.
• No email addresses are sent to AI providers.
• No phone numbers (yours or the recipient's) are sent to AI providers.
• No device identifiers or advertising IDs are sent to any third party.
• No location data is collected or sent.
• No previous call history or transcripts are included in AI prompts.
• Audio is streamed in real time, never stored as files on devices or servers.
• Only your first and last name and selected call language are shared with the AI to enable natural conversation.

4. User Consent & Control

Before your first call, Relay will present a clear in-app consent screen that:

• Explicitly discloses that your call audio and content will be sent to Google (Gemini AI) and OpenAI for real-time translation, transcription, and AI conversation.
• Identifies Google LLC and OpenAI, L.P. by name as the third-party AI providers receiving your data.
• Explains what specific data is shared (live audio, call instructions, transcripts).
• Requires your affirmative consent ("Allow") before any data is transmitted.
• If you choose "Don't Allow," the AI calling feature will be unavailable, as it depends on third-party AI services. Other non-AI features of the app remain accessible.

You can review and change your AI data sharing preference at any time in the app under Settings → Privacy.

Note: There is currently no on-device mode or option to use Relay's AI calling features without transmitting data to third-party AI services. The core functionality inherently depends on Google Gemini Live and OpenAI for real-time conversation, transcription, and translation.

5. Data Retention

We retain different categories of data as follows:

All persistent data is stored in our database. Data is retained for as long as your account is active. You may delete individual calls (including transcripts and summaries) at any time from your call history. When you delete your account, your associated call data, transcripts, and personal information are also deleted.

AI Provider Retention

• Google Vertex AI: Retention and processing are governed by Google's Vertex AI terms and DPA.
• OpenAI API: Data submitted via the API is retained for a maximum of 30 days for abuse monitoring purposes, after which it is deleted.

6. Security

We implement administrative, technical, and physical security measures to protect your personal information:

• Encryption in Transit: All data transmitted between your device, our servers, and third-party providers is encrypted using HTTPS/TLS. Real-time media streaming uses secure WebSocket connections (WSS). We enforce HTTP security headers including Strict-Transport-Security (HSTS), X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection.
• Encryption at Rest: Passwords are hashed using bcrypt. Authentication tokens are stored securely using OS-level encryption (expo-secure-store on device, signed JWTs on server). Audio is never stored at rest — eliminating the attack surface for audio data breaches.
• Access Control: We use JWT-based authentication with token version tracking (invalidates tokens on password reset). Email verification is required for service access. Rate limiting is applied to sensitive endpoints. Users can only access their own call data and transcripts — per-user data isolation is enforced.
• Data Minimization: Audio is streamed and never stored. Active call state in Redis uses TTL-based auto-expiration. No PII is unnecessarily shared with third parties beyond what is required for the service to function.

While we strive to protect your personal information, no electronic transmission or storage is completely secure. We cannot guarantee absolute security.

7. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information promptly.

8. Your Rights & Choices

Depending on your location, you may have the right to:

• Access Your Data: You can view your call history, transcripts, and summaries directly in the app. You may also request a copy of all personal data we hold about you.
• Delete Your Data: You can delete individual calls (including transcripts and summaries) from your call history at any time. Deletion is a hard delete — data is permanently removed from our servers.
• Delete Your Account: You can delete your entire account via Settings → Delete Account in the app. Account deletion removes your profile and associated call data from our servers.
• Control AI Data Sharing: You can review and change your AI data sharing consent at any time in Settings → Privacy. If you withdraw consent, the AI calling feature will be disabled (as it depends on third-party AI services), but other app features remain available.
• Request Correction: You may request correction of inaccurate personal data we hold about you.
• Object to Processing: You may object to certain processing of your personal data, subject to applicable law.

To exercise any of these rights, please contact us at the email address below or through the support section in the app.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Our AI providers — Google LLC and OpenAI, L.P. — are based in the United States and process data on infrastructure located in the United States and globally. Both Google and OpenAI maintain certifications and provide data processing addendums (DPAs) that include Standard Contractual Clauses (SCCs) and other transfer mechanisms to ensure adequate protection for international data transfers in compliance with applicable data protection laws, including GDPR.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and, where appropriate, providing in-app notice. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us at:

Email: info@aicenter.chat

In-App: Navigate to Settings → Contact Support within the Relay app.

You may also reach us by mail. Please contact us via email first for our current mailing address.