Privacy policy

This is a working draft. A finalized privacy policy will be in place before Relay onboards its first paying customer. The notes below describe our current intent.

What we collect

• Your name and work email (to sign in via magic link)
• Your primary clinical role and the workspaces you belong to
• Content you create as an admin — cards, polls, calendar events, attachments
• Server logs (IP, request path, status) for security + reliability

What we don't collect

• Protected Health Information (PHI). Relay is not a clinical record system.
• Behavioral analytics — we do not run third-party trackers or ad pixels.
• Marketing profiles. Your contact info is not shared with marketing tools.

Where data lives

Relay stores data in US-based managed cloud infrastructure. Encryption at rest and in transit; daily encrypted backups; no cross-region replication unless explicitly requested.

How long we keep it

For as long as your organization is using Relay. On cancellation, your data is exportable for 30 days, then permanently deleted from our active systems and from backups within 90 days.

Contact

Privacy questions: privacy@relaysurface.com.