Privacy policy.

• Account data. Email address, optional name, WebAuthn public credentials, IP address + user agent for active sessions, agent token hashes (SHA-256; we never store plaintext).
• Integration metadata. Tenant slug, domain, webhook URL, HMAC signing secret (stored encrypted at rest via AES-256-GCM), product catalog entries, billing subscription state.
• Signup ledger. For each signup an agent dispatches: provider slug, input fields, resulting account id + API key (encrypted), and the audit event. Third-party API keys pass through Relay exactly once and are not persisted.
• Agent inbox.Inbound emails addressed to a user's Relay alias are stored in full (headers + plain-text body) so the agent can read and extract verification codes. Retained 90 days.
• Billing data. Stripe customer id, subscription state, per-action quota counters, per-action overage invoice items. We do NOT store card numbers — Stripe holds those directly.

• Deliver the service: authenticate requests, dispatch signups, route inbound email.
• Bill integrators for billable actions and per-action overage.
• Detect abuse: per-user monthly action counter, audit log.
• Contact account owners for operational and billing notices.
• Investigate security incidents.

We do not sell personal data. We do not use it to train AI models.

• Neon — managed Postgres hosting (data at rest).
• Vercel — application hosting + edge network (compute, logs).
• Resend — outbound transactional email (verification codes, receipts).
• SendGrid — inbound email parsing (the agent inbox).
• Stripe — subscription and overage billing; stores card numbers.
• Sentry — error and performance monitoring.

• Account records — while the account is open. Deleted within 30 days of closure.
• Audit log — 12 months from event timestamp.
• Inbound emails — 90 days.
• Session records — until expiration or revocation.
• Billing records — 7 years for tax and accounting compliance.