Last updated: May 5, 2026
RelayInstant ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
At a glance: Conversation messages are encrypted at rest and automatically deleted within 48 hours. Conversations are encrypted on our end and are not stored or accessed by any third party. Access tokens for the apps you connect (Google Sheets, QuickBooks, ClickUp, Monday, Salesforce, etc.) are stored encrypted at rest, used only to perform the actions you request, and deleted when you disconnect. To make the assistant smarter about your own data (e.g. recognizing "the electric company" as your usual vendor), we may cache short labels and identifiers of records you already have in your connected platforms — encrypted, capped at 48 hours, and deleted the moment you disconnect that platform. You can request immediate deletion of all your data at any time by emailing web@relayinstant.com.
When you create an account or use our service, we may collect the following personal information:
We automatically collect certain information when you access our service, including:
When you connect third-party platforms (such as Rent Manager, QuickBooks, Google Sheets, Google Calendar, ClickUp, Monday, or Salesforce), we collect the credentials and access tokens needed to interact with those platforms on your behalf. We do not store your financial records, transaction details, or business data beyond what is necessary to process your requests in real time.
We may also request basic identity information from those platforms — typically the email address or username of the account you authorized — for three reasons: (1) to display a "Connected as ___" label on your dashboard so you can confirm the right account is linked, (2) to prevent the same external account from being connected twice within the same organization, and (3) to associate the credentials with the correct user inside your organization. We do not request more than this for identity purposes.
If you join an organization on RelayInstant, the Team Account Owner controls which integrations you may connect or be assigned access to. Each member authorizes their own platform connections individually — the Owner does not see or use your platform tokens, and you do not see or use theirs unless they explicitly assign their connection to you. To prevent the same external account from being connected by two different members, the email address or username associated with each member's connection may be shown to other members of the same organization (for example, in a "this account is already connected by Jane" notice during setup). You may disconnect any connection you authorized at any time from your dashboard. The Team Account Owner may revoke your permission to connect or use a particular integration, which will also disconnect any credentials you authorized for that integration.
We use the information we collect to:
When you send a message or voice note to RelayInstant via WhatsApp:
As an alternative to WhatsApp, you may also reach RelayInstant by SMS text message or by phone call to our published number. This channel works the same way: you contact us first with a request, and we reply with the assistant's answer by text or by voice on the same call. We never send you an SMS or call you unless you have messaged or called us first — there are no marketing, promotional, or unsolicited messages. We identify your account from the mobile number you already verified for WhatsApp, so no separate sign-up is required; SMS and voice requests are processed, retained, and deleted under the same 48-hour, encrypted-at-rest policy described above.
Your mobile information is never shared with third parties or affiliates for marketing or promotional purposes. The only third parties involved are the service providers needed to operate the assistant (our messaging/telephony carrier, our AI provider for transcription and responses), who process the data solely to deliver your reply. You can stop messages at any time by replying STOP, and reply HELP for assistance. You may also disconnect at any time and we will send you nothing further. Message and data rates may apply.
RelayInstant uses AI to interpret your messages and decide which action to take on your connected platforms. These are not solely-automated decisions that produce legal or similarly significant effects on you within the meaning of GDPR Article 22 — every action is taken in response to your instruction, and you are responsible for reviewing the confirmations the assistant returns. If you believe an automated action affected you significantly, you may contact us to request human review.
When you connect Google Sheets or Google Calendar to RelayInstant, we use Google OAuth to access only the data needed to perform the actions you request via WhatsApp — for example, creating a calendar event or adding a row to a spreadsheet. We request the minimum scopes required for these features and we store your Google access tokens encrypted at rest. You can disconnect Google at any time from your dashboard or at https://myaccount.google.com/permissions.
RelayInstant's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, we do not sell it, and we do not allow humans to read it except with your consent, for security or legal compliance, or in aggregated and anonymized form for internal operations.
We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:
All communication between your browser and RelayInstant is protected using SSL/TLS encryption (HTTPS). This means that every piece of data you send or receive — including login credentials, account information, and service requests — is encrypted in transit and cannot be intercepted by third parties. Our SSL/TLS certificates are maintained and renewed continuously to ensure uninterrupted protection.
In addition to transport-layer encryption, we implement the following security measures:
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required by GDPR, and we will notify affected users without undue delay where required by applicable law.
RelayInstant follows a data-minimization approach: we keep the smallest amount of data for the shortest amount of time needed to make the assistant work well for you.
A short rolling history lets the assistant correctly handle natural follow-ups such as "actually, change that to next Tuesday" or "delete the last row I added." We chose 48 hours as a balance between usability and minimizing exposure: even in the unlikely event of a key compromise, only the most recent two days of traffic could be affected. Once a row passes the 48-hour mark it is hard-deleted; because the encryption key never lives next to the data, deleted rows are effectively unrecoverable (a practice known as crypto-shredding).
We send your messages to a third-party AI provider to generate responses. We do not enable any data-retention features that would have the provider store your conversations on their side beyond what is required for delivering the response, and your messages are not used to train AI models. Specific contractual terms with our AI provider are governed by a Data Processing Agreement.
You don't have to wait for the 48-hour timer. You can request immediate deletion of all your data at any time by emailing web@relayinstant.com — see Section 10 for details on what gets deleted.
Note: an earlier version of this policy described a "zero-retention" model. To support natural follow-up messages we now retain a 48-hour, encrypted, auto-expiring window of conversation history as described above. The substance of the privacy guarantee — that your message content is not used to train AI, not sold, and is held only as long as strictly needed — remains unchanged.
RelayInstant is operated from the United States, and our service providers (including our cloud database, AI provider, messaging API, and email delivery vendor) may process data in the United States or other countries. If you access the Service from outside the United States — including from the European Economic Area, the United Kingdom, Switzerland, India, or other jurisdictions — your information will be transferred to and processed in countries that may not provide the same level of data protection as your home country.
Where we transfer personal data out of the EEA, UK, or Switzerland, we implement appropriate safeguards consistent with applicable data protection laws. You may request information about the safeguards we use by emailing web@relayinstant.com.
Our optional session-replay feature (described in Section 11 and Section 15) is provided by a subprocessor that operates two regional clouds: one in the United States and one in the European Union. If you indicate from your account dashboard that you are located in the European Economic Area, the United Kingdom, or Switzerland, your session-replay data is routed to the EU-region cloud and is stored within the EU. If you do not opt in, no session-replay data is captured at all.
RelayInstant is committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Depending on your location, you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at web@relayinstant.com. We will respond to your request within 30 days.
Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on the following legal bases to process your personal data:
You also have the right to lodge a complaint with your local data protection authority. In the EU, you can find your authority at https://edpb.europa.eu/about-edpb/board/members_en; in the UK, the Information Commissioner's Office at https://ico.org.uk.
You have the right to request the deletion of your personal data at any time. When you request data deletion, we will:
To request data deletion, email us at web@relayinstant.com with the subject line "Data Deletion Request." Please include the email address or phone number associated with your account so we can locate your records. We will process your request and confirm deletion within 30 days — typically much sooner.
You may also delete your account directly from your account dashboard, which will automatically initiate the removal of all associated data.
To deliver our Service, we work with trusted third-party providers in the following categories. Each provider processes data on our behalf and is subject to contractual obligations regarding data protection:
For a detailed list of our current service providers, you may contact us at web@relayinstant.com. Business customers who require a named sub-processor list for their own compliance reviews may request one by emailing the same address.
This section applies to consumers who are residents of the State of Washington and is provided in accordance with Washington's My Health My Data Act (RCW 19.373).
RelayInstant is a general-purpose business assistant. The Service is not designed or intended to collect, process, share, or sell "consumer health data" as defined under the My Health My Data Act, and our Terms & Conditions prohibit users from transmitting health information (including Protected Health Information) through the Service. We do not knowingly collect consumer health data, we do not sell consumer health data, and we do not share it with third parties for advertising or profiling purposes.
If you are a Washington resident, you have the right to:
To exercise any of these rights, email us at web@relayinstant.com with the subject line "Washington Consumer Health Data Request." We will respond within the timeframes required by Washington law. If we deny your request, you may appeal by replying to our response, and you may also file a complaint with the Washington State Attorney General at https://www.atg.wa.gov/file-complaint.
This section applies to consumers who are residents of California and supplements the rights described elsewhere in this policy.
Categories of personal information we collect. In the past 12 months we have collected the categories described in Section 1: identifiers (name, email, phone number, IP address), commercial information (business name), internet/network activity (usage logs), and authentication credentials.
Sources. Directly from you, automatically when you use the Service, and from connected platforms when you authorize them.
Purposes. As described in Section 2.
Sale or sharing of personal information. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We have not done so in the preceding 12 months.
Sensitive personal information. We do not use or disclose sensitive personal information for purposes that would trigger the right to limit under CPRA.
Your California rights. You have the right to know, delete, correct, and limit the use of sensitive personal information, and the right to be free from discrimination for exercising these rights. To exercise any of these rights, email web@relayinstant.com. We may need to verify your identity before responding. You may also designate an authorized agent to make a request on your behalf.
Financial incentives. We do not offer financial incentives in exchange for personal information.
If you are a resident of India, the Digital Personal Data Protection Act, 2023 ("DPDP Act") gives you the right to access, correct, complete, update, and erase your personal data, the right to nominate another person to exercise your rights, and the right of grievance redressal.
Grievance Officer. Questions, requests, or complaints regarding the processing of your personal data may be addressed to our Grievance Officer at web@relayinstant.com, with the subject line "DPDP Grievance — India." We will acknowledge your communication promptly and respond within the timeframes required by Indian law. If your grievance is not resolved to your satisfaction, you may escalate it to the Data Protection Board of India.
Cross-border transfers. Personal data of users in India may be transferred to and processed in the United States and other countries where our service providers operate. We will comply with any restrictions on cross-border transfers that the Government of India may issue under the DPDP Act.
We use only strictly necessary cookies required to keep you logged in, maintain your session, and protect against cross-site request forgery. We do not use cookies for advertising, cross-site tracking, or analytics fingerprinting. Because these cookies are necessary for the Service to function, no consent banner is required under EU/UK rules; however, you can clear cookies from your browser at any time, which will sign you out.
Session replay (opt-in only). If you turn on session replay from your account dashboard (Section 11), our session-replay subprocessor will set a small amount of local storage in your browser so it can group your interactions into a single replayable session and remember that you have consented. This storage is only created after you explicitly opt in, is never set otherwise, and is removed when you opt out from the same dashboard control or clear your browser storage.
Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
If you have any questions or concerns about this Privacy Policy, please contact us: