Privacy Policy
Last updated: 6 June 2026
This Privacy Policy explains how Relayn ("Relayn", "we", "us" or "our") collects, uses, shares, and protects personal data. We are committed to processing personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR").
1. Introduction & Scope
Relayn is an AI support bot for Discord communities. It automatically answers community members’ questions using (a) knowledge that our customers upload (documents, files, and URLs) and (b) self-learning derived from moderators’ answers in Discord chat. We also operate a web dashboard where customers sign in, connect Discord servers, upload knowledge, manage the bot, review interactions, and manage their team.
This Policy applies to personal data processed through:
- our marketing website and blog at relayn.io;
- our customer dashboard at app.relayn.io; and
- the Relayn bot operating inside Discord servers connected by our customers.
Relayn is currently offered as a free, beta-stage project. No payments are processed at this time. Paid plans (Free, Pro, and Team) are planned for the future, and separate billing terms will apply when billing launches.
2. Who We Are (Data Controller)
Relayn is currently run as a beta-stage project and does not yet have a registered legal entity. A formal legal entity that will act as the data controller is in the process of being established. Until that entity is registered, the operator of Relayn acts as the controller of the personal data described in this Policy.
Where a formal controller identity is required, it will be:
- Controller: [LEGAL ENTITY — to be registered]
- Registered address: [REGISTERED ADDRESS — to be confirmed]
For any privacy-related questions or to exercise your rights, contact us at legal@mail.relayn.io.
3. The Data We Collect
We collect and process the following categories of personal data:
- Account data: your email address, a hashed password, and — where you sign in with Discord — your Discord OAuth profile, including your Discord user ID, username, avatar, email, list of guilds/servers, and roles.
- Workspace and bot configuration: connected Discord server IDs, channels, and trusted roles you configure for the bot.
- Knowledge data: documents, files, and URLs uploaded by customers. This content may contain personal data; the customer is responsible as the controller of any personal data they choose to upload (see Section 5).
- Interaction data: questions asked by community members, answers generated by the bot, moderator answers used for self-learning, and message metadata such as author IDs, timestamps, and channel information.
- Usage and device data: analytics events, cookies, IP address, and browser/device information.
4. How and Why We Use Your Data (Legal Bases)
Under the GDPR, we must have a lawful basis for each processing purpose. The table below maps our purposes to their legal bases.
| Purpose | Data used | Legal basis |
|---|---|---|
| Creating and managing your account; authenticating you via email or Discord OAuth | Account data, Discord OAuth profile | Performance of a contract (Art. 6(1)(b)) |
| Operating the bot, generating answers, and self-learning from moderator answers | Workspace config, knowledge data, interaction data | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional and service notification emails | Account data (email) | Performance of a contract (Art. 6(1)(b)) |
| Securing our services, preventing abuse and protecting our sign-in forms, and improving and maintaining the product | Usage and device data, IP address | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications and non-essential cookies/analytics | Usage and device data, cookies | Consent (Art. 6(1)(a)) |
| Complying with legal obligations and responding to lawful requests | Any relevant data | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we balance those interests against your rights and freedoms. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
5. Discord Data Specifics
Relayn operates on the Discord platform, and Discord data is central to the service.
- Discord OAuth login: when you sign in with Discord, we receive the OAuth scopes needed to identify you and connect your servers — typically your Discord user ID, username, avatar, email, and the list of guilds you belong to, along with relevant roles.
- Bot-collected message data: inside connected servers, the bot processes questions from community members, answers provided by moderators, and message metadata (author IDs, timestamps, and channel) in order to generate answers and to self-learn.
- Customer-vs-Relayn roles: for personal data contained in uploaded knowledge and in community members’ messages within a customer’s server, the customer acts as the controller and Relayn acts as a processor on the customer’s behalf. For account data of the customers who sign in to our dashboard, Relayn is the controller.
Discord’s own processing of your data is governed by Discord’s privacy policy, which we do not control.
6. AI Processing
To generate answers and power self-learning, Relayn sends relevant content to a third-party AI/ML provider. The content sent may include community members’ questions, uploaded knowledge, and moderators’ answers.
This content is sent so that the AI models can generate relevant responses for your community and improve the quality of future answers through self-learning. The AI provider acts as a processor in respect of this content and uses it only to provide the service to us. The specific provider we use is listed in the Sub-processors section below (Section 7). This processing may take place outside the European Economic Area (see Section 8).
7. Sub-processors & Third Parties
Throughout this Policy we describe our providers by category (for example, AI/ML, analytics, email). This section is the authoritative, named list of the sub-processors we currently use. Each processes personal data only as needed to provide its service to us, and we keep this list up to date as our providers change.
| Provider | Purpose | Data involved |
|---|---|---|
| AI model API (Gemini/Gemma) for generating answers; Google reCAPTCHA for bot/abuse protection | Interaction and knowledge data, usage and device data, cookies | |
| PostHog (EU) | Product analytics, session recordings, feature flags and surveys for the landing site and dashboard. Hosted in the EU. Used only with your consent on the landing. | Usage and device data, cookies |
| Resend | Transactional and notification emails | Account data (email) |
| Sentry | Error and crash monitoring | Usage and device data, diagnostic data |
| Sanity | CMS powering blog and landing content | Content data (generally no customer personal data) |
| Discord | Platform on which Relayn operates: OAuth login and the bot running inside customers’ servers | Discord user data, interaction data |
For transparency, we also operate self-hosted infrastructure that supports the service and is not a third-party processor: ChromaDB (vector database), Redis, and Celery.
8. International Data Transfers
Our servers and database are hosted in Kazakhstan, and some processing (including AI processing by Google) may take place outside the European Economic Area. Kazakhstan is not covered by an EU adequacy decision, which means that personal data of EU users is transferred to a country that the European Commission has not recognised as providing an adequate level of data protection.
Where we transfer personal data outside the EEA to a country without an adequacy decision, we rely on appropriate safeguards to protect your data, such as the European Commission’s Standard Contractual Clauses (SCCs) or equivalent mechanisms, supplemented by additional technical and organisational measures where appropriate.
In practice, this means we use sub-processors that offer SCCs and/or other recognised transfer mechanisms in their data processing terms, and we are working to formalise these safeguards as Relayn moves out of beta. You may request more information about the safeguards we apply by contacting us at legal@mail.relayn.io.
9. Cookies & Tracking
We use cookies and similar technologies. Essential cookies are necessary to operate the service and keep you signed in. Non-essential cookies — including those set by a third-party analytics provider for usage analytics — are used only with your consent.
We also use a third-party bot-protection service (CAPTCHA) on our sign-in forms to protect against bots and abuse; it may set cookies and collect device information. The specific analytics and bot-protection providers are named in the Sub-processors section (Section 7). You can manage non-essential cookies through your browser settings and any consent controls we provide.
10. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy:
- Account, workspace, knowledge, and interaction data are retained for as long as your account or workspace is active.
- When you delete your account or a workspace, the associated data is deleted or anonymised within 30 days, except where we must retain it to comply with a legal obligation or to establish, exercise, or defend legal claims.
- Analytics and diagnostic data are retained for up to 90 days.
11. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. These include encryption of credentials (passwords are stored hashed), access controls, secure authentication, and monitoring. No method of transmission or storage is completely secure, but we work to protect your data and to address any vulnerabilities promptly.
12. Your GDPR Rights
Subject to the conditions set out in the GDPR, you have the following rights:
- Access — to obtain confirmation of, and a copy of, the personal data we hold about you.
- Rectification — to have inaccurate or incomplete data corrected.
- Erasure — to have your personal data deleted in certain circumstances.
- Restriction — to restrict our processing in certain circumstances.
- Portability — to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
- Objection — to object to processing based on legitimate interests or for direct marketing.
- Withdraw consent — to withdraw any consent you have given, at any time.
- Complain — to lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us at legal@mail.relayn.io. You also have the right to lodge a complaint with your local data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.
13. Children
Relayn is intended for users aged 13 and over, aligned with Discord’s Terms of Service. For minors in the EU who are below the applicable digital-consent age (which ranges from 13 to 16 depending on the member state), processing based on consent requires the consent of a parent or legal guardian. If we become aware that we have collected personal data from a child without the required consent, we will take steps to delete it.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the service or by email. We encourage you to review this Policy periodically.
15. Contact
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at legal@mail.relayn.io. A formal legal entity acting as data controller — [LEGAL ENTITY — to be registered] — is being established and its details will be added here once registration is complete.