Relay
Sign inGet started

Relay Privacy Policy

Effective date: June 1, 2026
Last updated: June 1, 2026

Relay, LLC (“Relay”, “we”, “us”, or “our”) respects your privacy. This Privacy Policy describes the information we collect when you use the Relay platform (the “Service”), how we use and share it, and the rights you have over it.

By using the Service, you consent to the practices described here. If you do not agree, do not use the Service.

1. Who this policy applies to

This Privacy Policy applies to all users of the Service, including:

  • General Contractors (GCs) and Project Managers (PMs) who hold paid subscriptions.
  • Subcontractors and Foremen (Subs) who access the Service through a free, one-time-passcode (OTP) sign-in tied to an invited email address.
  • Visitors to the Relay website at relayconstruct.com.

2. Information We Collect

2.1 Information you provide directly

  • Account information. When you sign up as a GC or PM, we collect your name, email address, password (stored only in hashed form), and any company or profile details you choose to add.
  • Sub/Foreman OTP records. When you access the Service as a Sub or Foreman, we record the email address you were invited under, the OTP codes sent to you, and the session cookie issued when you sign in. We do not store passwords for Sub or Foreman accounts.
  • Project Content. Any project data, activity descriptions, dates, schedules, change requests, completion confirmations, replies, notes, or files you submit through the Service.
  • Communications. Email correspondence with our support team, invitations sent to your subs or PMs, and notification preferences.

2.2 Information collected automatically

  • Usage data. We log events such as sign-ins, project actions, approvals, and feature interactions for the purpose of operating and improving the Service.
  • Device and connection data. IP address, browser type, operating system, time zone, referring URL, and similar technical information.
  • Cookies and similar technologies. We use a small number of essential cookies to keep you signed in and to remember your preferences. See Section 7 for details.

2.3 Information collected from third parties

  • Payment information. Payments are processed by Stripe, Inc. We do not see, store, or process your full credit card number. We receive limited information from Stripe such as your customer ID, last four digits of your card, subscription status, and billing history.
  • Email delivery data. Our email provider (Resend) reports delivery, open, and bounce events that help us diagnose deliverability issues.

2.4 Information we do not collect

We do not knowingly collect:

  • Social Security numbers, driver’s license numbers, or government IDs.
  • Health information, biometric information, or precise geolocation data.
  • Information from children under the age of 18 (see Section 11).

3. How We Use Your Information

We use the information described above for the following purposes:

  • Provide the Service. Create and maintain your account, display project schedules, send invitations, deliver notifications, process approvals, and operate the cascade engine.
  • Process payments. Through Stripe, manage subscriptions, billing, receipts, and renewals.
  • Communicate with you. Send transactional emails (OTP codes, invite notifications, account confirmations, billing receipts), respond to support requests, and notify you of material changes to the Service.
  • Secure the Service. Detect and prevent fraud, abuse, unauthorized access, or violations of our Terms of Service.
  • Improve the Service. Analyze usage trends, fix bugs, develop new features, and measure the effectiveness of the platform. Where we use aggregated or anonymized data for this purpose, it cannot be linked back to you.
  • Comply with legal obligations. Respond to lawful requests, enforce our terms, and protect our rights and the rights of others.

We do not sell your personal information.
We do not use your project content to train artificial-intelligence models or to advertise to you.

4. How Information Is Shared Within the Service

Relay is designed around a chain of authority. By using the Service, you authorize the following sharing:

  • GC → PM → Sub flow. A GC’s project content (activities, dates, notes) is visible to PMs and Subs invited to that project, scoped to what they have been assigned.
  • PM → Foreman flow. When a PM creates sub-activities, the content of those sub-activities is visible to the foremen assigned and to the GC who owns the parent project.
  • Sub/Foreman view. A Sub or Foreman sees only the specific activity they were invited to — no other project content.
  • Suggestions and approvals. A schedule change suggestion is visible to the User who can approve it (a GC for top-level activities, a PM for sub-activities), along with any reply or note attached.

You are responsible for choosing what information to enter and whom to invite. Once you invite someone, they will have access to the information described above within their scope.

5. Third-Party Service Providers

We rely on a small set of trusted vendors (“Service Providers”) to operate the Service. These providers process information only on our behalf and under contractual confidentiality and security obligations.

ProviderPurposeData they process
SupabaseHosted Postgres database, authentication, file storageAccount data, project content, OTP records, session tokens
StripeSubscription billing and paymentsName, email, payment method, billing address, subscription status
ResendTransactional email deliveryRecipient email, message content, delivery/bounce events
VercelApplication hosting and content deliveryIP address, request logs, deployed application code

A change in our Service Providers will not, by itself, change the categories of information we collect. We will update this list as needed when a material change occurs.

6. Other Sharing of Information

We may share your information outside of the chain-of-authority sharing described in Section 4 only as follows:

  • With your consent. When you direct us to share information with a third party.
  • For legal reasons. When required by law, subpoena, court order, or other legal process; to enforce our terms; to investigate fraud or security incidents; or to protect the rights, property, or safety of Relay, our users, or the public.
  • In a business transfer. If Relay is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

We do not rent, trade, or sell your personal information to third parties for their own marketing purposes.

7. Cookies and Similar Technologies

We use a minimal set of cookies that are strictly necessary to operate the Service:

  • Authentication cookies — Keep you signed in as you move between pages of the application.
  • Session cookies for Sub/Foreman OTP sign-in — Maintain a Sub or Foreman’s authenticated session after they enter their OTP code.
  • Preference cookies — Remember small UI choices (e.g., expanded vs. collapsed panels).

We do not currently use cookies for advertising or third-party tracking. If we add analytics or marketing cookies in the future, we will update this policy and provide a cookie banner where required by law.

You can disable cookies in your browser settings, but doing so may make parts of the Service unusable (for example, you may not be able to stay signed in).

8. Data Retention

We retain your information for as long as your account is active and as needed to provide the Service. After account deletion:

  • Account and project content is deleted within a reasonable wind-down period (typically 30 to 90 days), except where retention is required by law (for example, financial records for tax purposes) or for the establishment, exercise, or defense of legal claims.
  • Billing records managed by Stripe are retained according to Stripe’s policies and applicable financial-reporting laws.
  • Aggregated or anonymized data that cannot be linked back to you may be retained indefinitely for analytics purposes.

You may export your project data (CSV and PDF) at any time before deleting your account.

9. Security

We take the security of your information seriously and use industry-standard safeguards, including:

  • Row-level security (RLS). Every database table that stores user data is protected by RLS policies that prevent users from accessing rows they are not authorized to see, even at the database level.
  • Encryption in transit. All connections to relayconstruct.com use TLS (HTTPS).
  • Encryption at rest. Data is stored on infrastructure that encrypts storage at rest by default (Supabase / Postgres).
  • Authentication. Passwords are hashed using industry-standard algorithms; Sub and Foreman accounts use OTP-only sign-in (no passwords stored).
  • Limited access. Only authorized personnel can access production systems, and access is logged.
  • SOC 2-aligned infrastructure. Our hosting providers (Supabase and Vercel) operate SOC 2-compliant data centers.

No system is perfectly secure. While we work hard to protect your information, we cannot guarantee its absolute security. If we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

10. Your Rights and Choices

10.1 Account controls

You can:

  • Access and update your account information at any time through your account settings.
  • Export your data in CSV or PDF format from any project.
  • Cancel your subscription through the Stripe customer portal.
  • Delete your account by contacting support@relayconstruct.com.

10.2 California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect, the sources of that information, the purposes for which it is collected, and the categories of third parties with whom it is shared (this Privacy Policy provides that disclosure).
  • Request a copy of your personal information.
  • Request deletion of your personal information.
  • Correct inaccurate personal information.
  • Opt out of any “sale” or “sharing” of personal information for targeted advertising — we do not sell or share personal information for targeted advertising.
  • Be free from discrimination for exercising your privacy rights.

To exercise these rights, email support@relayconstruct.com from the address associated with your account. We may need to verify your identity before responding.

10.3 European Economic Area / United Kingdom (GDPR / UK GDPR)

If you are in the EEA, UK, or Switzerland, you have the following rights with respect to your personal data:

  • Right of access, rectification, erasure, restriction, portability, and objection to processing.
  • Right to withdraw consent at any time, where processing is based on consent.
  • Right to lodge a complaint with your local data-protection authority.

Our legal bases for processing are: (a) performance of a contract (to provide the Service); (b) legitimate interests (to operate, secure, and improve the Service); (c) consent (where you have provided it); and (d) legal obligation (where applicable).

To exercise these rights, contact support@relayconstruct.com.

10.4 International transfers

Relay is based in the United States, and our Service Providers may store or process your data in the United States or other countries. By using the Service, you understand that your information may be transferred to and processed in jurisdictions that may have different data-protection laws from your own.

11. Children’s Privacy

The Service is not directed to children under the age of 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us at support@relayconstruct.com and we will take steps to delete it.

12. Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. There is no consistent industry standard for how to respond to DNT signals, and we do not currently respond to them. We treat your privacy consistently regardless of any DNT setting.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice (for example, by email to your account address or by a prominent notice in the Service) before the changes take effect. The “Last updated” date at the top of this policy indicates when it was last revised. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

Relay, LLC
Email: support@relayconstruct.com
Website: relayconstruct.com

This Privacy Policy is incorporated into, and forms part of, the Relay Terms of Service.