Privacy Policy

Introduction

Void Relay ("we," "our," or "us") operates the Relay email infrastructure platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Relay, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (for authentication and communication)
• Account credentials (encrypted passwords)
• Account creation timestamp

1.2 SMTP Configuration Data

When you configure SMTP servers, we store:

• SMTP server host and port
• SMTP authentication credentials (encrypted)
• Sender email addresses and names
• Configuration metadata (creation date, last updated)

1.3 Email Transmission Data

When you send emails through our API, we process and log:

• Recipient email addresses
• Email subject lines
• Email content (HTML or plain text)
• Timestamps of email sends
• Delivery status (pending, delivered, failed)
• Open and click tracking data (if enabled)

1.4 API Usage Data

We automatically collect:

• API key identifiers (not the keys themselves)
• Request timestamps and endpoints accessed
• IP addresses (for security and rate limiting)
• User agent strings
• Request/response status codes

1.5 Analytics and Cookies

We use minimal analytics to improve our service:

• Page views and navigation patterns (via Umami Analytics)
• Session cookies for authentication
• No third-party advertising cookies

2. How We Use Your Information

We use the collected information for:

• Service Delivery: Processing and sending emails through your configured SMTP servers
• Account Management: Creating and maintaining your account, authentication, and authorization
• Delivery Tracking: Providing logs and analytics about email delivery status
• Security: Detecting and preventing fraud, abuse, and security incidents
• Rate Limiting: Enforcing API usage limits and preventing abuse
• Service Improvement: Analyzing usage patterns to improve our platform
• Communication: Sending service-related notifications and updates
• Legal Compliance: Meeting regulatory requirements and responding to legal requests

3. Data Storage and Security

3.1 Data Storage

Your data is stored:

• In secure databases using industry-standard encryption at rest
• On servers located in secure data centers
• With regular automated backups for disaster recovery

3.2 Security Measures

We implement:

• TLS/SSL encryption for all data in transit
• Encrypted storage of sensitive credentials (passwords, API keys, SMTP credentials)
• Regular security audits and vulnerability assessments
• Access controls and authentication for all administrative functions
• Rate limiting and DDoS protection

3.3 Data Retention

We retain data as follows:

• Email logs: 90 days (configurable by request)
• Account data: Duration of active account plus 30 days after deletion
• API logs: 30 days
• Backup data: 30 days

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data only in these limited circumstances:

• SMTP Providers: Email content is transmitted to your configured SMTP server
• Service Providers: Third-party infrastructure providers (database, hosting) under strict data processing agreements
• Legal Obligations: When required by law, court order, or governmental authority
• Security: To protect our rights, property, safety, or that of our users
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)

5. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing of your data for certain purposes
• Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us through your dashboard or email support.

6. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

10. GDPR and CCPA Compliance

10.1 GDPR (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed about data collection and usage
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making and profiling

10.2 CCPA (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information (we do not sell data)
• Right to access your personal information
• Right to deletion of personal information
• Right to non-discrimination for exercising CCPA rights