1. Who we are

RelayOne is a product of Good Ventures, the venture studio that operates the portfolio at goodventures.ca. The data controller is the Good Ventures legal entity registered in British Columbia, Canada. Contact: [email protected].

2. What we collect

Account data. Name, work email, organization. Provided by Clerk during sign-up. Used to authenticate you, scope your data, and send service notifications.
Usage telemetry. Anonymous page views, feature interactions on the marketing site. We use the data to improve the product. We do not sell it.
Gateway audit data. For Pro and Enterprise customers, RelayOne records every AI request that traverses your gateway, including metadata, policy decisions, signed receipts. This data is yours; we are a processor under your DPA.
Form submissions. The contact and walkthrough request forms collect name, email, and message. Stored for response correspondence.

We do not collect customer prompt content unless explicitly enabled by your administrator for debug purposes; payload inspection is opt-in per workspace and clearly indicated in the dashboard.

3. How we use it

Authenticate users (Clerk, our identity provider)
Operate the gateway and produce evidence bundles you request
Bill you (Pro tier) or invoice you (Enterprise) accurately
Detect abuse and protect platform integrity
Respond to your inquiries

4. Retention

Marketing site analytics are kept 24 months, then aggregated. Account data is kept for the lifetime of your subscription plus 90 days for billing reconciliation. Gateway audit data is governed by your subscription's retention setting (default seven years for regulated tenants, configurable). Form submissions are kept three years.

5. Sub-processors

We use a small number of sub-processors to operate the service. Current list: Clerk (identity), Google Cloud Platform (compute and storage in your selected region), Resend (transactional email). The full sub-processor list with regions is available under NDA during procurement; we notify customers of any addition with 30 days' notice.

6. Your rights

If you are in the EU, UK, or California: you have the right to access, correct, delete, restrict, port, and object to processing of your personal data. Email [email protected] with the subject "Privacy request" and we acknowledge within 72 hours. We act within 30 days. Right-to-erasure is supported in-product on the Pro and Enterprise tiers.

7. International transfers

If you choose to deploy in a region other than your data subject's region, the transfer is governed by Standard Contractual Clauses (SCCs) or, where applicable, adequacy decisions. Sovereign deployments stay inside your jurisdiction by configuration; we do not move data out.

8. Cookies and tracking

The marketing site uses essential cookies for the Clerk session and a privacy-friendly analytics cookie. We do not run third-party advertising trackers.

9. Changes

We may update this policy. Material changes are posted on the changelog and announced to the registered admin email. The "last updated" date at the top reflects the most recent revision.

10. Contact

Questions about this policy: [email protected]. Security disclosures: see /security. Acceptable use: see /policy.