Relay

Legal

Privacy Policy

Last updated: May 27, 2026

1. Who We Are

Relay is a product of Phleroma Ltd, a company registered in the Republic of Ghana. We operate the Relay platform at getrelaytech.com — a multi-tenant SaaS platform that enables businesses to sell products and services via WhatsApp using AI-powered automation.

For privacy-related inquiries, contact us at privacy@getrelaytech.com.

2. Data We Collect

Business Owners & Staff

  • Full name, email address, and business name
  • Billing information (processed by Paystack — we do not store card or mobile money details)
  • WhatsApp Business phone number and access credentials (stored AES-256-GCM encrypted at rest)
  • Product catalog, service listings, pricing, and inventory data
  • Feature usage logs and API call records for billing and platform health

WhatsApp Customers (End Users)

  • WhatsApp phone number (as provided by Meta via webhook)
  • Messages sent to and received from the business's WhatsApp number
  • Order history, booking history, and shopping cart activity
  • Delivery address and contact details provided during checkout
  • Conversation metadata (session state, intent tags)

Automatically Collected

  • Server logs (IP addresses, request timestamps, error events)
  • Platform analytics (feature usage, AI cost tracking — anonymised and aggregated)

3. How We Use Your Data

  • To provide the Relay service — processing orders, bookings, and payments on your behalf
  • To operate the AI assistant pipeline (see Section 4)
  • To send transactional notifications via WhatsApp and email
  • To generate sales analytics and business insights for business owners
  • To process subscription billing through Paystack
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations under Ghanaian law

We do not sell your data to third parties. We do not use your data for advertising or for training AI models.

4. AI Processing Disclosure

Relay uses AI models to power the WhatsApp sales assistant. Customer messages are processed by these models in order to generate responses on behalf of the business:

  • Moonshot AI (Kimi K2)— primary model for all customer text and image conversations. Processes message content alongside the business's product catalog context to generate responses.
  • Google Gemini — processes audio and video messages (which Kimi does not support), and powers admin features such as product description generation and AI demand analytics.
  • Google Gemini Embeddings — used to generate semantic product search embeddings stored in our database to improve product discovery accuracy.

Message content is transmitted to these providers solely to generate responses. Under the API terms of both Moonshot AI and Google, your messages are not used to train AI models.

Message content is strictly scoped to the tenant (business) that owns the conversation. A customer's messages with Business A are never accessible to Business B.

AI responses are sent automatically and are not reviewed by Relay staff before dispatch. Businesses are responsible for monitoring and testing AI behaviour. See our Terms of Service Section 9 for the full AI disclaimer.

5. Multi-Tenant Data Isolation

Relay is a multi-tenant platform. Every database query is scoped to a tenantId derived from the authenticated business account — never from user-supplied input.

This means your business data (products, orders, customers, conversations) is logically isolated from all other businesses on the platform. No other business can access your data, and you cannot access theirs.

6. Third-Party Services

We share data with the following third parties only to the extent necessary to provide the service:

ProviderPurposeData Shared
Meta (WhatsApp)Message deliveryMessage content, phone numbers
PaystackPayment processing (PCI-DSS compliant)Email, order amount, customer phone
Moonshot AI (Kimi)AI response generation for text/image messagesCustomer messages, product catalog context
Google (Gemini)AI media processing, embeddings & analyticsAudio/video messages, product names for embeddings
Hetzner CloudServer infrastructure & file storageAll platform data (hosted on our server)
ResendTransactional emailBusiness owner email address

7. Data Retention

  • Active accounts: Data retained for the duration of the subscription plus 30 days after cancellation to allow data export
  • Conversation history: Retained for 12 months from the date of the conversation by default
  • Payment records: Retained for 7 years to comply with Ghanaian financial regulations
  • Server logs: Retained for 90 days, then automatically deleted

After account deletion, all personal data is permanently removed from our systems within 30 days, except where retention is required by law (e.g. financial records).

8. Your Rights

Under Ghana's Data Protection Act 2012 (Act 843), you have the right to:

  • Access — request a copy of all data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your account and associated data
  • Portability — export your business data (products, orders, customers) in a machine-readable format
  • Objection — object to processing for specific purposes

To exercise any of these rights, email privacy@getrelaytech.com. We will respond within 30 days.

9. WhatsApp Business Platform Compliance

  • We comply with Meta's WhatsApp Business Platform Policies
  • Businesses on Relay are responsible for obtaining appropriate consent from their WhatsApp customers before messaging them, as required by applicable law
  • End customers can opt out of automated messages at any time by replying STOP to any message. Businesses must honour opt-out requests immediately
  • We do not initiate unsolicited marketing messages to end customers
  • Customer message data is only processed to provide the WhatsApp assistant service for the specific business the customer has contacted

10. Security

We take data security seriously. Key measures we have in place include:

  • WhatsApp access tokens stored with AES-256-GCM encryption at rest
  • All webhook payloads verified with HMAC-SHA512 signatures before processing
  • API keys stored as bcrypt hashes — never in plaintext
  • TLS encryption for all data in transit
  • JWT access tokens with 15-minute expiry and secure HttpOnly refresh cookies
  • Payment processing fully delegated to Paystack (PCI-DSS compliant) — we store no card data

In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of the breach, in accordance with Ghanaian data protection law.

11. Governing Law

This Privacy Policy is governed by the laws of the Republic of Ghana, including the Data Protection Act, 2012 (Act 843). Any disputes shall be subject to the exclusive jurisdiction of the courts of Accra, Ghana.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered business owners of material changes via email at least 14 days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions or to exercise your data rights:

Email: privacy@getrelaytech.com

Company: Phleroma Ltd, Accra, Ghana

Ready to Transform Your Business?

Join hundreds of entrepreneurs using Relay to grow their businesses on WhatsApp — across Africa and beyond.

No credit card required · Cancel anytime