Skip to main content
AgenticRelay

Data Deletion & Data Rights

Effective: March 12, 2026 — Last updated: March 15, 2026

1. Overview

SoundsWire LLC (“we”, “us”, or “our”) operates AgenticRelay, the AI agents platform available at agenticrelay.app (the “Service”). This page explains how to delete your account and all data associated with it, how WhatsApp / Meta data is removed, and how you can exercise your data-subject rights under the EU and UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

This page supplements our Privacy Policy. Where this page and the Privacy Policy differ on a specific procedure for deletion or rights requests, this page controls for that procedure.

2. What Personal Data We Hold

Before deleting your account it helps to understand what we store. Depending on how you use the Service, we may hold the following categories of personal data:

  • Account profile — your name, email address, avatar, and the Google OAuth identifier if you signed in with Google
  • Workspace and organization data — workspace names, membership, roles, and settings
  • Agent and RAG configurations — your AI agent definitions, retrieval-augmented-generation (RAG) index settings, and the knowledge-base documents you upload
  • Conversation content — chat history generated through the Service, including WhatsApp messages and anonymous website-widget visitor conversations
  • Connected channels — connected WhatsApp business numbers and their access tokens, which are stored encrypted
  • Billing data — your Stripe customer identifier, plan, and usage / credit balances; we never store full card numbers
  • Audit logs and activity feed — records of significant actions taken in your workspace
  • API keys — keys you create or supply, stored encrypted
  • IP addresses — used transiently for rate limiting and abuse prevention

3. Deleting Your AgenticRelay Account In-App

You can delete your entire AgenticRelayaccount, and all data associated with it, directly from within the application. This action performs a GDPR-style erasure (a “right to be forgotten” request under Article 17 GDPR) and is permanent.

3.1 How to start the deletion

  1. Sign in to your account at agenticrelay.app
  2. Open Settings
  3. Locate the account deletion section and confirm the request

3.2 Cancel paid subscriptions first

Account deletion is blocked while you have an active paid subscription. You must cancel any active paid subscriptions before the deletion can proceed. This ensures billing is settled and prevents accidental loss of access while you are still being charged. Once your paid subscriptions are cancelled, you can complete the deletion.

3.3 What is erased

When you confirm deletion, we run an automated erasure process. For each workspace you own, we:

  • Cancel any related Stripe subscriptions
  • Purge external-store data tied to the workspace, including vector embeddings (Vectorize), knowledge-base chunk text (D1), uploaded files (R2 object storage), and stateful chat session state (Durable Objects)
  • Cascade-delete the workspace's records in our primary database, which removes agents, RAG indexes, uploaded documents, conversations, connected channels and their encrypted tokens, API keys, audit logs, and activity-feed entries

We then delete your account profile (name, email, avatar, and Google OAuth identifier). In summary, the erasure removes your profile, your owned workspaces, your agents and RAGs, your uploaded documents and their embeddings, your conversations, your connected channels and stored tokens, and finally cascades the remaining personal records.

Deletion is irreversible. We cannot recover your data after erasure completes, so please export anything you wish to keep beforehand (see Section 8).

4. WhatsApp / Meta Data Deletion

AgenticRelay can connect to the WhatsApp Business Cloud API provided by Meta Platforms, Inc. so that a business can run an AI agent on its WhatsApp number. The sections below explain how WhatsApp-related data is removed.

4.1 Disconnecting a WhatsApp number

When a workspace owner or administrator disconnects a WhatsApp business number from the Service, we delete the encrypted access token we held for that number. After disconnection we can no longer send or receive messages on that number. Conversation history already stored in the workspace is governed by the retention rules in Section 6 and is fully removed when the workspace or account is deleted (Section 3) or when the workspace owner deletes those conversations.

4.2 End users who messaged a business on WhatsApp

If you are an individual who exchanged WhatsApp messages with a business that uses AgenticRelay, that business (the workspace owner) is the controller of your conversation data and decides how it is used and retained. To have your data removed:

  • Contact the business directly. The workspace owner can delete the specific conversation, disconnect the number, or delete the workspace, each of which removes the associated WhatsApp data from the Service.
  • Contact us. If you are unable to reach the business, email us at legal@agenticrelay.app with enough detail to identify the conversation (for example, the WhatsApp number you messaged and the approximate dates). As a processor acting on behalf of the business, we will work with the relevant workspace owner to action your request and will respond within the timeline described in Section 5.

5. Requesting Deletion by Email

If you cannot use the in-app flow, or you are an end user who interacted with a business on the Service, you can request deletion by email. Send your request to legal@agenticrelay.app and include:

  • The email address associated with your account, if you have one
  • A clear statement that you want your personal data deleted
  • Enough information for us to locate the relevant data (for example, the relevant WhatsApp number or workspace)

We may need to verify your identity before acting on a deletion request, to protect your data from unauthorized requests. We will acknowledge your request and complete it within 30 days, or within the period required by applicable law. If a request is complex or we receive a high volume of requests, we may extend this period as permitted by law and will notify you of any extension.

6. Retention and What May Be Kept

We retain personal data only as long as necessary for the purpose it was collected, or as required by law. Even outside of an account deletion, several categories are purged automatically:

Data CategoryRetention PeriodNotes
Anonymous widget / visitor conversations90 daysAutomatically purged after 90 days
Soft-deleted agents90 daysPermanently purged 90 days after soft deletion
Audit logs~90 days live, then 6 years archivedKept ~90 days in the primary database, archived to encrypted object storage for a total of 6 years, then deleted
Purchased credits1 year from purchaseExpire 1 year after purchase and are non-refundable
IP addressesTransientUsed only momentarily for rate limiting and abuse prevention

After you delete your account, we erase your personal data as described in Section 3. However, we may retain a limited subset of data where we have a legal obligation or legitimate need to do so, specifically:

  • Billing, tax, and accounting records — retained to comply with tax and financial-reporting obligations. These records do not include full card numbers and are held by our payment processor, Stripe, and in our financial records.
  • Audit and security records — retained for fraud prevention, security investigation, and to establish, exercise, or defend legal claims, then deleted in line with the retention periods above (audit-log archives are kept for a total of 6 years).

Any retained data is limited to what is strictly necessary, kept secure, and deleted once the applicable legal or business purpose has been fulfilled.

7. Subprocessors

We use a small set of vetted third parties (subprocessors) to operate the Service. When you delete your account, data we hold with these subprocessors on your behalf is removed as part of the erasure described in Section 3, subject to the legal retention noted in Section 6. Our subprocessors are:

  • Cloudflare, Inc. — hosting and edge compute (Workers), R2 object storage, D1, KV, Vectorize vector embeddings, Hyperdrive, and Workers AI, served over a global edge network
  • Neon — managed PostgreSQL, our primary application database
  • Stripe — payment processing; we never store full card numbers
  • OpenAI, Anthropic, and Google — large-language-model inference. Customer content is sent to these providers to generate responses; your documents and data are not used to train their models. You may also supply your own provider API keys.
  • Google — OAuth sign-in
  • Meta Platforms, Inc. — WhatsApp Business Cloud API for the WhatsApp channel
  • Sentry — error and performance monitoring
  • PostHog — product analytics, loaded only after you grant cookie consent
  • Transactional email provider — delivery of account and notification emails

8. Your Other Data Rights

Deletion is one of several rights you have over your personal data. Depending on where you live, you may also have the right to:

EEA / UK users (GDPR / UK GDPR)

  • Right to access your personal data (Article 15)
  • Right to rectification of inaccurate data (Article 16)
  • Right to erasure / “right to be forgotten” (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object to processing (Article 21)
  • Right to withdraw consent at any time without affecting prior lawful processing

California users (CCPA / CPRA)

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
  • Right to non-discrimination for exercising your rights

Lawful bases for processing

For users in the EEA and the UK, our processing relies on one or more of the following lawful bases: contract performance (to provide the Service you signed up for), legitimate interests (to operate, secure, and improve the Service), legal obligation (for example, tax and fraud prevention), and consent (for non-essential cookies and marketing, where required).

How to exercise these rights

You can access, correct, and export much of your account data directly from Settings in the application, and you can delete your account in-app as described in Section 3. For any right that is not self-service, email us at legal@agenticrelay.app. We will respond within 30 days, or within the period required by applicable law. Exercising your rights is free of charge and will not result in any discriminatory treatment.

If you are in the EEA or the UK, you also have the right to lodge a complaint with your local data protection supervisory authority.

9. International Data Transfers

SoundsWire LLCoperates globally. Your data is processed on Cloudflare's global edge network, and our primary database (Neon) and object storage are located in the United States (AWS US East / Ohio, us-east-2).

When we transfer data from the EEA or UK to the United States, we rely on appropriate safeguards, including the EU-US Data Privacy Framework where a subprocessor participates in it, Standard Contractual Clauses (the 2021 SCCs under Implementing Decision 2021/914), and the UK International Data Transfer Agreement for transfers from the United Kingdom. You may request a copy of the applicable transfer safeguards by emailing legal@agenticrelay.app.

10. Data Security

We protect your data with industry-standard technical and organizational measures, including:

  • AES-256-GCM envelope encryption for secrets at rest, including WhatsApp access tokens and API keys
  • Encryption in transit over TLS / HTTPS
  • Strict per-workspace data isolation
  • Rate limiting to mitigate abuse
  • HMAC-signed verification of inbound webhooks

No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us immediately at support@agenticrelay.app.

11. Cookies

The Service uses a small number of cookies. You can clear them at any time through your browser settings:

  • Authentication / session cookie — essential, set by Better Auth to keep you signed in; the Service cannot function without it
  • Locale cookie (NEXT_LOCALE) — functional, remembers your language preference
  • Consent-preference cookie (ar_cookie_consent) — stores your cookie consent choice
  • Analytics cookies (PostHog) — load only after you grant consent and are removed when you withdraw it

12. Children's Privacy

The Service is not directed to children under 16 years of age (or 13 in jurisdictions where that age applies). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at legal@agenticrelay.app and we will promptly delete such information.

13. Changes to This Page

We may update these data-deletion and data-rights instructions from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we will provide additional notice as required by applicable law. Your continued use of the Service after the effective date constitutes acceptance of the revised instructions.

14. Contact Us

If you have questions about deleting your data or exercising your rights, please contact us:

SoundsWire LLC

Privacy / Legal: legal@agenticrelay.app

General support: support@agenticrelay.app

Website: agenticrelay.app