Skip to main content
AgenticRelay

Privacy Policy

Effective: March 12, 2026 — Last updated: June 16, 2026

1. Introduction

SoundsWire LLC (“we”, “us”, or “our”) operates AgenticRelay, the platform available at agenticrelay.app (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

For the personal data you submit to AgenticRelay (for example, account details and documents), SoundsWire LLC acts as the data controller. For the content you and your end users generate while operating your AI agents (such as conversation messages and the knowledge base you upload), we generally act as a data processor on your behalf, and you are the controller of that content. This Privacy Policy describes both roles.

By accessing or using the Service you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account profile — name, email address, and avatar, plus your password if you register with email and password
  • Workspace and organization data — workspace names, membership, roles, and team configuration
  • Agent and RAG configurations — the settings, prompts, and behavior you define for your AI agents and retrieval (RAG) indexes
  • Knowledge base documents — files and text you upload so your agents can retrieve and answer from them
  • Connected channel credentials — the WhatsApp business phone numbers you connect and their access tokens, and any provider API keys you supply (BYOK). These secrets are stored encrypted (see Section 10)
  • Billing details — your Stripe customer identifier, selected plan, and usage/credit balances. Payments are processed by Stripe; we never store full card numbers
  • Communications you send to us (support requests, feedback)

2.2 Content Processed Through the Service

  • Conversation content — messages exchanged with your agents, including WhatsApp messages routed through your connected numbers and anonymous conversations from visitors to your embedded website chat widget
  • Retrieved context — vector embeddings and text chunks derived from your knowledge base documents and used to ground agent responses
  • Audit logs and activity feed — records of significant actions taken in your workspace, used for security, accountability, and troubleshooting

2.3 Information Collected Automatically

  • IP address — used transiently to enforce rate limiting and prevent abuse; it is not retained as part of a long-term browsing profile
  • Log and request data: browser type and version, pages visited, timestamps, and referring URLs, processed at the edge for security and performance
  • Usage data: features used, queries processed, API call counts, and error logs
  • Cookies and similar technologies (see Section 9)

2.4 Information from Third Parties

  • OAuth profile data (name, email, and a Google account identifier) when you sign in with Google
  • Payment and fraud-prevention signals from Stripe
  • Inbound message metadata from Meta's WhatsApp Business Cloud API for the WhatsApp numbers you connect

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Create and manage your account
  • Process payments and manage subscriptions
  • Send transactional communications (account confirmations, invoices, security alerts)
  • Respond to support requests and inquiries
  • Enforce our Terms of Use and detect abuse, fraud, or security incidents
  • Comply with applicable laws and legal obligations
  • Send product updates or marketing communications (with your consent where required by law)
  • Perform analytics and improve the user experience (with your consent)

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal Bases for Processing (EEA / UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data under the General Data Protection Regulation (GDPR) and UK GDPR are:

  • Contract performance — to provide the Service you have signed up for
  • Legitimate interests — to operate, improve, and secure the Service, and to communicate with you
  • Legal obligation — to comply with applicable laws (e.g., tax, fraud prevention)
  • Consent — for marketing communications and non-essential cookies, where required

5. How We Share Your Information

We do not sell your personal data. We share it only with the service providers (sub-processors) that help us operate the Service, and only as needed for the purposes below. Each sub-processor is bound by a Data Processing Agreement compliant with GDPR Article 28. Our authoritative, up-to-date sub-processor list — including the data each one processes and its location — is published at agenticrelay.app/subprocessors.

  • Infrastructure and hostingCloudflare, Inc. provides application hosting (Workers), our global edge network and DDoS protection, object storage (R2) for uploaded files, SQLite (D1) for rate-limit counters, vector search (Vectorize) for embeddings, KV cache, queues, Durable Objects for chat session state, Hyperdrive database connection pooling, and Workers AI inference. Cloudflare may process HTTP request data (IP address, user agent, referrer, request path) for network security and performance. Cloudflare's privacy policy: cloudflare.com/privacypolicy.
  • Primary databaseNeon, Inc. hosts our managed PostgreSQL database, which stores accounts, workspaces, agent and RAG configuration, billing and usage records, conversation metadata, and audit logs.
  • PaymentsStripe, Inc.processes all payment transactions. We do not store full card numbers; Stripe is PCI-DSS Level 1 certified. Stripe's privacy policy: stripe.com/privacy.
  • AI model providersOpenAI, Anthropic, Google, Mistral AI, Cohere, xAI, and Cloudflare Workers AI provide the model inference that powers your agents. When you use an AI feature, the content of that request — the prompt, retrieved knowledge base context, and tool inputs for that turn — is sent to the provider that serves the model you selected. As detailed below, your content is never used to train these providers' models.
  • WhatsApp channelMeta Platforms, Inc. operates the WhatsApp Business Cloud API used to send and receive messages on the WhatsApp numbers you connect (see Section 7).
  • Sign-inGoogle provides OAuth sign-in if you choose to log in with your Google account.
  • Error and performance monitoringSentry receives error and performance traces. Personal data in stack traces is scrubbed before transmission where technically feasible.
  • Product analyticsPostHog, Inc. collects pseudonymous product-usage events within the app to help us improve the Service, and Google LLC provides Google Analytics for aggregate traffic measurement on our marketing website (distinct from the in-app PostHog analytics). Analytics are gated behind cookie consent where required and load only after you consent (see Section 9).
  • Email delivery — transactional and notification emails (account confirmations, security alerts, invoices, and other service messages) are delivered via our transactional email delivery provider, bound by a Data Processing Agreement.
  • Legal requirements — when required by law, court order, or governmental authority, or to protect the rights, property, or safety of SoundsWire LLC, our users, or the public.
  • Business transfers — in connection with a merger, acquisition, or sale of all or a portion of our assets, subject to standard confidentiality obligations.

6. Artificial Intelligence Features

AgenticRelay lets you build and deploy AI agents grounded on a knowledge base. To generate a response, we send the content needed for that specific request — your prompt, the relevant retrieved context from your knowledge base, and any tool inputs for that turn — to the AI model provider that serves the model you selected (OpenAI, Anthropic, Google, Mistral AI, Cohere, xAI, or Cloudflare Workers AI).

  • Your content is not used to train models. Your documents, knowledge base, and conversation content are sent to providers solely to generate responses to your requests. We do not permit these providers to use your content to train or improve their models, and we contract for zero-retention or no-training terms where the provider offers them.
  • Bring your own key (BYOK). You may supply your own API keys for an AI provider you contract with directly. In that case, the request is processed under your agreement with that provider, and we act solely as a conduit. Keys you provide are stored encrypted (see Section 10).
  • No automated decisions with legal effect. AI features generate responses to user-submitted queries; they do not make autonomous decisions that produce legal or similarly significant effects on individuals (see Section 18).

7. WhatsApp and Meta Data Handling

If you connect a WhatsApp business number, the WhatsApp channel is provided through Meta Platforms, Inc.'sWhatsApp Business Cloud API. Messages sent to and from that number pass through Meta's infrastructure and are processed by us so your agent can respond. The access token that authorizes us to send and receive on your behalf is stored encrypted at rest (AES-256-GCM; see Section 10).

Inbound webhooks from Meta are verified using HMAC signatures to ensure authenticity. When you disconnect a WhatsApp number, its stored encrypted access token is deleted. Meta's handling of WhatsApp data is governed by its own terms; see WhatsApp's Business Policy.

8. Data Retention

We retain personal data only as long as necessary for the purpose it was collected, or as required by law.

Data CategoryRetention PeriodNotes
Account profile and workspace dataDuration of accountErased when you delete your account (see Section 11)
Conversation contentDuration of accountDeletable from the dashboard; erased on account deletion
Anonymous widget / visitor conversations90 daysConversations from anonymous website-widget visitors are automatically purged after 90 days
Knowledge base documentsDuration of accountDeletable from the dashboard; erased on account deletion
Soft-deleted agents90 daysAgents you delete are permanently purged after a 90-day grace period
Audit logs and activity feed~90 days, then archived for 6 years totalKept ~90 days in the primary database, then moved to encrypted object storage for a total of 6 years, after which they are deleted
Purchased credits1 year from purchaseCredits expire 1 year after purchase and are non-refundable
Payment and billing recordsAs required by lawRetained by us and by Stripe as required by tax and financial regulations
Edge request / infrastructure logsShort-livedProcessed transiently by Cloudflare for security and abuse prevention; IP addresses are not retained as a long-term profile
Error and performance traces (Sentry)90 daysAutomatically purged per Sentry data retention settings

9. Cookies and Tracking Technologies

9.1 Cookies we use

CookieCategoryPurpose
Better Auth session cookieEssentialAuthenticates you and keeps you signed in. Required for the Service to function; cannot be disabled without impairing it.
NEXT_LOCALEFunctionalRemembers your preferred language / locale.
ar_cookie_consentFunctionalStores your cookie-consent preference.
PostHog analytics cookiesAnalyticsMeasure product usage in aggregate. Load only after you consent.
_ga, _gid, _ga_G-4ZTSS1CRRGAnalyticsGoogle Analytics 4 cookies on our marketing website measure aggregate visitor traffic. Load only after you consent and are cleared if you withdraw consent.

9.2 Analytics (consent required)

We use PostHog for in-app product analytics and Google Analytics 4 (provided by Google LLC) for aggregate traffic analytics on our marketing website. Analytics cookies are blocked by default and load only after you accept analytics in the consent banner. We do not use advertising, retargeting, or cross-site tracking cookies.

9.3 Managing your consent

When you first visit our site, a consent banner is displayed. None of our analytics cookies are set until you explicitly accept them. Your choice is recorded in the ar_cookie_consent cookie.

You can withdraw or change your consent at any time by clicking Cookie Preferences in the footer of any page on this site — the same number of clicks as giving consent (GDPR Art. 7(3)). When you withdraw analytics consent, analytics cookies are no longer set and any already set are removed. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Global Privacy Control (GPC): If your browser transmits a GPC opt-out signal, we treat it as a CCPA/CPRA opt-out and do not activate analytics cookies, without requiring any additional action from you.

You may also disable or delete cookies through your browser's settings. Disabling essential cookies may impair the functionality of the Service.

10. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption in transit via TLS / HTTPS
  • AES-256-GCM envelope encryption for secrets at rest, including WhatsApp access tokens and provider API keys
  • Strict per-workspace data isolation, so each workspace can access only its own data
  • HMAC-signed inbound webhooks to verify the authenticity of messages we receive from external providers
  • Rate limiting and abuse-prevention controls
  • Access controls and least-privilege principles for internal systems
  • Regular security reviews and dependency audits

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at support@agenticrelay.app.

11. Account Deletion and Data Erasure

You can permanently delete your account and associated data directly from the Service. In line with the GDPR right to erasure, account deletion performs a full erasure that:

  • cancels any Stripe subscriptions associated with the account;
  • purges each workspace you own from our external stores — Vectorize embeddings, D1 chunk text, R2 files, and Durable Object chat session state; and
  • cascades the deletion of your records in our primary PostgreSQL database (Neon).

Account deletion is blocked until any active paid subscriptions are cancelled, so that no further charges occur. Disconnecting a WhatsApp number deletes its stored encrypted access token. Some records may be retained only where the law requires it (for example, billing records for tax purposes — see Section 8).

If you cannot use the in-app flow, you may also request access to or deletion of your personal data by emailing legal@agenticrelay.app. For step-by-step instructions, see our agenticrelay.app/data-deletion page.

12. Your Rights

All users

  • Access and export the data associated with your account
  • Correct inaccurate personal data
  • Delete your account and associated personal data — directly in the Service (see Section 11) or by request
  • Opt out of marketing emails at any time via the unsubscribe link

EEA / UK users (GDPR / UK GDPR)

  • Right to access (Article 15 GDPR)
  • Right to rectification (Article 16)
  • Right to erasure / “right to be forgotten” (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object to processing (Article 21)
  • Right to withdraw consent at any time without affecting prior lawful processing

California users (CCPA / CPRA)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

The fastest way to exercise access, export, or deletion is directly in the Service (see Section 11). You may also exercise any of these rights by contacting us at legal@agenticrelay.app. We will respond within the period required by applicable law (generally one month under the GDPR/UK GDPR and 45 days under the CCPA/CPRA, each extendable where permitted). You also have the right to lodge a complaint with your local data protection authority.

13. International Data Transfers

SoundsWire LLCoperates globally and may transfer your personal data to countries outside your country of residence, including the United States. The Service runs on Cloudflare's global edge network, and our primary database (Neon) and object storage (Cloudflare R2) are hosted in the United States (AWS US East (Ohio), us-east-2).

When we transfer data from the EEA or UK to the United States, we rely on one or more of the following safeguards:

  • EU-US Data Privacy Framework (DPF) — the adequacy decision issued by the European Commission on 10 July 2023. Where a sub-processor participates in the DPF (e.g., Google LLC), no additional transfer mechanism is required.
  • Standard Contractual Clauses (SCCs) — the 2021 SCCs approved by the European Commission (Implementing Decision 2021/914), incorporated into our Data Processing Agreements with processors not covered by the DPF.
  • UK IDTA — the UK International Data Transfer Agreement for transfers from the United Kingdom.

You may request a copy of the applicable transfer safeguards by contacting us at legal@agenticrelay.app.

14. Children's Privacy

The Service is not directed to children under 16 years of age (or 13 in jurisdictions where that age applies). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at legal@agenticrelay.app and we will promptly delete such information.

15. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we will notify you via email or a prominent notice on the Service at least 30 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

17. Do Not Sell or Share My Personal Information (California Residents)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to opt out of the “sale” or “sharing” of their personal information.

SoundsWire LLC does not sell, rent, trade, or share your personal information with third parties for their own marketing or advertising purposes. We share data only with service providers acting on our behalf (as described in Section 5), including PostHog solely to measure aggregate product usage (with your consent).

To exercise your right to opt out of analytics sharing, click Cookie Preferencesin the footer and select “Decline.” For all other CCPA/CPRA rights (access, deletion, correction, non-discrimination), contact us at legal@agenticrelay.app.

18. Automated Decision-Making

SoundsWire LLCdoes not use automated decision-making processes, including profiling, that produce legal or similarly significant effects on individuals. AI features within the Service generate responses to user-submitted queries but do not make autonomous decisions about users' access, creditworthiness, employment, or similar matters.

19. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SoundsWire LLC

30 N Gould St Ste N, Sheridan, WY 82801, US

Privacy / Legal: legal@agenticrelay.app

General support: support@agenticrelay.app

Website: agenticrelay.app