Privacy

ContactRelay uses contact data to send the relay campaign requested by the sender. We do not sell user contact data.

Recipient lists are not public. Recipient pages use tokenized links and should expire after the configured window.

Payment providers such as Stripe may process payment information under their own policies. Email and SMS providers such as Resend and Twilio may process delivery data as needed to send messages.

Google may process data when a user chooses Google sign-in or separately chooses Google Contacts import. ContactRelay should only save contacts selected for a relay campaign.

Relay Tokens may be used any time on the account that purchased them. Tokens are not refundable after 30 days.

Production deployments should store data in Supabase, send only from server-side routes, and keep all provider secrets in environment variables.

ContactRelay should not be used for spam, harassment, fraud, impersonation, misleading identity claims, or illegal activity. Recipients can report suspicious messages.

No web service can promise perfect security. ContactRelay keeps the MVP simple and uses practical controls such as tokenized links, private recipient lists, and server-side sending.