Legal

Privacy Policy

Effective Date: March 31, 2026 · Last Updated: March 31, 2026

RelayAccounting ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based accounting platform at relayaccounting.com and related services (the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password (hashed), organization name, and role when you register.
  • Organization Data: Company name, legal name, tax ID, address, phone, website, and branding preferences.
  • Financial Data: Transactions, bills, invoices, vendor/client information, bank account names, payment records, and categories you enter into the Service.
  • Documents: Receipts, invoices, and other files you upload to the Service.
  • Communications: Messages you send to us through support channels or email.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, and time spent on the Service.
  • Device Information: Browser type, operating system, screen resolution, and device identifiers.
  • Network Information: IP address, referring URL, and general geographic location (city/country level).
  • Cookies: Session cookies for authentication. We do not use third-party tracking cookies.

1.3 Email Ingestion Data

If you configure email ingestion, the Service connects to your specified email inbox (via IMAP) to automatically process financial emails. We access only emails matching your configured rules and extract structured data (amounts, dates, vendor names, reference numbers). Original email content is stored within your Organization's data.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process transactions, generate reports, manage bills and invoices, and run automations you configure.
  • AI Features: Power categorization suggestions, anomaly detection, cash flow forecasting, and natural language queries. Your financial data is sent to our AI provider (Google Gemini) for processing. See Section 6 for details.
  • Improve the Service: Analyze usage patterns to fix bugs, improve performance, and develop new features.
  • Communications: Send transactional emails (password resets, notifications, billing alerts) and, with your consent, product updates.
  • Security: Detect and prevent fraud, abuse, and unauthorized access.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.

3. Data Storage and Security

3.1 Storage

Your data is stored in secured PostgreSQL databases hosted on dedicated servers. We use encrypted connections (TLS/SSL) for all data in transit and implement access controls to protect data at rest.

3.2 Security Measures

  • All passwords are hashed using bcrypt with salt rounds.
  • HTTPS (TLS 1.2+) encryption for all web traffic.
  • Rate limiting on authentication endpoints to prevent brute-force attacks.
  • Role-based access control (Owner, Admin, Manager, Member, Viewer) within Organizations.
  • Session-based authentication with JWT tokens.
  • Email configuration passwords encrypted at rest.
  • Audit logging for sensitive operations.

3.3 Data Retention

  • Active Accounts: We retain your data for as long as your account is active.
  • Cancelled Accounts: After account cancellation, we retain your data for 30 days to allow export, then permanently delete it.
  • Soft Deletes: Deleted records within the Service are soft-deleted (marked as deleted but retained) for 90 days for recovery purposes, then permanently purged.
  • Audit Logs: Retained for 12 months for security and compliance purposes.

4. Data Sharing and Disclosure

We do not sell your personal or financial data. We may share information in these limited circumstances:

4.1 Service Providers

  • AI Processing (Google Gemini): Financial data summaries are sent to Google's Gemini API for AI feature processing. Google processes this data according to their API Terms of Service and does not use it to train their models.
  • Email Delivery: Transactional email services for password resets and notifications.
  • Infrastructure: Hosting providers that store and serve the application.

4.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or government request, or to protect the rights, property, or safety of RelayAccounting, our users, or others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change.

5. Multi-Tenant Data Isolation

RelayAccounting is a multi-tenant platform. Each Organization's data is logically isolated — all database queries are scoped by Organization ID. Users can only access data belonging to their Organization. No data is shared between Organizations.

6. AI and Automated Processing

Our AI features process your financial data to provide insights and suggestions. Specifically:

  • Categorization: Transaction descriptions are analyzed to suggest categories.
  • Anomaly Detection: Spending patterns are analyzed to flag unusual transactions.
  • Cash Flow Forecasting: Historical data is used to project future cash positions.
  • Natural Language Queries: You can ask questions about your data in plain language.
  • OCR: Uploaded documents are processed to extract financial data.

AI processing is performed by Google Gemini. Data sent to the AI provider includes summarized financial information (transaction amounts, categories, dates) but not personally identifiable information where possible. AI outputs are suggestions only and should be verified by you.

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate personal data through your account settings.
  • Deletion: Request deletion of your account and associated data.
  • Export: Export your financial data at any time through the Service's export features (CSV, JSON).
  • Restrict Processing: Request that we limit how we use your data.
  • Object: Object to processing of your data for specific purposes.
  • Withdraw Consent: Withdraw consent for optional data processing at any time.

To exercise any of these rights, contact us at privacy@relayaccounting.com. We will respond within 30 days.

8. Cookies

We use only essential cookies required for the Service to function:

  • Authentication Cookie: A session cookie to keep you logged in. Expires when you sign out or after your session timeout.
  • CSRF Token: A security cookie to prevent cross-site request forgery.

We do not use advertising cookies, analytics cookies, or third-party tracking cookies. No cookie consent banner is required because we only use strictly necessary cookies.

9. International Data Transfers

Our servers are located in Europe (Hetzner, Germany). If you access the Service from outside the EU, your data will be transferred to and processed in the EU. We ensure that appropriate safeguards are in place for any data transfers as required by applicable data protection laws.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the Service at least 30 days before they take effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: