Privacy Policy
Effective Date: April 28, 2026 · Last Updated: April 28, 2026
RelayKit LLC, a South Carolina limited liability company (formerly Vaulted Press LLC) ("RelayKit," "we," "us," or "our"), is committed to protecting the privacy of developers who use our platform. This Privacy Policy describes how we collect, use, store, and protect your information when you use the RelayKit platform and services (the "Service").
This Privacy Policy applies to you as a developer using RelayKit. For information about how your End Users' data is handled through the messaging proxy, see Section 7.
1. Information We Collect
1.1 Account Information
When you create a RelayKit account, we collect:
- Email address — used for magic link authentication, account communications, and registration status notifications
- Full name — submitted as part of your 10DLC registration
- Phone number — used for carrier OTP verification during the registration process
- Business information — business name, type (LLC, corporation, sole proprietor, etc.), EIN (if applicable), street address, city, state, and ZIP code, as required for 10DLC brand registration
1.2 Registration and Use Case Information
When you go through the registration process, we collect:
- Use case selection — the type of SMS messaging you intend to send (e.g., appointment reminders, order updates, verification codes)
- Business description — a brief description of your application or service
- Service-specific details — depending on your use case, additional context such as service type, product type, community name, or venue type
- Website URL — if you have an existing website for your application
- Message plan selections — the message templates you choose and configure through the dashboard
1.3 Payment Information
We use Stripe to process payments. RelayKit does not directly collect, store, or have access to your full credit card number, expiration date, or CVV. Stripe collects and processes payment information in accordance with their privacy policy. We receive from Stripe: a tokenized payment method identifier, billing email, payment status, and transaction history.
1.4 Usage Data
We automatically collect:
- API usage — request timestamps, endpoints called, response codes, message counts, and error rates
- Dashboard activity — pages visited, features used, and session duration (collected via standard web analytics)
- Message metadata — timestamps, recipient phone numbers, delivery status, and compliance check results for messages sent through RelayKit
- Message content — the text content of outbound SMS messages routed through RelayKit (see Section 4 for retention details)
1.5 Technical Data
We collect standard technical data including IP address, browser type, operating system, device type, and referring URL. This is used for security, fraud prevention, and service improvement.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service — create and manage your account, process your 10DLC registration, and provision messaging infrastructure
- Process payments — charge setup fees, monthly subscriptions, and message overage through Stripe
- Enforce compliance — process outbound messages and metadata to enforce the compliance rules described in our Terms of Service and Acceptable Use Policy
- Communicate with you — send registration status updates, compliance alerts, payment notifications, and service announcements via email
- Improve the Service — analyze usage patterns (in aggregate) to improve features, fix bugs, and plan product development
- Protect the platform — detect and prevent fraud, abuse, and violations of our Terms and AUP
- Comply with legal obligations — respond to lawful requests from law enforcement or regulatory authorities
We do not use your information for advertising purposes. We do not build advertising profiles. We do not sell your information.
3. How We Share Your Information
3.1 Service Providers
We share information with third-party service providers who help us operate the Service:
| Provider | What We Share | Purpose |
|---|---|---|
| Sinch | Business name, EIN, address, phone number, use case details, campaign description, sample messages | 10DLC brand and campaign registration with US carriers via The Campaign Registry (TCR) |
| Stripe | Email address, payment method (collected directly by Stripe) | Payment processing |
| Supabase | All account and registration data | Database hosting and authentication |
| Resend | Email address | Transactional email delivery (registration updates, compliance alerts) |
These providers process your information only as necessary to provide their services to us and are contractually obligated to protect it.
3.2 Carrier Registration
When you register for 10DLC, your business information (name, EIN, address, use case, campaign description, and sample messages) is submitted to The Campaign Registry (TCR) and shared with US mobile carriers (AT&T, T-Mobile, Verizon, and others) as part of the brand and campaign registration process. This sharing is required for the Service to function — without it, your messages cannot be delivered. Carrier data handling is governed by each carrier's own privacy policies.
3.3 Legal Requirements
We may disclose your information if required by law, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
3.4 Business Transfer
If RelayKit LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email before your information becomes subject to a different privacy policy.
3.5 No Sale of Personal Information
We do not sell, rent, lease, or trade your personal information to third parties for their marketing or commercial purposes. We do not share your information with data brokers.
4. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of account + 90 days after deletion | Account operation and post-termination audit |
| Registration data | Duration of account + 90 days | Carrier compliance records |
| Message content | 30 days from send date | Dispute resolution |
| Message metadata | 90 days from send date | Compliance audit trail |
| Payment records | As required by tax and financial regulations (typically 7 years) | Legal and tax obligations |
| API usage logs | 90 days | Debugging, rate limit enforcement, abuse detection |
After the retention period, data is permanently deleted. We do not retain data longer than necessary for the purposes described above.
5. Data Security
We implement reasonable administrative, technical, and physical security measures to protect your information, including:
- Encryption in transit — all data transmitted between your application and RelayKit uses TLS 1.2 or higher
- Encryption at rest — sensitive credentials (Sinch subaccount credentials) are encrypted using AES-256-GCM before storage
- Access controls — database access is restricted to authenticated service accounts with least-privilege permissions
- API key security — API keys are hashed before storage; plaintext keys are shown once at generation and never stored
- Magic link authentication — no passwords are stored or transmitted
- Infrastructure security — hosted on Supabase (SOC 2 Type II compliant)
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Your Rights
6.1 Access and Portability
You may request a copy of the personal information we hold about you by contacting support@relaykit.ai. We will provide the information in a structured, commonly used format within 30 days.
6.2 Correction
You may update your account information through the dashboard at any time. For corrections to registration data that has already been submitted to carriers, contact support@relaykit.ai.
6.3 Deletion
You may request deletion of your account and associated data by contacting support@relaykit.ai. Upon receiving a verified deletion request:
- Your account will be deactivated and messaging services suspended
- Personal information will be deleted within 30 days, except where retention is required by law or for legitimate business purposes (e.g., tax records, fraud prevention)
- Message content and metadata will be deleted according to the retention schedule in Section 4
6.4 Opt-Out of Communications
You may opt out of non-essential email communications (such as product updates or feature announcements) at any time. You cannot opt out of transactional emails related to your account, registration status, compliance alerts, or payment notifications, as these are necessary to provide the Service.
6.5 California Residents
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how it is used, the right to delete personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact support@relaykit.ai.
7. End User Data
7.1 Your End Users' Information
When you send SMS messages through RelayKit, we process your End Users' phone numbers and the content of messages sent to them. We process this information on your behalf as a service provider — you are the controller of your End Users' data.
7.2 Our Use of End User Data
We use End User data only to:
- Route messages through carrier infrastructure
- Enforce the compliance rules described in our Terms of Service and Acceptable Use Policy
- Generate aggregate, anonymized analytics (message volumes, delivery rates)
We do not use End User phone numbers or message content for our own marketing purposes, build profiles of End Users, sell End User data, or contact End Users directly (except to confirm opt-out requests as required by carrier policy).
7.3 Your Obligations
You are responsible for providing appropriate privacy disclosures to your End Users, obtaining valid consent before sending messages, honoring opt-out requests, and complying with all applicable privacy laws regarding your End Users' data. You are responsible for ensuring your privacy policy and opt-in flow meet the requirements of applicable law for your specific use case and jurisdiction.
8. Cookies and Tracking
The RelayKit dashboard uses essential cookies for authentication (magic link session management) and security. We do not use third-party advertising cookies or cross-site tracking technologies.
We may use basic analytics to understand how developers use the dashboard (page views, feature usage, session duration). This data is aggregated and not linked to individual advertising profiles.
9. Children's Privacy
The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.
10. International Users
The Service is designed for US-based SMS messaging (A2P 10DLC). Your data is processed and stored in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country of residence.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least thirty (30) days before they take effect. The current version is always available at relaykit.ai/privacy.
12. Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how your data is handled:
RelayKit LLC (formerly Vaulted Press LLC)
5196 Celtic Dr, North Charleston, SC 29405
Email: support@relaykit.ai
Website: relaykit.ai
This Privacy Policy was last updated on April 28, 2026.