Legal

Privacy Policy

Last updated: May 20, 2026

1. Introduction

Relvios, a product of Nzoni App LLC, a limited liability company incorporated in the State of Delaware, United States ("we", "our", "us"), operates the website relvios.com and the Relvios API platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you register, we collect your name, email address, and password (hashed). If you sign up via Google OAuth, we receive your name, email, and profile picture from Google.
  • Organization Data: Organization name, billing details, and team member information you provide within the dashboard.
  • Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers. We receive from Stripe a customer ID, subscription status, and invoice history.
  • Support Communications: Any messages, feedback, or support requests you send to us.

2.2 Information Collected Through Platform Connections

When you connect a third-party platform (e.g., Gmail, Slack, Discord, SMTP/IMAP), we collect:

  • OAuth Tokens: Access tokens and refresh tokens provided by the platform during the OAuth authorization flow. These tokens are encrypted at rest using AES-256 encryption and are used solely to perform actions you authorize through our API.
  • Profile Information: Basic profile data such as your email address, username, display name, profile picture, and account ID, as provided by the platform's API during the OAuth consent process.
  • Content Metadata: When you use our Service to read, classify, draft, route, and follow up on messages, we store the content you provide (text, attachments, metadata) and the platform responses.
  • Analytics Data: If you use our analytics features, we may retrieve metrics from connected platform APIs on your behalf.
  • Inbox / Messages: We retrieve messages, emails, or comments from connected platforms to display within the secure unified inbox, only when explicitly enabled by you.

2.3 Information Collected Automatically

  • Log Data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps.
  • API Usage Data: API endpoint calls, request/response metadata, error logs, and rate-limit usage for your organization.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including authenticating your identity and managing your connected email and messaging accounts.
  • Process API requests to read, route, draft, and manage messages on your behalf across connected platforms.
  • Process billing and payments through Stripe.
  • Send you transactional communications (account verification, password resets, billing receipts, webhook delivery status).
  • Detect, prevent, and address technical issues, security incidents, and abuse.
  • Improve the Service, including analyzing usage patterns and optimizing performance.
  • Comply with legal obligations.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

  • With Third-Party Platforms: When you use our Service to read, reply, or route messages on messaging platforms, we transmit your content and credentials to those platforms via their official APIs. This is the core function of the Service and happens only at your explicit direction.
  • Service Providers: We use third-party services to operate the Service, including Stripe (payments), cloud hosting providers (infrastructure), and email providers (transactional emails). These providers have access only to the data necessary to perform their specific functions.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, user information may be transferred as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.

5. Data Security

  • All OAuth access tokens and refresh tokens are encrypted at rest using AES-256 encryption with a server-side key.
  • User passwords are hashed using bcrypt with an appropriate cost factor.
  • All communications between clients and our servers are encrypted using TLS 1.2+.
  • Webhook payloads are signed using HMAC-SHA256 so you can verify authenticity.
  • API keys use the format sb_live_* / sb_test_* with hashed storage — we never store API key plaintext after initial display.
  • We implement role-based access control (RBAC) with tenant isolation — each organization's data is scoped and inaccessible to other organizations.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until you delete your account.
  • OAuth tokens: Retained while the connection is active. When you disconnect an account, its tokens are immediately revoked and deleted.
  • API logs: Retained for 90 days for debugging and audit purposes, then automatically purged.
  • Message content: Retained until you delete the message record or your account.

Upon account deletion, we will delete or anonymize all personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Data Portability: Request export of your data in a structured, machine-readable format.
  • Withdraw Consent: Revoke any previously granted consent at any time.
  • Restrict Processing: Request that we limit how we use your data.
  • Object: Object to processing of your data for certain purposes.

To exercise any of these rights, contact us at support@relvios.com. We will respond within 30 days.

8. Third-Party Platform Data Use

When you connect your email and messaging accounts through our Service, please note:

  • We access third-party platform data only with your explicit authorization via OAuth consent flows.
  • We request only the minimum OAuth scopes necessary for the features you use.
  • We do not use data obtained from third-party platforms for advertising, data brokering, or selling to third parties.
  • We do not use platform data to build user profiles for purposes unrelated to the Service.
  • You can disconnect any platform connection at any time from your dashboard, which immediately revokes our access and deletes the stored tokens.

9. Google API Services Usage

When you connect your Gmail account, we request access to the https://www.googleapis.com/auth/gmail.modify scope. To comply with Google's strict requirements, we explicitly disclose how this data is handled:

  • Access and Use: We access your Gmail inbox to read incoming emails, use AI to classify and draft responses, and allow your team or AI agents to reply, route, and manage emails within our unified inbox. The data is used solely to provide these inbox management features.
  • Storage: We store email metadata, content, and attachments as necessary to display them in your unified inbox and facilitate replies.
  • Data Sharing: We do not share, transfer, or sell your Google user data to any third-party data brokers, advertising networks, or other external entities. Data may only be shared with trusted service providers (e.g., cloud hosting) strictly necessary to operate the Service.
  • Limited Use: Relvios's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

10. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies, if used, are limited to understanding aggregate usage patterns and do not track individual users across sites.

11. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

12. International Data Transfers

Our servers may be located outside your country of residence. By using the Service, you consent to the transfer of your data to jurisdictions that may have different data protection laws. We ensure appropriate safeguards are in place, including standard contractual clauses where applicable.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Back to home

© 2026 Nzoni App LLC. All rights reserved. Relvios is a product of Nzoni App LLC, Delaware.

HomeTermsPrivacy