Privacy Policy
Last updated: June 15, 2026
RelayShield ("RelayShield", "we", "us", or "our") provides relay email addresses and relay phone numbers that forward incoming email, SMS, and voice calls to your real contact details, so you can share an alias instead of your personal information. This Privacy Policy explains what personal information we collect, how we use and share it, how long we keep it, and the choices and rights you have.
RelayShield is operated from Canada. We handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. If you are located in the European Economic Area, the United Kingdom, or California, additional rights described in the "Your Privacy Rights" section may apply to you.
By creating an account or using RelayShield, you agree to the practices described in this policy.
1. Information We Collect
Information you provide
- Account details — the email address you register with and a password (stored only as a salted hash; we never see your plaintext password).
- Forwarding destinations — your real email address and, for phone plans, your real phone number, so we can forward relayed messages and calls to you.
- Contacts — names and phone numbers you choose to save to label senders.
- Aliases you create — relay email addresses and, optionally, the website URL an alias was created for; relay phone numbers; and reverse aliases (which include the real recipient address you are sending to).
- Blocked numbers — phone numbers you choose to block.
- Support communications — anything you send us when you contact support.
Information processed to provide the relay service
To deliver the service, our systems route email, SMS, and voice traffic between your aliases and your real contact details. We keep metadata records of this activity, including:
- For messages and calls: the sender and recipient numbers, direction (inbound or outbound), timestamp, number of SMS segments, and call duration.
- For email: the direction and timestamp of forwarded messages, and the "last used" time of an alias.
We use this metadata to operate the relay, enforce plan limits, display your history, and detect abuse. We do not store the body content of your forwarded emails, SMS messages, or the contents of voice calls in our database. Email content passes through our email provider transiently for the sole purpose of forwarding it to you.
Payment information
Paid subscriptions are processed by Stripe. We do not collect or store your full card number; Stripe handles payment details directly. We retain a Stripe customer identifier and your subscription status and plan level to manage your account.
Information collected automatically
- Session and security data — login sessions, API tokens issued to the browser extension, and the "last used" time of those tokens.
- Server logs — standard technical logs (such as IP address, request time, and error information) generated when you use the site or API.
- Advertising/analytics on our marketing pages — certain public landing pages may load Meta Pixel and/or Google Ads/Analytics tags to measure ad conversions. These run only on marketing pages and only when configured. See "Cookies and Tracking".
2. How We Use Your Information
- To create and manage your account and authenticate you.
- To operate the core service: forwarding email, SMS, and voice calls between your aliases and your real contact details, and generating reverse aliases for outbound replies.
- To verify your email address and phone number.
- To enforce plan limits and provide your message, call, and alias history.
- To process payments and manage subscriptions.
- To protect the service — detecting, preventing, and investigating fraud, abuse, and security incidents.
- To respond to your support requests and send service-related notices.
- To measure the effectiveness of our advertising (marketing pages only).
- To comply with legal obligations.
3. How We Share Your Information
We do not sell your personal information. We share it only with the service providers ("processors") needed to operate RelayShield, and where required by law:
| Provider | Purpose | Data involved |
|---|---|---|
| Twilio | SMS and voice relay; phone-number provisioning and verification | Phone numbers, message/call routing data |
| SendGrid (Twilio) | Sending and forwarding email | Email addresses and the email content being forwarded |
| Stripe | Subscription payments | Billing details and customer identifier |
| DigitalOcean | Hosting and file/object storage | Service data stored on our infrastructure |
| Google & Meta | Advertising conversion measurement (marketing pages only) | Pseudonymous web/advertising identifiers |
These providers are authorized to use your information only to perform services for us. We may also disclose information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of RelayShield, our users, or others. If we are involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction.
4. International Data Transfers
We are based in Canada and our service providers may process and store data in Canada, the United States, and other countries. As a result, your personal information may be transferred to, and handled in, jurisdictions whose data-protection laws differ from those in your country. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) for such transfers.
5. Data Retention
We keep your personal information for as long as your account is active and as long as reasonably necessary to provide the service. When you close your account, we delete or de-identify your personal information within a reasonable period, except where we need to retain certain records to comply with legal, tax, accounting, or security obligations, resolve disputes, or enforce our agreements. Metadata records (message and call logs) are retained while your account is active so we can show your history and enforce limits, and are removed in line with the same principles after closure.
6. Security
We use technical and organizational measures to protect your information, including encryption of traffic in transit (HTTPS), hashing of passwords, scoped API tokens for the browser extension, and access controls on our systems. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your information and to limit the data we retain.
7. Cookies and Tracking
We use strictly necessary cookies to keep you signed in and to secure the site (for example, session and CSRF cookies). Our public marketing pages may additionally load Meta Pixel and Google Ads/Analytics tags to measure advertising performance; these are only present on those pages and only when configured. You can control cookies through your browser settings, and you can opt out of ad personalization through Google and Meta. We do not use these advertising tools inside your authenticated dashboard.
8. Your Privacy Rights
Subject to applicable law, you have the right to access, correct, update, or delete the personal information we hold about you, to withdraw consent, and to ask questions about how we handle your information. You can manage much of your data directly in your account settings, or contact us using the details below.
Canada (PIPEDA)
You may request access to your personal information and ask us to correct inaccuracies. You may also challenge our compliance with PIPEDA by contacting us, and you have the right to escalate unresolved concerns to the Office of the Privacy Commissioner of Canada.
European Economic Area & United Kingdom (GDPR)
If you are in the EEA or UK, you have the rights to access, rectification, erasure, restriction of processing, data portability, and objection to processing, and you may lodge a complaint with your local supervisory authority. We process your data to perform our contract with you, to comply with legal obligations, with your consent (for example, advertising cookies), and for our legitimate interests in operating and securing the service.
California (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, to access and delete it, to correct it, and to opt out of "sale" or "sharing" of personal information. We do not sell your personal information. We will not discriminate against you for exercising your rights.
To exercise any of these rights, email us at [email protected]. We will respond within the timeframe required by applicable law. We may need to verify your identity before acting on your request.
9. Children's Privacy
RelayShield is not directed to children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of RelayShield after an update means you accept the revised policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, contact our privacy team at [email protected].