Relay

Subscriber Privacy Policy

Last updated: March 30, 2026

1. Controller

Helia AI GmbH
Rossertstr. 34
65817 Eppstein, Germany
Email: team@relayathletic.com

Helia AI GmbH ("Relay") operates the Relay Marketplace platform. When you subscribe to a plan, both Relay (as platform operator) and the Seller (as content provider) may process your personal data. This policy describes how Relay handles your data.

2. Data We Collect

2.1 Account and Contact Data

When you purchase a subscription, we collect your name and email address. If you create a Relay account, we store your login credentials.

2.2 Payment Data

Payment is processed securely by Stripe. Relay does not store your full credit card number. We receive from Stripe a confirmation of payment, your billing name, and a truncated card reference for receipt purposes.

2.3 Usage Data

We automatically collect information about how you interact with the platform, including pages visited, content accessed, browser type, IP address, and device information.

2.4 Data Shared with Sellers

When you subscribe to a Seller's plan, we share your name and email address with the Seller so they can manage your subscription and provide you with their services. Sellers are bound by their own obligations under applicable data protection law.

3. Purpose and Legal Basis

We process your data for the following purposes under GDPR Art. 6:

  • Contract performance (Art. 6(1)(b)): To process your subscription, deliver content, manage your account, and handle payments.
  • Legitimate interests (Art. 6(1)(f)): To improve the platform, ensure security, prevent fraud, and conduct analytics.
  • Legal obligation (Art. 6(1)(c)): To comply with tax, accounting, and other legal requirements.

4. Cookies

We use essential cookies for authentication and session management. These are necessary for the platform to function and do not require consent. We do not use advertising or tracking cookies on Marketplace pages.

5. Third-Party Services

We use the following services to operate the Marketplace:

  • Stripe (United States): Payment processing. Stripe processes your payment data under their own privacy policy. Transfer basis: EU Standard Contractual Clauses (SCCs).
  • Vercel (United States): Hosting and content delivery. Transfer basis: EU Standard Contractual Clauses (SCCs).
  • Supabase (European Union): Database and authentication. Data is stored in the EU.

6. Data Retention

We retain your data for as long as your subscription is active. After cancellation, we may retain certain data for up to 30 days in backups and as required by law (e.g., invoicing records for 10 years under German tax law). Usage data is retained in anonymized or aggregated form.

7. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews.

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Access (Art. 15): Request a copy of the personal data we hold about you.
  • Rectification (Art. 16): Request correction of inaccurate personal data.
  • Erasure (Art. 17): Request deletion of your personal data.
  • Restriction (Art. 18): Request that we restrict the processing of your data.
  • Data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Objection (Art. 21): Object to processing based on legitimate interests.

To exercise any of these rights, contact us at team@relayathletic.com.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.