Privacy Policy

Rely · Last updated 2026-07-05

This policy explains what Rely does with your information, in plain language. We wrote it to be read.

1. Who we are

Rely is operated by PM Frontier LLC (“we”, “us”). Our registered address is PM Frontier LLC, 30 N Gould St, Sheridan, WY 82801. For privacy questions, email privacy@rely.is.

Two roles. For the content inside your workspace (your commitments, sources, and history), your organization is the data controller and Rely is a processor acting on your instructions. For your account, billing, and product analytics, Rely is the controller. We do not yet have an appointed EU representative; if that changes we will name them here.

2. What we collect, and what we never touch

Rely never sees your chat history. Claude and ChatGPT connectors cannot access your conversations, memory, or files. The platforms bar it, and our design does not want it. The only conversation text that reaches us is the specific excerpt you (or the assistant, at your instruction) explicitly send when you make something real. Everything we know, you can read on one screen and export with one click.

We store:

  • Your workspace graph: workspaces, people, spaces, commitments, and inbox items.
  • The verbatim excerpts you chose to capture, with their origin and timestamp.
  • Agent-run records: the context snapshot, parameters, output, verdict, and cost.
  • Your account and membership details, and your subscription state. Card numbers are held by Stripe, never by us.
  • Product-analytics events and session replays, tied to a pseudonymous ID. Replays mask what you type and the content of your workspace (see section 8).

We never store your passwords in a recoverable form, your card numbers, plaintext connection tokens, or the body of any conversation beyond the excerpt you sent.

3. Why we process it (lawful bases)

  • To run the service: providing your account, your workspace, and service emails (contract performance).
  • Legitimate interests: product analytics, security logging, and fraud prevention, balanced against your rights.
  • Consent: marketing email only, as a separate opt-in you can withdraw with one click.

4. AI processing

Rely processes your workspace content with Anthropic’s API under our commercial agreement: your data is not used to train models, is retained by Anthropic only within their bounded trust-and-safety window, and is sent under our own keys, never linked to your personal Claude or ChatGPT account.

Just as important as what the AI reads is what it can do: agent runs make no tool calls, touch no network, and every change an agent proposes waits in a human approval queue before it affects anything. Text you capture is treated as untrusted input: labelled, checked, and unable to act on its own.

5. Who we share it with

We do not sell your data and we never use it for advertising. We share it only with the service providers (“subprocessors”) that help us run Rely. We update this list before adding anyone new, with 30 days’ notice to customers who have signed a Data Processing Agreement.

ProviderWhat they doRegion
AnthropicAI inference: agent runs, extraction, briefsUnited States
OpenAIText embeddings for semantic searchUnited States
SupabaseManaged Postgres database and storageUnited States (us-east-1)
VercelWeb application hostingUnited States
Fly.ioMCP server and background workersUnited States
ResendTransactional email deliveryUnited States
StripePayment processingUnited States
PostHogProduct analytics and session replay (inputs and workspace content masked)United States
SentryError monitoring, with content fields scrubbedUnited States

6. How long we keep it

DataRetention
Your workspace history (events)For the life of your workspace. The audit trail is the product, so we never silently expire it. You can export or delete it.
Sources (the excerpts you send)For the life of your workspace; individually erasable on request (a visible redaction).
Commitments, spaces, inbox itemsFor the life of your workspace; archiving is a logged change, not deletion.
Sign-in sessions and connection tokensUntil they expire or you revoke them; token hashes are purged 90 days after expiry.
Error and application logs90 days, with your content scrubbed out.
Product analytics and session replay12 months, then only in aggregate.
A deleted workspace30-day recoverable window, then permanently purged from live systems; gone from backups within 30 days after that (60 days total, worst case).

7. Your rights

You can, at any time:

  • Access and export: download everything we hold about your workspace as one file, from Settings.
  • Correct: edit your data directly; every edit is logged.
  • Erase: we honor erasure honestly. Content is replaced with a “redacted at your request” tombstone that keeps the audit skeleton intact, and any embeddings of it are deleted in the same step.
  • Object and withdraw consent: unsubscribe from marketing email with one click, and opt out of product analytics and session replay by emailing privacy@rely.is.

If your organization runs the workspace, we route data-subject requests to your workspace Admin and assist them within 72 hours. We answer all requests within 30 days. To start, email privacy@rely.is.

8. Security and analytics

Each workspace is isolated at the database level, and that isolation is tested on every code change. Connection credentials are encrypted with keys held outside the database. Every change in your workspace, including any access by us, is an entry in your own audit log: we can only look at your content when you grant us access, and you see it when we do.

To understand how the product is used, we record analytics events and session replays. Replays are recorded with masking on: everything you type is masked before it leaves your browser, and the content of your workspace (commitment titles, sources, evidence) is masked as well. We study how people move through Rely, not what their work says.

Are we SOC 2 certified? Not yet, and we will not buy a badge before the controls behind it are mature. Report a vulnerability to security@rely.is; good-faith research within scope will never trigger legal action from us.

9. International transfers

We host in the United States. Where data is transferred out of the UK or EEA, that transfer is covered by Standard Contractual Clauses in our Data Processing Agreement and our providers’ own safeguards.

10. Cookies

We use a sign-in session cookie, a product-analytics cookie, and a first-touch cookie that remembers which ad or link brought you here. We do not use third-party advertising trackers.

11. Changes

We will update this page as Rely evolves and email you at least 30 days before any material change.

12. Children

Rely is a workplace tool and is not directed at anyone under 16.

Terms of Servicerely.ishello@rely.is