Legal

Privacy Policy

Effective: March 20, 2026 Little Rocket Ltd. relayctx.com
01

Who we are

Little Rocket Ltd. (“Little Rocket”, “we”, “our”) operates Relay at relayctx.com. Relay is a context infrastructure service for AI workflows, providing persistent task management and session handoff capabilities.

This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data. By using Relay, you agree to the practices described here.

02

Information we collect

email_address
Collected on registration or beta waitlist signup. Used for authentication, sign-in codes, and service communications.
name
Display name you provide during account setup. Used to personalise your experience.
password_hash
A one-way cryptographic hash of your password. Plaintext passwords are never stored or transmitted.
context_data
Tasks, goals, session notes, and transfers you create within Relay. This content belongs to you.
oauth_tokens
Short-lived access tokens issued during OAuth 2.0 flows (e.g. Claude Desktop MCP connection). Not stored after the session ends.
server_logs
Standard HTTP request logs: timestamps, request paths, response codes, and IP addresses. Retained for up to 30 days.
03

How we use your data

We use your personal data to: operate and deliver the Relay service; authenticate your identity and secure your account; send transactional emails (sign-in codes, account notices); send beta programme updates and invitations (you may opt out at any time); diagnose and resolve technical issues; and improve the product.

We never sell your personal data, share it with advertisers, or use it to train AI models.
04

Legal basis for processing

We rely on the following legal bases under applicable data protection law:

Contract performance — processing necessary to provide the Relay service you have signed up for, including authentication and context storage.

Legitimate interests — maintaining service security, preventing abuse, diagnosing technical issues, and improving the product, where these interests are not overridden by your rights.

Consent — for marketing and beta-programme communications. You may withdraw consent at any time by unsubscribing.

05

MCP connections

Relay exposes a remote MCP (Model Context Protocol) server at mcp.relayctx.com, accessible by AI clients such as Claude Desktop. When you connect an MCP client:

Authentication — we use OAuth 2.0 with PKCE. Your email and password are verified server-side and a short-lived access token is issued. The token is stored in your MCP client; Relay does not retain it beyond the session.

Tool calls — MCP tool invocations are authenticated against your Relay account. We log which tools are called and by which account for security and audit purposes. No AI conversation content or prompt text is transmitted to or stored by Relay.

Context data — tasks, goals, and transfers you access or create through MCP tools are subject to the same data practices as the rest of your Relay account.

06

Cookies & tracking

We use a session cookie strictly necessary for authentication after you sign in. No advertising or tracking cookies are set by Relay.

The relayctx.com landing page may load Google Tag Manager after explicit cookie consent. No analytics tags are currently active. You may withdraw consent at any time by clearing your browser’s local storage for this site.

Cloudflare (our TLS/DNS provider) may set its own functional cookies for bot detection. See Cloudflare’s Privacy Policy.

07

Third-party processors

We share data only with processors necessary to deliver the service:

DigitalOcean
Primary server host. All account and context data is stored on DigitalOcean infrastructure (SFO3 region, San Francisco, CA, USA).
Cloudflare
TLS termination, DNS, and DDoS protection. Traffic passes through Cloudflare’s network before reaching our servers.
Mailchimp
Email service provider for beta waitlist and onboarding communications. Email addresses of subscribed users are stored with Mailchimp (Intuit Inc.).

We do not use third-party analytics, advertising networks, or social media pixels.

08

Data retention

Account data is retained while your account is active, or until you request deletion.

Email addresses on the beta waitlist are retained until you unsubscribe or request removal.

Server logs are retained for up to 30 days and then automatically purged.

OAuth states and codes are short-lived (15 minutes and 5 minutes respectively) and automatically purged on expiry.

On a verified deletion request, all personal data associated with your account is deleted within 30 days.

09

Your rights

Depending on your jurisdiction, you may have the right to: access a copy of your personal data; correct inaccurate data; request deletion of your data; restrict or object to certain processing; and receive your data in a portable format.

If you are located in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at support@relayctx.com. We will respond within 30 days.
10

Security

All connections are encrypted over TLS. Passwords are stored as cryptographic hashes and never in plaintext. Sign-in codes and API tokens are single-use and time-limited. We apply reasonable technical and organisational measures to protect data against unauthorised access, loss, or disclosure.

If you discover a security vulnerability, please report it responsibly to support@relayctx.com.

11

International data transfers

Your data is stored and processed in the United States (DigitalOcean SFO3, San Francisco). If you are located outside the United States, your data will be transferred to and processed there. By using Relay you acknowledge this transfer. We rely on appropriate safeguards or lawful mechanisms where required by applicable law.

12

Contact

For privacy questions, data requests, or to report a concern:

support@relayctx.com — Little Rocket Ltd. · relayctx.com

We may update this policy from time to time. Significant changes will be communicated to registered users by email. The effective date at the top of this page reflects the latest revision.