Relvia Labs
Legal · Privacy

Privacy Policy

This Privacy Policy explains how Relvia Labs LLC collects, uses, shares, and protects information about you when you visit our website, request access, or use our services.

Effective May 7, 2026Relvia Labs LLC
On this page

01Overview

Relvia Labs LLC (“Relvia”, “we”, “us”) builds reliable intelligence systems for high-stakes decision-making. Privacy is fundamental to that mission: people will only trust outputs from systems that handle their data responsibly. This Policy describes what we collect, why, and the choices you have.

Quick readWe collect the minimum data needed to operate the Service, we do not sell personal information, we do not use customer inputs to train upstream foundation models, and we keep data only as long as we need it.

02Scope

This Policy applies to relvialabs.ai, the Relvia research preview, our APIs, and any other product or service that links to this Policy (collectively, the “Service”). It does not apply to third-party websites, products, or services that we do not operate, even if they link to or from our Service.

When we process personal information on behalf of a customer (for example, content submitted to our APIs), we act as a processor or service provider, and our handling of that information is governed by our agreement with that customer. Individuals whose data is processed in that capacity should contact the relevant customer for rights requests.

03Information We Collect

Information you provide

  • Account & access requests. Name, work email, company, role, and the use case you describe when you request access.
  • Communications. Messages you send to us, support requests, and survey responses.
  • Customer Content. Documents, prompts, evaluation criteria, and other inputs you submit to the Service.
  • Billing. Where applicable, billing contact and tax information. Payment card data is collected directly by our payment processor and never touches our servers.

Information collected automatically

  • Usage data. Endpoints called, request and response sizes, latency, error codes, and feature usage.
  • Device & log data. IP address, browser type, operating system, referrer URL, and timestamps.
  • Cookies & similar technologies. See the Cookies section below.

Information from third parties

We may receive information from identity providers when you sign in with single sign-on, from infrastructure providers that help us operate the Service, and from publicly available sources used for due-diligence checks before granting access.

04How We Use Information

  • To provide, maintain, and secure the Service.
  • To authenticate users, prevent fraud, enforce our Terms, and investigate suspected abuse.
  • To respond to access requests and to evaluate fit for the research preview.
  • To debug, monitor performance, and improve reliability of the Service.
  • To send transactional emails (e.g., service notices, security alerts) and, where you have opted in, occasional product updates.
  • To comply with legal obligations and respond to lawful requests from authorities.

We do not sell personal information as that term is defined under the California Consumer Privacy Act, and we do not “share” personal information for cross-context behavioral advertising.

05Legal Bases (EEA / UK)

If you are in the European Economic Area or the United Kingdom, we process personal information on the following bases:

  • Contract. To take steps at your request before entering a contract and to provide the Service.
  • Legitimate interests. To secure and improve the Service, prevent abuse, and conduct due diligence on prospective customers, where these interests are not overridden by your rights.
  • Consent. Where required for marketing communications and certain cookies; you can withdraw consent at any time.
  • Legal obligation. To comply with applicable laws and regulatory requirements.

06Sharing & Disclosure

We share personal information only as described below.

  • Service providers. Cloud hosting, observability, analytics, email delivery, and customer support providers that process information on our behalf under written contracts. A current list of subprocessors is available on request.
  • Foundation model providers. Where you use features that route requests to upstream models, we send only the information necessary to fulfill the request, under data processing agreements that prohibit training on customer inputs.
  • Affiliates. Entities under common control with Relvia, where those entities have agreed to handle data consistently with this Policy.
  • Legal & safety. When required by law, subpoena, or court order, or where we believe disclosure is necessary to protect rights, property, or safety.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, with appropriate confidentiality protections.

07Data Retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

  • Account records: for the life of the account and up to 24 months thereafter.
  • API request logs: typically up to 30 days for abuse and reliability monitoring; metadata may be retained longer in aggregated, non-identifying form.
  • Customer Content: for the duration set in your agreement or until you delete it; default is the lifetime of the workspace.
  • Billing records: as required by tax and accounting law (typically seven years).

08Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS 1.3) and at rest (AES-256), tenant isolation, access controls based on the principle of least privilege, regular vulnerability scanning, and an incident response process. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

If we become aware of a security incident affecting your personal information, we will notify you and the appropriate regulators as required by law.

09Your Rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal information, to object to processing, and to withdraw consent. You also have the right to lodge a complaint with a supervisory authority.

California residents have additional rights under the CCPA/CPRA, including the right to know what categories of personal information we collect and disclose, the right to delete, the right to correct inaccurate information, the right to opt out of sale or sharing (which we do not do), and the right not to be discriminated against for exercising these rights.

To exercise any of these rights, contact us at privacy@relvialabs.ai. We will respond within the timeframes required by applicable law and may need to verify your identity before fulfilling a request.

10International Transfers

Relvia is based in the United States, and we and our service providers may process personal information in the United States and other countries that may have data protection laws different from those in your country. Where required, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms.

11Children

The Service is not directed to children under 18 and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

12Third-Party Services

The Service may link to third-party websites or integrate with third-party tools. We are not responsible for the privacy practices of those third parties; their use of your information is governed by their own privacy notices.

13Cookies

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service, and understand aggregate usage. We do not use third-party advertising cookies. You can control cookies through your browser settings; disabling cookies may affect parts of the Service.

14AI-Specific Notices

Relvia provides AI systems that generate outputs based on the inputs you provide. We process Customer Content only to provide the Service to you; we do not use Customer Content to train upstream foundation models or to train shared system behavior.

A limited amount of request and response data may be retained for abuse monitoring, safety review, and reliability investigation, as described in Data Retention. Where you opt in to research collaboration, we may use de-identified data for evaluation and benchmarking; that opt-in can be revoked at any time.

15Changes

We may update this Policy from time to time. The “Effective” date at the top reflects the most recent revision. If we make material changes, we will notify you through the Service or by email before the changes take effect.

16Contact

For questions or to exercise your rights, contact our privacy team at privacy@relvialabs.ai.

Postal: Relvia Labs LLC · 30 N Gould St Ste N · Sheridan, WY 82801 · United States.