Privacy Policy.

This Privacy Policy applies to personal information we collect when you:

• create or use a Relic account;
• use the Relic desktop application or related cloud features;
• submit, sync, review, export, or delete sessions and related content;
• interact with our support, notification, referral, task, or AI features; or
• visit our website or hosted pages that link to this Privacy Policy.

This Privacy Policy does not apply to third-party products, platforms, or services that we do not control, even if they are linked to or integrated with the Service. Those third parties have their own terms and privacy policies.

The information we collect depends on how you use Relic.

A.Account and profile information

When you create or manage an account, we may collect:

• your email address;
• username and account identifiers;
• authentication and account-security records;
• accepted terms/privacy version records;
• profile information such as avatar image or avatar settings;
• referral codes, referral relationships, and related program records; and
• communications you send to us, including support requests and feedback.

If you choose to sign in with a third-party login provider such as Google or Discord, we may receive account information that provider makes available to us, such as your email address, provider user ID, and basic profile data.

B.Session, recording, and submitted content

Relic is a recording and session-submission product. Depending on how you use it, we may collect or receive:

• screenshots and thumbnails of captured screens or windows;
• window titles, window names, and window identifiers;
• timestamps, display identifiers, display bounds, session titles, session duration, and session status;
• comments, labels, annotations, and review outcomes;
• task associations and related submission metadata;
• uploaded files related to a session, including action_stream.json; and
• other content you choose to create, store locally, sync, submit, or upload through the Service.

Because Relic may capture what appears on your screen or within selected windows, submitted content may include personal information, confidential information, or sensitive information about you or other people, depending on what you choose to record or upload.

C.Interaction and action-stream data

When you record a session, Relic may generate action-stream logs that capture interaction metadata, such as:

• mouse down/up, clicks, double-clicks, right-clicks, drag starts/ends, and scroll events;
• coordinates and related display context;
• timestamps for captured events; and
• limited keyboard event metadata such as keycodes and modifier flags.

D.Local device, application, and settings data

The desktop application stores data on your device. Depending on your use of the Service, this may include:

• locally stored screenshots and session files;
• local caches and thumbnails;
• session metadata and export files;
• account and device settings;
• local authentication/session state used to keep you signed in; and
• remembered sign-in information if you choose a “remember password” or similar option.

If you access our website or hosted pages, our systems and hosting providers may also receive standard web and request data such as IP address, request timestamps, request identifiers, and browser or device metadata.

E.Usage analytics and diagnostics

If you opt in to usage analytics, we may collect coarse product usage events such as:

• recording started or stopped;
• recording paused due to sensitive-content heuristics;
• session submitted;
• settings updated; and
• account exported.

These analytics events may also include limited context such as app version, operating system, session mode, source type, success state, or duration bucket.

Relic does not upload screenshots, window titles, comments, labels, or typed content as usage analytics telemetry.

F.Notifications, email, and support records

We may collect and generate records relating to communications with you, including:

• in-app notifications;
• desktop notification preferences;
• operational or administrative emails;
• password reset records;
• support communications; and
• notification delivery status and related audit information.

G.Information from third parties

We may receive information from:

• authentication providers such as Google or Discord;
• infrastructure providers such as Supabase;
• AI/model providers used to power in-app assistance;
• email delivery and communications providers;
• other users who refer you or interact with referral features; and
• service providers or contractors acting on our behalf.

We use personal information for the following purposes:

• to provide, operate, secure, maintain, and improve the Service;
• to create and manage accounts and authenticate users;
• to record sessions, store data locally, sync data, and retrieve submitted sessions;
• to upload, host, display, review, and moderate submitted content;
• to support labeling, editing, review, approval, rejection, and related workflows;
• to administer points, referrals, task features, notifications, and account preferences;
• to provide in-app AI assistance, chat, or labeling features;
• to respond to support requests and communicate with you;
• to send operational, security, legal, transactional, and program-related notices;
• to detect, prevent, investigate, and address fraud, abuse, manipulation, policy violations, and security incidents;
• to troubleshoot bugs, monitor performance, and improve product reliability;
• to analyze and improve Relic features, including review, automation, and AI-assisted product features;
• to comply with legal obligations and lawful process; and
• to enforce our Terms and protect the rights, safety, and property of Relic, our users, and others.

A.Human review and admin access

Submitted sessions and related data may be accessed by reviewers, admins, contractors, subprocessors, and service providers acting on our behalf for purposes such as:

• moderation and quality assurance;
• support and troubleshooting;
• safety and trust review;
• fraud prevention and abuse investigation;
• account and program administration; and
• auditing, compliance, and enforcement.

B.Sensitive-content heuristics

Relic may attempt to detect potentially sensitive content and pause recording in some situations. These checks are heuristic only and are not guaranteed to identify all sensitive or regulated information. Users remain responsible for what they record, upload, sync, or submit.

C.AI features

If you use Relic's AI features, we may process prompts, messages, labels, and session-context summaries needed to provide those features. For example, Relic's in-app AI assistance may use third-party model providers, including Anthropic, to process user messages and session-context summaries such as timeline ranges, window names, and window IDs.

AI outputs may be inaccurate or incomplete. Relic's AI features are provided to assist with product use and workflow support and are not professional advice.

We may disclose personal information to the following categories of recipients:

• service providers and subprocessors that help us operate the Service, such as hosting, database, storage, authentication, analytics, AI/model, email, and support providers;
• reviewers, admins, contractors, and personnel who need access to operate, moderate, support, secure, or administer the Service;
• authentication and identity providers when you choose to use those login methods;
• legal, regulatory, law-enforcement, or other authorities when required by law or when reasonably necessary to protect rights, safety, or property;
• counterparties and advisors involved in a merger, acquisition, financing, reorganization, sale of assets, or similar corporate transaction; and
• affiliates within our corporate group for purposes consistent with this Privacy Policy.

Examples of providers or infrastructure involved in the Service may include Supabase, Anthropic, Google OAuth, Discord OAuth, email delivery providers, and software distribution or update infrastructure.

We may also disclose information at your direction or with your consent.

We do not sell personal information for money. We also do not share personal information for cross-context behavioral advertising as those terms are used in certain privacy laws.

A.Local and cloud storage

Some Relic data is stored locally on your device, and some data is stored in cloud systems. Some session content may remain only on your device unless and until you submit or sync it. Data that may remain on your device includes local screenshots, caches, settings, local session metadata, account export files, and local authentication/session files.

If you submit or sync a session, related data may be uploaded to cloud databases or storage, including screenshots, thumbnails, session metadata, comments, labels, review records, and action_stream.json files. Sync features may also download cloud-stored session data back to your device.

B.Account export

Relic offers account export functionality. Depending on your account activity, exports may include profile information, sessions, recordings, comments, notifications, points records, referral records, account preferences, analytics events, and storage object paths.

C.Account deletion and content deletion

If you request deletion of your account or content, we will take steps to delete or de-identify applicable information in accordance with our legal obligations and operational needs. However:

• local files on your device may remain until you delete them;
• caches, backups, synced copies, and derived metadata may persist for some period of time;
• audit logs, fraud-prevention records, security logs, and dispute records may be retained where necessary; and
• service-provider backups or archived copies may not be removed immediately.

D.Retention

We retain personal information for as long as reasonably necessary to provide the Service, maintain legitimate business records, resolve disputes, enforce agreements, prevent abuse, comply with law, and protect the Service and our users.

Retention periods vary depending on the type of data, whether the data remains stored locally on your device, whether you submitted the content to the cloud, whether the data is needed for security or abuse-prevention purposes, and applicable legal requirements.

Depending on your use of the Service, you may be able to:

• access or update profile information in the app;
• upload or remove a profile avatar;
• opt in or out of coarse usage analytics in account settings;
• configure desktop notification preferences;
• use the in-app export feature to obtain a copy of certain account data;
• request deletion of your account; and
• choose whether to use optional features such as OAuth login, remembered sign-in, referrals, or AI assistance.

If you deny or revoke required operating-system permissions such as screen recording or notifications, some features may not function.

We may need to verify your identity before acting on certain privacy requests.

We and our service providers may process personal information in the United States and other countries where we or our providers operate. Those jurisdictions may have data-protection laws that differ from those in your place of residence.

Where required by applicable law, we use appropriate safeguards for cross-border transfers, such as contractual protections or other recognized transfer mechanisms.

Your rights may vary depending on where you live.

A.EEA and United Kingdom

If you are in the European Economic Area or the United Kingdom, we generally rely on one or more of the following legal bases:

• performance of a contract, when we need your information to provide the Service you requested;
• legitimate interests, including securing the Service, preventing abuse, supporting review workflows, responding to support issues, and improving the Service;
• consent, where required, such as for optional analytics or certain communications; and
• compliance with legal obligations.

Subject to applicable law, you may have the right to:

• access your personal data;
• correct inaccurate personal data;
• request deletion of personal data;
• restrict certain processing;
• object to certain processing;
• withdraw consent where processing is based on consent;
• request portability of certain data; and
• lodge a complaint with your local supervisory authority.

We do not currently use solely automated decision-making that produces legal or similarly significant effects on you. We do use automated systems and heuristics to support product functionality, abuse detection, and review workflows.

B.United States, Including California

If you are a resident of California or another U.S. state with privacy rights, you may have the right, subject to applicable law, to request:

• access to the categories or specific pieces of personal information we hold about you;
• correction of inaccurate information;
• deletion of certain personal information;
• a portable copy of certain personal information; and
• non-discriminatory treatment for exercising privacy rights.

In the preceding 12 months, we collected and disclosed for business purposes the categories of personal information described in Section 2 to the categories of recipients described in Section 5.

We do not sell personal information or share personal information for cross-context behavioral advertising. We do not use sensitive personal information for the purpose of inferring characteristics about consumers.

C.Canada

If you are in Canada, you may have rights under applicable federal or provincial privacy laws, including rights to access and correct personal information and to complain to the Office of the Privacy Commissioner of Canada or the applicable provincial regulator.

Provincial laws may apply instead of, or in addition to, federal law depending on where you live and how you interact with the Service.

D.Australia and New Zealand

If you are in Australia or New Zealand, you may have rights under applicable privacy laws to access and correct personal information we hold about you and to complain to the relevant regulator, including the Office of the Australian Information Commissioner or the Office of the Privacy Commissioner in New Zealand, as applicable.

If disclosure of your information outside your jurisdiction is likely, it may include disclosure to providers or systems in the United States and other countries where our service providers operate.

E.How to exercise rights

To exercise privacy rights, contact us at support@reliclabs.ai. Please identify the request and the account email or username associated with your account so we can respond more efficiently.

We use administrative, technical, and organizational measures designed to protect personal information. However, no security measure is perfect, and we cannot guarantee absolute security.

Because Relic stores data locally on your device in addition to remote systems, the security of your device, operating system account, backups, and local environment also affects the security of your information.

Relic is not intended for children under 13, or any higher minimum age required by local law. We do not knowingly collect personal information from children below the applicable minimum age. If you believe a child has provided us personal information in violation of applicable law, contact us at support@reliclabs.ai.

We may update this Privacy Policy from time to time. If we do, we will post the updated version and update the “Last Updated” date above. If required by law, we will provide additional notice, such as through the app or by email.

If you have questions about this Privacy Policy or our privacy practices, contact us at: