Last updated: 2026-05-21 · Version 1.0
This Data Processing Addendum ("DPA") forms part of the Relaynix Terms of Service and applies when Relaynix processes Personal Data on behalf of a Customer (you, the workspace owner) subject to the EU General Data Protection Regulation (GDPR), the UK GDPR, or the Swiss Federal Act on Data Protection.
Customer is the Data Controller; Relaynix is the Data Processor. Processing is limited to operating the Service: storing accounts, running the AI content pipeline, publishing to channels the Customer has connected via OAuth, and emitting metrics back to the Customer dashboard.
Relaynix uses the following sub-processors to deliver the Service. You can object to any of them in writing — we will work with you on an alternative or, if none exists, you may terminate.
Adding a new sub-processor requires 30-day prior notice via in-app banner + email.
Customer's end users (their viewers, commenters, team members) may exercise GDPR rights — access, rectification, erasure, portability — either directly with the Customer (who is the Controller) or by emailing dpo@relaynix.tech; Relaynix will execute within 14 days and notify the Customer.
Customer can export their own data at any time from /settings/account → "Export my data". The export is a ZIP containing all rows tied to your account in JSON form. We comply with deletion requests within 30 days from receipt; backups age out within 7 days.
Primary data lives in Vilnius, Lithuania (EU). Where sub-processors (Anthropic, OpenAI, ElevenLabs, fal.ai, Stripe, Resend, Cloudflare, Tailscale) are based outside the EEA, transfers rely on the EU-US Data Privacy Framework adequacy decision where the importer is certified, and otherwise on the EU Standard Contractual Clauses (June 2021, module 2 or 3 as applicable) with supplementary measures. Copies available on request.
Relaynix will notify Customer of a confirmed Personal Data Breach without undue delay and in any case within 72 hours of becoming aware, via email to the workspace owner's address on file. Notification will describe scope, impacted data, mitigation actions, and recommended Customer steps.
Customer may, no more than once per 12 months, request a SOC 2 / ISO 27001 report (once available — Relaynix is preparing SOC 2 Type I for 2026 H2). Until then, Customer may request a security-questionnaire fill via dpo@relaynix.tech.
This DPA is effective for as long as Relaynix processes Personal Data on Customer's behalf — i.e. as long as the Customer's workspace exists. Upon termination + 30-day grace, all Customer Personal Data is deleted from production and ages out of backups within 7 days.
Data-protection contact: dpo@relaynix.tech
Processor: Relaynix — an online service operated by its
founder, established in Spain.