Privacy Policy

Last updated: May 2026

1. Who we are

ServiceRelay AI Inc. ('ServiceRelay', 'we', 'us') operates a multi-vertical SaaS platform that helps service trade businesses operate their customer-facing conversations and field work. When you reach us through the contact email below, you are interacting with the data controller for our institutional sites (servicerelayai.com, roofrelayai.com, piperelayai.com).

2. Our role under CCPA and GDPR

For data we process about our SaaS customers, we act as a data processor. The trade business is the controller of their customers' data. We are the controller only for data we collect directly through our own websites and outbound communications.

3. What we collect

From visitors to our institutional sites: contact form submissions, investor NDA submissions (with digital signature, IP hash, timestamp), careers applications, and standard server logs (truncated IP, user agent, timestamp).

4. How we use your data

Respond to inquiries; provide access to gated investor materials after NDA; detect abuse and ensure platform security; audit and compliance (7-year admin actions log). We do not sell personal information. We do not share it with third-party advertisers.

5. Your rights

California residents (CCPA) and EU/UK residents (GDPR) can request access, correction, or deletion of personal data, and opt out of marketing. Email the privacy address below. We respond within 30 days.

6. Outreach and TCPA

We do not send unsolicited SMS or WhatsApp. Marketing is limited to cold email under CAN-SPAM (functional unsubscribe in every message), public posts on social platforms, and direct outreach by our founder on LinkedIn after manual review.

7. Cookies

We use cookies for language preference (NEXT_LOCALE), theme preference (sr_theme), and authenticated investor sessions (sr_nda_session). No advertising or cross-site tracking cookies.

8. Security

All data is encrypted in transit (TLS 1.3) and at rest. We follow SOC 2-ready principles: audit logging on every administrative action, MFA on internal accounts, granular service tokens. Report security issues to the security email below.

9. Retention

Contact and careers submissions: 24 months. NDA submissions and executed copies: 7 years. Server logs: 90 days. On verified deletion request, we hard-delete personal data within 30 days, keeping only legal-compliance audit log.

10. Changes

We post material changes here with a new 'Last updated' date. For substantial changes affecting investor or NDA-bound parties, we notify by email.

Contact
Privacy: privacy@servicerelayai.com
Security: security@servicerelayai.com
General: contact@servicerelayai.com