Privacy Policy

Last updated: January 30, 2026

The Short Version

We don't collect your data. We don't store your data. We don't sell your data.

relay4agents is designed so that your sensitive information never leaves your device without your explicit, biometric approval — and even then, it only exists in transit for seconds before being permanently deleted.

What Data the App Accesses

The relay4agents iOS app may access the following data on your device, only with your permission:

Apple HealthKit data — steps, heart rate, HRV, sleep, workouts, weight, and other health metrics you choose to share
Secure Vault items — credit cards, identity, bank accounts, SSN, and custom items that you manually enter and store in the app
Face ID / Touch ID — used solely to authenticate vault data sharing requests
Push notification token — used to deliver vault request notifications to your device

How Data is Stored

On Your Device (Local Only)

Vault items are stored in the iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly protection. They never leave your device unless you explicitly approve a request with Face ID.
Health data remains in Apple HealthKit. The app reads it on-demand and transmits it through the relay to your configured agent.
Pairing credentials (relay URL, channel ID, auth token) are stored in the iOS Keychain.
Audit logs (metadata only — timestamps and request types, no sensitive values) are stored locally on-device.

On the Relay Server

The relay server is a stateless HTTP queue. It holds messages in memory only.
Health data messages expire after 5 minutes if not pulled by the agent.
Vault data (approved sensitive information) expires after 60 seconds and is permanently deleted from memory.
The relay has no database, no disk storage, no logs of message content.
When the relay server restarts, all in-memory data is lost. This is by design.

On Third-Party Servers

Apple Push Notification service (APNs) — we send push notifications through Apple's servers. Apple's privacy policy governs their handling of notification delivery metadata.
No other third parties receive your data. We do not use analytics, advertising, tracking, or any third-party SDKs that collect user data.

What We Don't Do

We don't collect personal information
We don't store health data or vault data on any server
We don't sell or share data with third parties
We don't track you with analytics or advertising
We don't create user accounts or profiles
We don't log message content on the relay server

Self-Hosted Relay

The relay server is open source. You can host your own instance, audit the code, and verify that nothing is stored. The source code is available at github.com/arunrlverma/relay4agents.

HealthKit Data

relay4agents accesses HealthKit data solely to transmit health metrics to your configured AI agent through the relay. We comply with Apple's HealthKit guidelines:

HealthKit data is not used for advertising or sold to data brokers
HealthKit data is not stored on external servers beyond the in-memory relay transit (5 min TTL)
HealthKit data is only shared with your configured agent, which you pair with explicitly
You can revoke HealthKit access at any time in iOS Settings → Privacy → Health

Security

All communication between the app and relay uses HTTPS/TLS
Requests are signed with HMAC-SHA256 with replay protection (timestamps + nonces)
Vault data requires Face ID or Touch ID for every approval
Vault responses have a 60-second auto-expiry
The relay server uses timing-safe comparisons for all authentication checks

Children's Privacy

relay4agents is not directed at children under 13. We do not knowingly collect information from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or the app, please contact:

Arun Verma
Email: arun@relay4agents.com
GitHub: github.com/arunrlverma/relay4agents