Your data protection rights under the General Data Protection Regulation
Last updated: May 04, 2026
Your Data Protection Rights
Under the General Data Protection Regulation (GDPR), you may have specific rights regarding your personal data. This page explains how to exercise those rights with Relayra.
🔍 Right to Access
You have the right to request a copy of all personal data we hold about you.
Communication Data: Call recordings, voicemail recordings, transcripts, summaries, notes, and metadata
AI Agent Configuration: Business profile, greeting, services, hours, special instructions, integrations, and call-routing settings
Usage Data: Service interactions, setup progress, diagnostics, performance metrics, and support history
Technical Data: IP addresses, device information, cookies
🎯 Why We Process Your Data
Service Provision: To provide AI phone receptionist services, including call answering, recording, transcription, summarization, AI analysis, and notifications
Contract Performance: To fulfill our service agreement
Legal Compliance: To meet regulatory requirements
Legitimate Interests: To improve the Service, train and evaluate product behavior, provide support, maintain security, and prevent fraud or abuse
Legal Basis for Processing
Consent: For marketing communications and cookies
Contract: For service provision and billing
Legal Obligation: For compliance and record keeping
Legitimate Interest: For service improvement and security
Data Retention
📅 How Long We Keep Your Data
Account Data: While your account is active + 7 years
Call Recordings and Transcripts: Up to 7 years for service continuity, customer access, legal compliance, dispute resolution, and operational needs unless deleted earlier under applicable policy or law
Billing Data: 7 years for tax and legal requirements
Analytics Data: Aggregated, de-identified, or anonymized analytics may be retained for product improvement
Marketing Data: Until consent is withdrawn
Data Security
How We Protect Your Data
Encryption: All data encrypted in transit and at rest
Access Controls: Strict authentication, authorization, and business-need access controls
Monitoring: Continuous security monitoring and logging
Backups: Regular, encrypted backups with secure storage
Training: Staff trained on data protection requirements
Deepgram: Speech processing and AI processing (data processing agreement)
Stripe: Payment processing (PCI DSS compliant)
AWS: Secure cloud storage (SOC 2 compliant)
Human Review and AI Analysis
Authorized Relayra personnel and automated systems may review or analyze recordings, transcripts, summaries, notes, metadata, and account configuration for service delivery, support, troubleshooting, safety, abuse prevention, quality assurance, training, and product improvement. We do not sell call recordings, transcripts, summaries, or call content.
🌍 International Transfers
Your data may be transferred outside the EU/EEA. We ensure protection through:
Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Certification schemes and codes of conduct
Data Protection Officer
👤 Contact Our DPO
For all data protection inquiries, contact our Data Protection Officer: