RelayGuard

Privacy Policy

Last updated: May 25, 2026

RelayGuard ("we", "us") operates the hosted gateway and dashboard at 0xrelayguard.com. This policy describes how we handle personal data when you use our service.

For technical detail on what the gateway stores and logs, see Data boundary.

Who this applies to

This policy covers workspace owners and members who create an account, configure providers, and send RPC traffic through RelayGuard. It does not cover third-party RPC providers you connect — those providers have their own privacy terms.

Data we collect

  • Account data — email address and bcrypt password hash when you register
  • Workspace data — workspace name, slug, plan, and configuration you enter in the dashboard
  • Provider configuration — provider names, weights, independence groups, and encrypted RPC endpoint URLs (AES-256-GCM at rest)
  • API keys — key prefixes and bcrypt hashes; plaintext gateway keys are shown once at creation and not stored in recoverable form
  • Security Mode settings — per-chain quorum and method policy configuration
  • Session data — HttpOnly session cookies for dashboard authentication
  • Operational metadata — request metadata (chain, method, request ID, routing decisions), provider health events, and security/quorum outcomes in structured logs

Data we do not persist

  • JSON-RPC request bodies or responses in our database
  • Plaintext provider URLs after initial save
  • Plaintext API keys after creation

RPC traffic passes through the gateway in memory for routing. We do not build a queryable archive of your on-chain reads or writes.

How we use data

  • Provide, operate, and improve the RelayGuard service
  • Authenticate users and enforce workspace access controls
  • Route RPC requests, run health checks, and apply Security Mode policy
  • Detect abuse, rate-limit misuse, and investigate operational incidents
  • Respond to support requests and security reports

Legal bases (EEA/UK visitors)

Where applicable, we rely on:

  • Contract — processing needed to deliver the service you signed up for
  • Legitimate interests — security monitoring, fraud prevention, and service reliability, balanced against your rights
  • Consent — where you opt in to non-essential communications (if offered)

Subprocessors

We use infrastructure providers to host the service. A current list is on our Security page. We require subprocessors to protect data under contractual terms appropriate to their role.

Retention

  • Account and workspace data — retained while your account is active
  • Operational logs — retained for a limited period for debugging and security (typically weeks, not years)
  • Deleted workspace data — removed from production systems on deletion; backups may persist for a limited window per our database provider's snapshot schedule

Your choices and rights

Depending on where you live, you may have the right to:

  • Access or receive a copy of personal data we hold about you
  • Correct inaccurate account information in the dashboard
  • Request deletion of your account and workspace
  • Object to or restrict certain processing

Contact us at [email protected] to exercise these rights. We may need to verify your identity before fulfilling a request.

International transfers

Hosted production infrastructure is in the United States (Fly.io, US East). If you access the service from outside the US, your data may be processed in the US.

Children

RelayGuard is not directed at children under 16. We do not knowingly collect data from children.

Changes

We may update this policy as the product evolves. Material changes will be reflected by updating the date above. Continued use after changes constitutes acceptance of the revised policy.

Contact

Privacy questions: [email protected]