← Back to home

Privacy Policy

Last updated: 16 May 2026

1. Who we are

Rellay is a social media publishing platform for agencies, operated by Rellay Pty Ltd (ABN pending), based in Australia. We provide tools that allow marketing agencies to manage, schedule, and publish content across multiple Facebook and Instagram accounts on behalf of their clients.

If you have questions about this policy, contact us at info@rellay.com.au.

2. What data we collect

We collect the following categories of data depending on how you use Rellay:

Waitlist signups

Your email address, and the date and time you joined the waitlist. We use this solely to notify you when Rellay launches and to communicate early access offers.

Agency account data

When you create an account: your name, email address, agency name, and a hashed password (managed via Supabase Auth). We do not store plaintext passwords.

Meta account tokens

When you connect a client's Meta Business Manager, we store OAuth access tokens that allow us to publish to Facebook Pages and Instagram accounts on your behalf. These tokens are stored encrypted in our database. We do not store your Meta password.

Post content

Captions, media URLs, scheduling details, and publication status for posts you create and manage within Rellay. This content belongs to you and your clients.

Performance data

Reach, impressions, and engagement metrics retrieved from the Meta Graph API for posts published through Rellay.

Usage data

Basic server logs including IP addresses, browser type, and pages visited. We use this for security monitoring and debugging, not for advertising or tracking.

3. How we use your data

We use the data we collect to:

  • Provide, operate, and improve the Rellay platform
  • Publish posts to Facebook and Instagram on your behalf via the Meta Graph API
  • Send you product updates, launch announcements, and account notifications
  • Respond to support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do not sell your data. We do not use your data for advertising.

4. Meta platform data

Rellay integrates with the Meta Graph API to access Facebook Pages and Instagram accounts that you authorise. By connecting a Meta account, you grant Rellay permission to:

  • Read the list of Pages and Instagram accounts associated with your Meta Business Manager
  • Create and publish posts to those Pages and accounts
  • Read post performance metrics (reach, impressions, engagement)

We only access Meta data that is necessary to provide the publishing and reporting features of Rellay. We do not access personal Facebook profiles, private messages, or any data beyond what is required for these purposes.

Access tokens are stored encrypted and are used exclusively to interact with Meta on your behalf. You can revoke Rellay's access at any time through your Meta Business Manager or Facebook app settings.

5. Data storage and security

Your data is stored in a PostgreSQL database hosted by Supabase, with servers located in the Asia-Pacific region. Our application is hosted on Vercel's global edge network.

We implement the following security measures:

  • All data in transit is encrypted via TLS/HTTPS
  • Databases are encrypted at rest
  • OAuth access tokens are stored encrypted
  • Authentication is handled by Supabase Auth with industry-standard session management
  • Access to production infrastructure is restricted to authorised personnel only

While we take reasonable precautions, no system is completely secure. We will notify affected users promptly in the event of a data breach as required under the Australian Privacy Act 1988.

6. Third-party services

Rellay uses the following third-party services to operate:

Meta (Facebook)Publishing posts and retrieving analytics via the Meta Graph API. Privacy policy ↗
SupabaseAuthentication and database hosting. Privacy policy ↗
VercelApplication hosting and edge delivery. Privacy policy ↗

7. Data retention

We retain your data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or accounting purposes.

Waitlist email addresses are retained until you unsubscribe or request deletion.

Post content and performance data associated with your clients is retained for the duration of your subscription and deleted within 30 days of account closure.

8. Your rights

Under the Australian Privacy Act 1988 and applicable laws, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Withdraw consent for data processing at any time
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise any of these rights, email us at info@rellay.com.au. We will respond within 30 days.

9. Data deletion requests

To request deletion of your account and all associated data, email info@rellay.com.au with the subject line "Data deletion request". Include the email address associated with your account.

We will confirm deletion within 30 days. Note that we may retain certain records where required by law (e.g. financial records for tax purposes).

10. Cookies

Rellay uses only essential cookies required for authentication and session management. We do not use advertising cookies, third-party tracking cookies, or analytics cookies.

11. Children's privacy

Rellay is a business tool intended for use by adults. We do not knowingly collect data from anyone under the age of 18. If you believe a minor has provided us with personal data, contact us at info@rellay.com.au.

12. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify active users by email for material changes.

Questions about this policy? info@rellay.com.au