Privacy Policy

This Privacy Policy explains how Relay Spatial, Unipessoal Lda, a company incorporated under the laws of Portugal, collects, uses, stores, and protects your personal data in connection with the Ashti application (“Service”).

We are committed to protecting your privacy and handling your data in a transparent manner consistent with the European Union General Data Protection Regulation (GDPR) and applicable Portuguese data protection law.

By using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your data as described herein.

We collect the following categories of personal data:

• Account Data: Your name, email address, and hashed password, collected when you register for an account.
• Communication Data: The text you submit as “Private Intake” entries. This content is processed by our AI pipeline to extract anonymised semantic themes. Raw emotional or subjective text is not retained in its original form after processing.
• Relationship Metadata: Information about the connections you create on the platform, including the relationship type tag and the email address of your invited co-participant.
• Technical Data: IP addresses, browser type, session tokens, and access logs, collected automatically for security and operational purposes.
• Payment Data: Transaction identifiers processed through our third-party payment provider (Stripe). We do not store your full card details.

We use your personal data for the following purposes:

• To provide, operate, and improve the Service, including generating AI-assisted mediation reports from anonymised communication themes.
• To authenticate your identity and maintain the security of your account and associated Enclaves.
• To send transactional emails, including account verification, password reset links, and invitation notifications, via our email delivery provider (Resend).
• To process payments and maintain billing records in compliance with our legal obligations.
• To detect, investigate, and prevent fraudulent or unauthorised activity, including logging access attempts to secured resources.

We do not sell, rent, or trade your personal data to third parties for marketing purposes. Data is shared with sub-processors only to the extent necessary to deliver the Service (e.g. Stripe for payments, Resend for email, Neon for database hosting).

We retain your account data for as long as your account is active. If you delete your account, we will erase your personal data within 30 days, except where retention is required by law (e.g. financial records).

Security logs containing access attempt records are retained for a maximum of 12 months and then permanently deleted.

As a company operating within the European Union, we are subject to the General Data Protection Regulation (GDPR) (EU) 2016/679. Under the GDPR, you have the following rights with respect to your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request that inaccurate or incomplete data be corrected.
• Right to Erasure: You may request the deletion of your personal data, subject to our legal retention obligations.
• Right to Data Portability: You may request your data in a structured, machine-readable format.
• Right to Object: You may object to certain processing activities, including automated decision-making.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@relayspatial.com. We will respond within 30 days. You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) at cnpd.pt.

For any privacy-related enquiries or data subject requests, please contact our Data Controller at: privacy@relayspatial.com.