Legal

Privacy Policy

Last updated: May 20, 2026

1. Introduction

Relvios, a product of Nzoni App LLC, a limited liability company incorporated in the State of Delaware, United States ("we", "our", "us"), operates the website relvios.com and the Relvios API platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you register, we collect your name, email address, and password (hashed). If you sign up via Google OAuth, we receive your name, email, and profile picture from Google.
  • Organization Data: Organization name, billing details, and team member information you provide within the dashboard.
  • Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers. We receive from Stripe a customer ID, subscription status, and invoice history.
  • Support Communications: Any messages, feedback, or support requests you send to us.

2.2 Information Collected Through Platform Connections

When you connect a third-party social media account (e.g., Twitter, Instagram, LinkedIn, TikTok, YouTube, Facebook, Reddit, Pinterest, Discord), we collect:

  • OAuth Tokens: Access tokens and refresh tokens provided by the platform during the OAuth authorization flow. These tokens are encrypted at rest using AES-256 encryption and are used solely to perform actions you authorize through our API.
  • Profile Information: Basic profile data such as your social media username, display name, profile picture, and account ID, as provided by the platform's API during the OAuth consent process.
  • Content Metadata: When you use our Service to publish, schedule, or manage posts, we store the content you provide (text, media URLs, scheduling metadata) and the platform responses (post IDs, publish timestamps, error messages).
  • Analytics Data: If you use our analytics features, we may retrieve engagement metrics (impressions, likes, shares, comments) from connected platform APIs on your behalf.
  • Inbox / Messages: If you use our inbox features, we may retrieve direct messages or comments from connected platforms to display within the Service, only when explicitly enabled by you.

2.3 Information Collected Automatically

  • Log Data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps.
  • API Usage Data: API endpoint calls, request/response metadata, error logs, and rate-limit usage for your organization.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including authenticating your identity and managing your connected social media accounts.
  • Process API requests to publish posts, schedule content, retrieve analytics, and manage inboxes on your behalf across connected platforms.
  • Process billing and payments through Stripe.
  • Send you transactional communications (account verification, password resets, billing receipts, webhook delivery status).
  • Detect, prevent, and address technical issues, security incidents, and abuse.
  • Improve the Service, including analyzing usage patterns and optimizing performance.
  • Comply with legal obligations.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

  • With Third-Party Platforms: When you use our Service to post, schedule, or engage on social media platforms, we transmit your content and credentials to those platforms via their official APIs. This is the core function of the Service and happens only at your explicit direction.
  • Service Providers: We use third-party services to operate the Service, including Stripe (payments), cloud hosting providers (infrastructure), and email providers (transactional emails). These providers have access only to the data necessary to perform their specific functions.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, user information may be transferred as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.

5. Data Security

  • All OAuth access tokens and refresh tokens are encrypted at rest using AES-256 encryption with a server-side key.
  • User passwords are hashed using bcrypt with an appropriate cost factor.
  • All communications between clients and our servers are encrypted using TLS 1.2+.
  • Webhook payloads are signed using HMAC-SHA256 so you can verify authenticity.
  • API keys use the format sb_live_* / sb_test_* with hashed storage — we never store API key plaintext after initial display.
  • We implement role-based access control (RBAC) with tenant isolation — each organization's data is scoped and inaccessible to other organizations.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until you delete your account.
  • OAuth tokens: Retained while the connection is active. When you disconnect a social account, its tokens are immediately revoked and deleted.
  • API logs: Retained for 90 days for debugging and audit purposes, then automatically purged.
  • Post content: Retained until you delete the post record or your account.

Upon account deletion, we will delete or anonymize all personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Data Portability: Request export of your data in a structured, machine-readable format.
  • Withdraw Consent: Revoke any previously granted consent at any time.
  • Restrict Processing: Request that we limit how we use your data.
  • Object: Object to processing of your data for certain purposes.

To exercise any of these rights, contact us at support@relvios.com. We will respond within 30 days.

8. Third-Party Platform Data Use

When you connect your social media accounts through our Service, please note:

  • We access third-party platform data only with your explicit authorization via OAuth consent flows.
  • We request only the minimum OAuth scopes necessary for the features you use.
  • We do not use data obtained from third-party platforms for advertising, data brokering, or selling to third parties.
  • We do not use platform data to build user profiles for purposes unrelated to the Service.
  • You can disconnect any platform connection at any time from your dashboard, which immediately revokes our access and deletes the stored tokens.
  • Our use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies, if used, are limited to understanding aggregate usage patterns and do not track individual users across sites.

10. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

11. International Data Transfers

Our servers may be located outside your country of residence. By using the Service, you consent to the transfer of your data to jurisdictions that may have different data protection laws. We ensure appropriate safeguards are in place, including standard contractual clauses where applicable.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: