Legal

Privacy Policy

Last updated: 15 April 2026

This policy explains how Relay Community Ltd ("Relay", "we", "us" or "our") collects, uses and protects your personal data when you visit joinrelay.community, sign up to our waitlist, or use any related service we provide. We are committed to handling your information in line with UK data protection law — namely the UK GDPR and the Data Protection Act 2018.

By using our site and services you agree to the terms of this policy. If you do not agree, please stop using the site.

1. Who we are

Relay Community Ltd is a private limited company registered in England and Wales. We operate the Relay platform — a UK-only private community providing custom monitors, restock alerts, early information and 1:1 coaching for trading cards, trainers, tickets and related resale markets.

  • Registered office: [TBC — registered address]
  • Company number: [TBC]
  • Contact: hello@joinrelay.community

For the purposes of UK data protection law, Relay Community Ltd is the "controller" of your personal data. That means we decide what data is collected and why, and we are responsible for keeping it safe.

2. What data we collect

We only collect data we need to run and improve the service. We group it into four categories.

Waitlist & account data

When you join the waitlist or sign up for access via our membership partner, we (or they) collect your name, email address, and any profile information you choose to share. If you sign up through our membership partner (Whop), your account credentials and payment details are handled by Whop — we do not see or store your card data.

Technical & device data

When you visit the site, our hosting and analytics providers automatically collect limited technical information: your IP address (truncated where possible), browser type and version, operating system, referring URL, pages viewed, and timestamps. This is used to keep the service running, prevent abuse, and understand which pages and features are useful.

Cookies & similar technologies

We use a small number of cookies and local-storage keys. These are limited to what is necessary to run the site (for example, remembering whether you've already seen the page reveal animation in a given browser session) and, where you consent, lightweight analytics to understand site performance. We do not use advertising cookies or track you across other websites.

Support & correspondence

If you contact us by email, via the community, or through any support channel, we keep a record of that correspondence so we can respond and improve our service.

3. Why we use your data (legal basis)

Under UK GDPR we must have a lawful basis for processing your data. The bases we rely on are:

  • Performance of a contract — to provide the services you've signed up for, including sending alerts, delivering coaching, and managing your membership.
  • Legitimate interests — to keep the service secure, prevent abuse, understand how the site is used, and improve our product. We balance this against your rights, and you can object at any time.
  • Consent — for optional analytics cookies and any marketing communications that require it. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting and other statutory record-keeping requirements.

4. Who we share your data with

We do not sell your personal data. We share it only with trusted service providers that help us run Relay, and only to the extent they need to do their job. Current processors include:

  • Whop — our membership and payment partner. Handles account creation and card payments.
  • Vercel — our hosting provider. Serves the site and handles basic request-level logging.
  • Email and community tooling — used to send waitlist updates and support replies, and to run the private community chat.

Each of these providers is bound by their own data processing terms and only handles the data necessary for the service they provide. We may also disclose your data if required by law, to protect our rights, or in connection with a business restructure — in which case we'll let you know.

5. International data transfers

Some of our processors are based outside the UK. Where data is transferred outside the UK, we rely on recognised safeguards such as the UK extension to the EU-US Data Privacy Framework and the International Data Transfer Addendum to the European Commission's Standard Contractual Clauses. You can request a copy of the relevant safeguard by contacting us.

6. How long we keep your data

We keep your data only as long as we need it:

  • Waitlist & account data — for as long as your account is active, and up to 12 months after you cancel, so we can handle any follow-up or reactivation.
  • Payment & billing records — for 6 years after the transaction, as required by UK tax law.
  • Support correspondence — for up to 2 years after the issue is resolved.
  • Technical logs & analytics — for short rolling windows (typically 30 days to 14 months) depending on the provider.

7. Your rights

Under UK GDPR you have the right to:

  • Request a copy of the personal data we hold about you.
  • Ask us to correct data that is inaccurate or incomplete.
  • Ask us to delete your data (the "right to be forgotten"), subject to legal retention requirements.
  • Ask us to restrict or object to the way we use your data.
  • Ask us to transfer your data to another provider.
  • Withdraw consent, where we rely on it.

To exercise any of these rights, email us at [TBC — support inbox]. We'll respond within one month.

If you think we've mishandled your data, you can complain to the UK's Information Commissioner's Office at ico.org.uk. We'd appreciate the chance to sort it out first, but you don't have to come to us before going to the ICO.

8. Security

We take reasonable technical and organisational measures to protect your data — encryption in transit, access controls, least-privilege for staff and contractors, and regular review of our processors' security practices. No online service is ever 100% secure, but we treat your data with the same care we'd want our own handled with.

9. Children

Relay is intended for users aged 18 and over. We do not knowingly collect personal data from under-18s. If you believe a child has provided us with their data, please contact us and we'll delete it.

10. Changes to this policy

We may update this policy from time to time as the service evolves or the law changes. The "last updated" date at the top of this page will reflect the most recent revision. If the changes are material we'll let registered users know by email.

11. Contact

Questions about this policy, or about your data, can be sent to hello@joinrelay.community. We read every message.