Privacy Policy

Last Updated: June 4, 2026

Overview

Relly ("we", "our", "the App") is a memory journaling application for parents, operated by Gabi Arnovitz. This privacy policy explains how we collect, use, and protect your information.

Important: This app is designed for parents and adult guardians, not for use by children. Parents are the account holders and users. Children do not use the app, but because the app processes information about them (such as names, birthdates, photos, videos, and the content of memories), a child may also be a data subject under laws such as the GDPR. The parent or guardian is responsible for the information they provide about their children.

Information We Collect

Information You Provide

• Email address — Account authentication and transactional emails
• Child names — Memory organization and display
• Child birthdates (optional) — Age calculation for memories
• Child photos (optional) — Avatar display
• Memory photos and videos (optional) — Memory attachments (Premium feature)
• Voice transcripts — Memory content (text only)

Audio Processing

When you record a memory, your audio is sent to a secure third-party service (OpenAI Whisper) for transcription. Here's what you should know:

• Audio is temporary — Your recording is uploaded to our secure storage (Supabase) only so it can be transcribed, and is accessed using short-lived signed links. We delete it after the memory is processed or if you cancel; if processing fails, we delete it as soon as we can. Only the text transcript is kept long-term.
• OpenAI's retention — OpenAI may temporarily retain audio sent to its transcription API for up to 30 days solely to monitor for abuse and ensure service safety, after which it is deleted (unless OpenAI is legally required to keep it longer). OpenAI does not use this data for any other purpose and does not use it to train its models.
• Secure transmission — All audio is encrypted in transit, and our audio storage is private (not publicly accessible)

Automatically Collected Information

• Basic product analytics (app opens, feature usage) collected via PostHog to improve the service — see Analytics below
• Error logs for debugging (anonymized, no personal information)

Voice Data

Relly converts your recordings into text. We use your audio only to produce a transcript. We do not analyze your voice to identify speakers, and we do not create voiceprints or any biometric identifier from your voice. Your recordings are not used to recognize or identify any individual.

Analytics

We use PostHog to measure how parents use Relly (for example, which screens are opened and which features are used) so we can fix problems and improve the app. PostHog receives pseudonymous usage events, an app-generated identifier, and basic device information. We do not use PostHog for advertising, we do not track you across other companies' apps or websites, and we do not sell your data. Because of this, Relly does not show an "Ask App Not to Track" prompt for analytics.

Sign In with Google

If you choose to sign in with Google, Google shares your name, email address, a unique Google account identifier, and your profile photo URL with us so we can create and secure your account. We never see or receive your Google password. Google's handling of your information is governed by Google's Privacy Policy. Relly also offers Sign in with Apple.

Information We DO NOT Collect

• Location data — We do not track your location.
• Device identifiers — We do not collect advertising IDs or device fingerprints.
• Biometric data — We do not use Face ID, fingerprint, or voice biometrics.
• Children's data directly — Children do not use this app; parents provide information about their children.

Third-Party AI Processing

To transform your voice transcripts into organized, beautifully written memories, we use third-party AI services. Here's what you should know:

• Transcription: Audio is sent to OpenAI Whisper for transcription, then deleted
• Memory structuring: The text transcript and your children's first names are sent through OpenRouter to a language model (currently Google's Gemini models, with an OpenAI model as a fallback) to create titles, descriptions, and correctly attribute memories to the right child. To match a memory to the right child we use a temporary, per-request label (such as "child_1") rather than any internal account identifier.
• What is NOT sent to AI: Photos, videos, email addresses, birthdates, internal account identifiers, or other account information
• No training on your content: The providers do not use data sent through their APIs to train or improve their models
• Data retention: Each AI provider keeps data only briefly, if at all, and not for training. OpenRouter routes the request without storing the prompt or response content unless logging is enabled (it keeps limited request metadata). OpenAI may temporarily retain API data for up to 30 days to monitor for abuse, after which it is deleted (unless legally required to keep it longer). Google's paid Gemini API does not use the data to improve its products and retains it only as needed for abuse monitoring and legal compliance. None of the providers use your data for any other purpose.

How We Use Your Information

1. Provide the service — Store and display your memories
2. Send transactional emails — Memory exports and account notifications
3. Improve the app — Pseudonymous product analytics (see Analytics above)
4. Customer support — Respond to your inquiries

We do NOT:

• Sell your data to third parties
• Use your data for advertising
• Share photos or memories with anyone except at your request (export feature)
• Train AI models on your content

Third-Party Services

We use the following services to operate the app:

Data Storage and Security

Your data is stored on Supabase, which uses Amazon Web Services (AWS) infrastructure with:

• Encryption at rest — AES-256 encryption for all stored data
• Encryption in transit — TLS/SSL for all data transmission
• SOC 2 Type 2 compliance — Independently audited security controls
• Row-Level Security — Database policies ensure you can only access your own data

Photos and videos are encrypted at rest (AES-256) and in transit (TLS/SSL). Access is controlled through signed URLs with short expiry windows.

Security Incidents

If a data breach affecting your personal information occurs, we will notify the relevant supervisory authority within 72 hours where required by law, and we will notify you without undue delay if the breach is likely to result in a high risk to your rights.

Data Retention

• Active accounts — Data retained while your account is active
• Deleted accounts — All data permanently deleted within 30 days
• Backups — Database backups retained for 7 days for disaster recovery
• Photos and videos — Deleted when you delete the associated memory or your account

Your Rights

• Access and Export — You can export any memory via email at any time from within the app.
• Correction — You can edit your memories, child profiles, and account information at any time.
• Deletion — You can delete your account at any time from Settings. This will permanently delete all your data, including your profile, children profiles, all memories, photos, and associated data.
• Data Portability — Contact us to request a full export of your data in a machine-readable format.

Children's Privacy

This app is designed for use by parents and adult guardians. While the app stores information about children (provided by their parents), children are not intended users of this app.

• Parents maintain full control over all information about their children
• Parents can delete child profiles at any time
• Photos and videos of children are stored securely and only accessible by the parent account and the family members the parent invites
• We do not collect information directly from children
• We do not use children's information for advertising, and we do not sell or share it with advertisers or data brokers

Relly is not directed to children and is NOT categorized as a "kids app." Any information about a child in the app — such as a first name, birthdate, photos, videos, and the content of memories — is provided by you, the parent or guardian, about your own family. You are responsible for having the right and any necessary consent to upload content depicting a child, and a parent or guardian may request access to or deletion of a child's information at any time.

International Users

For Users in the European Economic Area (EEA)

If you are in the EEA, you have rights under GDPR including:

• Right to access your data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with your supervisory authority

Legal Basis: Our legal basis for processing is:

• Your consent (provided when you create an account)
• Contract performance (operating the service you requested)
• Legitimate interest (improving the app, preventing fraud)

Data Transfers: Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place.

For Users in California (CCPA)

California residents have additional rights including:

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information (we do not sell data)
• Right to request deletion
• Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at the email below.

For Users in Israel

This app complies with Israeli privacy regulations. All data handling follows the principles of the Privacy Protection Law, 5741-1981.

Contact Us

For privacy questions, data requests, or concerns:

• Email: relly.it.now@gmail.com
• Address: Gidon 28, Jerusalem, Israel
• Website: https://rellyit.com

We aim to respond to all requests within 30 days.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email notification or in-app notification. Continued use of the app after changes constitutes acceptance of the updated policy.