Privacy Policy

Last updated: June 2026

1. Introduction

This Privacy Policy explains how VansoraAI, trading as Relaya ("we", "us", "our"), collects, uses, stores, and protects personal data when you use the Relaya platform.

We are committed to protecting your privacy and processing your data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller for personal data collected through the Relaya platform is:

VansoraAI (trading as Relaya)
Registered with the Information Commissioner's Office (ICO)
Contact: privacy@relaya.one

3. Data We Collect

3.1 Practice Information

  • Practice name, address, and contact details
  • Business registration information
  • Billing and payment information (processed by Paddle)
  • Service configuration and preferences

3.2 Staff Information

  • Names and professional roles
  • Email addresses and phone numbers
  • Login credentials (passwords stored in hashed form only)
  • Usage data and activity logs

3.3 Patient Data

Patient data is processed by Relaya on behalf of your dental practice. In this context, your practice is the data controller and Relaya acts as the data processor. Patient data may include:

  • Patient names and contact details
  • Appointment history and scheduling information
  • Communication records (calls, messages)
  • Any other data your practice inputs into the system

3.4 Technical Data

  • IP addresses and browser information
  • Device type and operating system
  • Usage patterns and feature interactions
  • Error logs and performance data

4. Legal Bases for Processing

We process personal data under the following legal bases:

  • Contract performance: Processing necessary to provide the Relaya service as agreed in our Terms of Service.
  • Legitimate interest: Processing for service improvement, security, fraud prevention, and analytics, where our interests do not override your rights.
  • Consent: Processing for marketing communications and optional features, where you have given explicit consent. You may withdraw consent at any time.
  • Legal obligation: Processing required to comply with applicable laws and regulations.

5. How We Use Your Data

  • To provide, maintain, and improve the Relaya platform
  • To process payments and manage subscriptions (via Paddle)
  • To communicate with you about your account and the service
  • To provide customer support
  • To ensure the security and integrity of our systems
  • To comply with legal obligations
  • To send marketing communications (with your consent)

6. Sub-processors

We use the following third-party sub-processors to deliver our service:

Sub-processorPurposeLocation
PaddlePayment processing, billing, invoicingUK/EU
AWS (Amazon Web Services)Cloud hosting and data storageUK (London region)
TwilioSMS and voice communicationsUK/US
VapiAI voice processingUS
SendGridTransactional email deliveryUS

All sub-processors are bound by data processing agreements that require them to protect your data in accordance with UK GDPR standards.

7. Data Storage and Security

  • All primary data is stored within UK data centres (AWS London region).
  • Data is encrypted at rest and in transit using industry-standard encryption protocols.
  • We implement appropriate technical and organisational measures to protect against unauthorised access, loss, or destruction of data.
  • Access to personal data is restricted to authorised personnel on a need-to-know basis.

8. Data Retention

  • Account data: Retained while your subscription is active, plus 30 days after cancellation to allow for reactivation or data export.
  • Patient data: Retained according to the data retention schedule agreed with your practice. Upon account cancellation, patient data is deleted after the 30-day retention period unless a longer period is required by law.
  • Technical logs: Retained for up to 12 months for security and troubleshooting purposes.
  • Marketing data: Retained until you withdraw consent or unsubscribe.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to data portability: Request your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interest or for direct marketing purposes.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@relaya.one. We will respond within 30 days of receiving your request.

10. Patient Data and Your Practice

When your dental practice uses Relaya to manage patient information, your practice remains the data controller for that patient data. Relaya acts as a data processor, processing patient data solely on your instructions and in accordance with our Data Processing Agreement.

Your practice is responsible for ensuring that appropriate legal bases exist for processing patient data and that patients are informed about how their data is used.

11. International Transfers

Some of our sub-processors operate outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO, or transfers to countries with an adequacy decision.

12. Cookies

Our website and platform use cookies and similar technologies to provide functionality, remember your preferences, and analyse usage. For detailed information about the cookies we use, please refer to our cookie banner settings.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113

We encourage you to contact us first at privacy@relaya.one so we can try to resolve any concerns directly.

15. Contact

For any questions or requests regarding this Privacy Policy or your personal data:

Email: privacy@relaya.one
Company: VansoraAI (trading as Relaya)