Privacy Policy
Effective date: 2026-05-09 (date of first publication on relaymetry.com)
Last updated: 2026-06-29 (added accounts & sign-in (P11), the personal dashboard & domain monitoring (P12), the public API (P13), subscribe / upgrade requests (P14), and the email-deliverability test (P15), ahead of opening account registration)
Change summary (2026-06-29): We are introducing optional user accounts (so you can save domains and receive monitoring alerts), a public API, and a paid-plan request flow. This update adds the processing activities for account registration & sign-in (P11), the personal dashboard & domain monitoring (P12), the public API (P13), and subscribe / upgrade requests (P14); it also documents the existing email-deliverability test (P15). No new sub-processors were added, we still set no cookies, and we still do not sell personal data. This summary is shown for at least 30 days from the date above.
This Privacy Policy explains how Relaymetry ("the Service", "we", "us", "our") collects, uses, shares, and protects personal data of visitors and users.
The Service is not directed at, marketed to, or intended for residents of the European Economic Area or the United Kingdom. Users access the Service at their own initiative and at their own risk regarding compliance with their local law. We do not knowingly collect personal data from residents of jurisdictions where doing so would require local registration or representation we have not obtained. Such residents may contact privacy@relaymetry.com for deletion.
1. Who we are (Data Controller)
Relaymetry is currently operated by an individual founder (a natural person). The Service is not yet incorporated as a legal entity. The named data controller responsible for the processing of your personal data is:
- Name: Vadim Ivanov.
- Contact email: privacy@relaymetry.com.
- Postal address: 27 Old Gloucester Street, London WC1N 3AX, United Kingdom.
If we incorporate as a legal entity in the future, the entity will replace the individual as data controller.
1.1 Pre-launch operating model
Relaymetry is in a pre-launch phase. Operating as a natural-person data controller is a legitimate model and will be revisited on incorporation.
2. What this Policy covers
This Privacy Policy applies to:
- The website at
https://relaymetry.comand all subdomains operated by us. - The free domain-health check tools (Mail Exchange, SPF, DKIM, DMARC, blacklist, TLS) and the email-deliverability test.
- The waitlist sign-up form and the subsequent confirmation email exchange ("Double Opt-In").
- Optional user accounts (registration, sign-in, the personal dashboard, and saved domain monitoring) and the public API.
- The paid-plan request ("Subscribe") flow, where you ask us about a paid plan. Paid plans are arranged individually (see our Terms of Service); we do not operate an automated payment, subscription, or billing system, and this Policy will carry additional disclosures specific to any billing feature at the time it is introduced.
It does not apply to:
- Third-party websites we link to from our pages — those are governed by their own privacy policies.
- The personal email accounts of our founder used outside the Service.
- Internal sub-processor activities not directed by us (their processing on their own behalf is governed by their own policies).
3. Personal data we collect
We collect the minimum personal data needed to operate the Service. The categories below correspond to specific processing activities (called P1 through P15 in our internal records).
3.1 Waitlist sign-up (P1)
When you submit our waitlist form, we collect:
- The email address you enter.
- The domain name you optionally associate with your sign-up (used to send you future relevant updates).
- A hashed source IP address (
SHA-256(your IP || a server-side salt that rotates monthly)) for abuse prevention and rate limiting. The raw IP address is discarded immediately after hashing. - The User-Agent header sent by your browser.
- The timestamp of your submission.
- A cryptographically random Double Opt-In token that we send to you in a confirmation email. The token is stored in our database in hashed form; we never persist its plaintext after issuance.
We send you a single confirmation email asking you to click a link to confirm your sign-up (this is the Double Opt-In). If you do not confirm within 48 hours, we delete the pending record automatically.
3.2 Free domain-health check tools (P2)
When you submit a domain to one of our tools (/tools/mx-lookup, /tools/spf-checker, /tools/dkim-checker, /tools/dmarc-checker, /tools/blacklist-lookup, /tools/tls-check) or to the homepage snapshot form, we collect:
- The domain name you enter. Domain names are usually not personal data of the submitter, but please note: by submitting a domain, you may reveal a third-party relationship (for example, your employer's domain). Please do not submit domains whose existence you consider confidential.
- A hashed source IP address (same as P1) for abuse prevention.
- The User-Agent header.
- A request identifier (UUID) for our internal correlation.
- Cached DNS query results for the submitted domain (this is technical data about the domain, not about you).
Publication of third-party domain data: We render the DNS metadata you submitted to public, search-indexable URLs (such as /report/<domain> and /tools/<tool>/<domain>) so that other users can reference and share diagnostic results. This is public information queryable from any DNS resolver. We redact identified personal data fields (such as the SOA RNAME zone-administrator email) before display. Domain owners may request removal through the takedown procedure described in our Terms of Service §10.
3.3 Anti-abuse and rate-limiting (P3)
To protect the Service against denial-of-wallet attacks, scraper abuse, and waitlist spam, we maintain:
- Rate-limit counters keyed by hashed IP and a time-window timestamp. These counters live in Redis with a short Time-To-Live and contain no identifying information beyond the hashed IP.
- An abuse-bans table containing entries inserted by us in response to detected abuse. Entries record the kind of ban (
ip/email/domain), the value (hashed where applicable), the reason, and an expiry date.
3.4 Outbound transactional email (P4)
We send you a transactional email when:
- You submit the waitlist form (Double Opt-In confirmation email).
- You request a re-send of the confirmation email.
- (Future, in our Ship 1.5 release) You receive your weekly domain-health diff email.
For each outbound email we record send-status data returned by our email service provider (delivered / bounced / soft-bounced / complained) and link it to your subscription record.
3.5 The privacy@ inbox (P5)
When you email privacy@relaymetry.com, we receive the full content of your email, including:
- Your email address.
- Subject line.
- Message body.
- Any attachments you include.
This mailbox is operated through Cloudflare Email Routing, which forwards messages to the founder's personal inbox where they are read and answered manually.
3.6 Web analytics (P6)
We use a privacy-friendly analytics service (Plausible) that does not set cookies, does not retain your IP address, and does not track you across sites. The service collects:
- The page path you visit on our site.
- The country and region derived from your IP at the time of the page view (the IP itself is then discarded).
- Your browser type, operating system, and device class.
- The referrer URL if your visit came from a link on another site.
- A small set of custom events that we trigger when you submit forms, click "Recheck", or copy share-links.
These statistics are aggregated and anonymous; no individual visitor record is retained.
3.7 Error tracking (P7)
To diagnose production errors quickly, we send error reports to a Sentry-protocol-compatible error tracker that we self-host on our own infrastructure (Fly.io, Frankfurt). Each error report contains:
- The error stack trace.
- The request identifier (matching our server-side logs).
- Your User-Agent header.
- The URL of the page where the error occurred, with sensitive query parameters (such as email addresses and tokens) stripped before transmission.
- A breadcrumb log of the most recent server-side calls preceding the error.
We do not include raw user input, email addresses, or token values in error reports.
3.8 Operational logs (P8)
We log technical information about each request to help us debug issues and audit security events. Each log entry contains:
- A request identifier.
- The route (URL path).
- The HTTP method and status code.
- Response timing.
- The hashed IP (where logged).
- Any error category raised during the request.
- Operator-defined contextual fields with no personal data included.
Sensitive keys are scrubbed before logs are written, by the same mechanism described in Section 3.7.
3.9 Cloudflare DNS and Email Routing (P9)
The relaymetry.com domain is hosted on Cloudflare's authoritative DNS infrastructure, and inbound mail to privacy@relaymetry.com is processed through Cloudflare Email Routing. Cloudflare may collect operational metadata about DNS queries and email delivery (request IPs, timing, geolocation) according to their own published privacy practices.
3.10 Expert-help lead form (P10)
If your free check finds problems, we may show a contextual offer to fix them for a one-time fee. If you submit that form, we collect your email address, the domain you checked, an optional free-text note you choose to write, and a bounded summary of what the check found (how severe it was and how many issues there were, not the detailed results). We also store a hashed version of your IP address and your browser's user-agent for abuse prevention. We use this only to reply to your request and to scope the work, relying on our legitimate interest in responding to a request you initiated. We keep these lead records for up to 24 months from our last contact with you, or until you ask us to delete them at privacy@relaymetry.com, whichever comes first. This paid service is not offered to clients in the European Economic Area or the United Kingdom. There is no consent checkbox and no cookie involved; submitting the form is your request to us.
3.11 Account registration & sign-in (P11)
If you create an account (optional — the free tools and the test do not require one), we collect:
- Your email address — your sign-in identifier and the address for account + monitoring notifications.
- Your password, stored only as a salted one-way hash. We never store, log, or are able to recover your plaintext password.
- An email-verification token (stored hashed, single-use, time-limited) sent to confirm your address; and, if you use password reset, a similarly hashed, single-use, time-limited reset token.
- An authentication session cookie — a signed token that keeps you signed in. It is strictly necessary for the account to function, contains no third-party identifiers, and is never used for advertising or cross-site tracking. (This is the only cookie the Service sets, and only once you sign in — see Section 8.)
- The timestamps of registration and sign-in, plus a hashed source IP and User-Agent for abuse prevention (same hashing as P1).
We process this to create and secure your account and to provide the features you sign in for (performance of the service you request). You may delete your account at any time by emailing privacy@relaymetry.com; deletion erases your account and the data tied to it, subject to Section 6.
3.12 Personal dashboard & domain monitoring (P12)
When you add a domain to monitor in your account, we store:
- The domain name(s) you choose to monitor and any per-domain settings (for example, a DKIM selector you specify).
- The results of the automated health checks we run on those domains on a schedule, and the change history of those results over time, so you can see what changed.
- Your notification preferences per domain (off / weekly digest / instant) and the timestamps of alerts we send you.
- An optional public status-share link: if you choose to enable it, we generate a random token that exposes a read-only status page for that domain at a non-guessable URL. It is off by default; you create it deliberately and can disable or regenerate it at any time.
The check results are technical data about the domains you monitor (see the note in P2 about submitting domains that may reveal a third-party relationship). We use this only to provide the monitoring and alerting you asked for.
3.13 Public API (P13)
If you use our API, we collect:
- API keys issued to your account. A key is stored only as a SHA-256 hash; the full key is shown to you once at creation and is never stored, re-displayed, or logged by us. We keep a short non-secret prefix so you can recognise a key in your list, plus an optional label you set.
- Usage and rate-limit counters per key (request counts within a time window, last-used timestamp) to enforce quotas and prevent abuse.
Domains and checks you submit through the API are processed exactly as in P2 — the API is an authenticated interface to the same check engine.
3.14 Subscribe / upgrade requests (P14)
When you submit a paid-plan request via our pricing page ("Subscribe"), we collect:
- Your email address and the plan (tier) you are interested in.
- An optional free-text message you choose to write.
- A hashed source IP and your User-Agent for abuse prevention (same hashing as P1).
A Subscribe request is a request for us to contact you — it is not a purchase, an order, or a payment (see our Terms of Service). We use it only to respond to you about the plan you asked about. There is no consent checkbox and no cookie; submitting the form is your request to us.
3.15 Email-deliverability test (P15)
Our send-to-address deliverability test issues you a one-time address and analyses an email you send to it:
- When you send your test message, we receive the full raw email (its headers and body) at that one-time address solely to analyse it.
- We extract a server-built verdict — authentication results (SPF / DKIM / DMARC alignment), a deliverability score, and diagnostic findings.
- We then discard the raw message immediately after the analysis completes (it is erased from storage), and the whole test record is automatically deleted after a short time-to-live (approximately 30 minutes). We retain only the derived verdict for the brief life of the record, plus a hashed source IP for abuse prevention.
- Optionally, if you ask us to email you a copy of the report, we collect your email address and the domain together with the result snapshot, and we send a Double Opt-In confirmation first — we email the report only after you confirm. You may ask us to delete this at
privacy@relaymetry.com.
We never log the raw message, the sender address, or the contents of your test email.
3.16 What we do not collect
- We do not request or store your real name unless you voluntarily include it in a message you send us.
- We do not use cookies on our website. We do not set tracking pixels.
- We do not collect special-category data (data revealing racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic data, biometric data for identification, health data, or sex life or sexual orientation).
- We do not knowingly collect data from children under 16. The Service is not directed at children.
- We do not perform automated decision-making that produces legal or similarly significant effects on you.
- We do not sell your personal data. We do not share your personal data with advertisers.
4. How we use your data
We process personal data only for the purposes described in Section 3 above and only as needed to operate the Service. We do not use data for purposes you have not been informed of. Where we rely on your consent (waitlist sign-up), you may withdraw consent at any time by clicking the unsubscribe link in any email we send you, or by emailing privacy@relaymetry.com. Where you create an account, use the API, or submit a request to us (P11–P14), we process the associated data to provide the feature you asked for and to keep it secure (performance of the service you request); you may delete your account or ask us to delete a request at privacy@relaymetry.com at any time.
5. Sub-processors
We use the following sub-processors to operate the Service. Each is bound by a Data Processing Agreement (or equivalent contractual instrument) requiring them to process your personal data only for the purposes we specify, with appropriate technical and organisational safeguards.
| Sub-processor | Purpose | Region |
|---|---|---|
| Cloudflare, Inc. | Authoritative DNS for relaymetry.com; inbound mail routing for privacy@; future CDN. | Global anycast network (US-affiliated). |
| Resend (Resend Labs Inc.) | Outbound transactional email (Double Opt-In confirmation; future weekly diff alerts). | EU-West-1 (Ireland). |
| Plausible Insights OÜ | Anonymous, cookieless web analytics. | EU (Estonia / Germany). |
| Fly.io, Inc. | Application hosting and self-hosted error tracker (GlitchTip). | EU (Frankfurt). |
| Upstash, Inc. | Redis hosting for rate-limit counters and ephemeral cache. | AWS eu-west-1 (Ireland). |
| Neon (Databricks, Inc.) | Serverless PostgreSQL primary database. | AWS Europe Central 1 (Frankfurt). |
Some of the sub-processors above rely on their own backend providers (for example, AWS for compute or Google for delivery) per their published sub-processor disclosures. We do not share your personal data with any third party other than the sub-processors above, except where required by law.
6. How long we keep your data
| Data category | Retention |
|---|---|
| Pending (unconfirmed) waitlist sign-up | 48 hours, then automatically deleted by a nightly cleanup job. |
| Confirmed waitlist sign-up | Until you unsubscribe, OR until 24 months of inactivity (whichever is earlier). |
| Unsubscribed waitlist record | 30 days for audit, then permanently deleted. |
| Expert-help paid-fix lead record | 24 months from our last contact with you, OR on a privacy@relaymetry.com deletion request (whichever is earlier). |
| Account (registration, sign-in, profile) | Until you delete your account, then erased; a short audit window (up to 30 days) may apply to related security logs. |
| Domain monitoring (domains, check results, change history, preferences) | While the domain is in your account; deleted when you remove the domain or delete your account. Free-tier change history is queryable for the most recent 90 days. |
| Public status-share token | Until you disable or regenerate it, or remove the domain / delete your account. |
| API key | Until you or we revoke it, or you delete your account. Per-key usage / rate-limit counters expire on a rolling short window. |
| Subscribe / upgrade request | 24 months from our last contact with you, OR on a privacy@relaymetry.com deletion request (whichever is earlier). |
| Email-deliverability test record | The raw email is erased immediately after analysis; the whole record is auto-deleted at a short time-to-live (approximately 30 minutes). |
| Emailed deliverability-report request (only if you opt in) | Pending (unconfirmed) requests expire automatically; a confirmed record is kept until you ask us to delete it at privacy@relaymetry.com. |
| Hashed IP and abuse-prevention records | Rolling 30-90 days. The salt used for hashing rotates monthly, so older hashes become unlinkable to your current IP after one rotation cycle. |
| DNS query results (cached) | 1 hour to 24 hours per zone type. These are technical results about a domain, not about you. |
| Outbound email logs | Per the email provider's retention (typically 30-90 days). |
| Inbox messages to privacy@ | Retained for the duration of the inquiry plus a reasonable archive period for audit (typically up to 5 years), unless you request earlier deletion. |
| Web analytics (Plausible) | Aggregate retention per Plausible's default; no individual records stored. |
| Error reports (GlitchTip) | 90 days (GlitchTip 6.1.6 default event_retention_days setting on our self-hosted instance; configurable downward on erasure request). |
| Operational server logs | Approximately 30 days. |
When the retention period for a category expires, the data is hard-deleted from our systems and from the relevant sub-processor where we have direct control.
7. Your rights
Regardless of your jurisdiction, you may at any time request access to, correction of, or deletion of personal data we hold about you by contacting privacy@relaymetry.com. We will respond within 30 days on a good-faith basis. We do not charge for handling such requests, except where a request is manifestly unfounded or excessive (typically because of repetitive nature), in which case we may charge a reasonable fee or refuse the request. Where we rely on your consent (for example, waitlist sign-up), you may withdraw it at any time via the unsubscribe link in any email we send you.
8. Cookies
We set no cookies for browsing or analytics. You can use the website, the free tools, and the deliverability test with no cookie at all, and our analytics service (Plausible) operates without cookies and without persistent identifiers.
The only cookie we set is a strictly-necessary authentication session cookie, and only after you sign in to an account. It keeps you signed in, cannot be turned off without breaking sign-in, carries no third-party or advertising identifiers, and is not used to track you across sites. A strictly-necessary session cookie of this kind does not require a consent banner, so none is shown.
If we ever introduce a non-essential cookie, we will publish a separate Cookie Policy and (where required by law) display a granular consent banner before setting it.
9. Security
We protect your personal data using the following safeguards:
- Encryption in transit: all connections to and from our servers use TLS 1.2 or higher.
- Encryption at rest: sub-processor-level disk encryption is required and verified at our Data Processing Agreement review.
- Access controls: only the founder accesses production systems, via authenticated SSH and an internal admin command-line interface.
- Pseudonymisation: source IP addresses are hashed at ingestion with a salt that rotates monthly; older records become unlinkable to current IPs.
- Credential protection: account passwords are stored only as a salted one-way hash (never plaintext, never logged); API keys are stored only as a SHA-256 hash and the full key is shown to you once at creation; verification, reset, and share tokens are stored hashed.
- Data minimisation: the waitlist captures email and (optionally) a domain — nothing else. Free-tool usage logs minimal session metadata only.
- Vulnerability management: automated dependency scanning (
npm audit, Dependabot weekly) and prompt patching of critical advisories. - Operational discipline: secrets stored in our hosting provider's secret manager and rotated quarterly. Deployment via reproducible builds.
We are committed to notifying you of a personal data breach affecting you within 72 hours of becoming aware of it.
10. Changes to this Privacy Policy
We may update this Policy from time to time to reflect changes in our processing, in the law, or in our sub-processor relationships. The current version is identified by the "Last updated" date at the top.
For material changes (changes that affect your rights or expand the scope of processing), we will:
- Update the "Last updated" date.
- Publish a change-summary at the top of this page for at least 30 days.
Non-material changes (typo corrections, formatting, sub-processor additions that do not materially expand processing) are reflected by updating the date alone.
A change-history of this Privacy Policy is available in our public repository at https://gitlab.com/evilmorte/relaymetry under docs/legal/privacy-policy.md — the git commit log of that file is the authoritative record of every change.
11. Contact
For any privacy inquiry:
- Email: privacy@relaymetry.com.
- Postal address: available on request.
We will respond to all good-faith inquiries.
This Privacy Policy was authored by the controller and is maintained in version control. The latest version is always available at https://relaymetry.com/privacy. The full edit history is publicly accessible in the project's source repository.