BetaProject Relay is in beta — expect updates as we refine the experience.
Post a Project

Legal

Privacy Policy

Effective date: January 1, 2026  ·  Last updated: April 2026

1. Introduction

Project Relay (“we,” “our,” or “us”) is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at www.projectrelay.org (the “Platform”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform. For questions, contact us at privacy@projectrelay.org.

2. Information We Collect

Information you provide directly:

  • Account Information: First name, last name, username, email address, and password when you create an account via email/password signup.
  • Google OAuth Information: If you sign in with Google, we receive your Google account’s name, email address, and profile picture from Google. We do not receive your Google password.
  • Profile Information: Grade level, ZIP code, state, high school name, and whether you are looking for a project.
  • Project Content: Project names, descriptions, links, area, category, and other details you submit when listing a project.
  • Communications: Messages you send to other users through the Platform’s messaging feature. These messages are stored unencrypted and may be reviewed by Platform staff.

Information collected automatically:

  • Usage Data: Pages viewed, features used, search queries, and time spent on the Platform, collected via Vercel Analytics (anonymized and aggregated).
  • Device & Browser Information: Browser type, operating system, device type, and screen resolution.
  • Log Data: IP address, access timestamps, referring URLs, and error reports.
  • Authentication Tokens: Session tokens stored in your browser’s local storage to keep you signed in.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and authenticate your identity;
  • Facilitate project discovery and matching between students;
  • Enable communication between project creators and potential successors;
  • Send in-app notifications about messages, relay requests, and project activity;
  • Improve, personalize, and expand the Platform based on usage patterns;
  • Monitor messaging activity for compliance with our Chat Use Policy and these Terms;
  • Detect and prevent fraud, abuse, spam, and security incidents;
  • Comply with legal obligations, including responding to lawful requests from authorities;
  • Communicate with you about account updates, policy changes, and important notices.

4. Data Processors and Third-Party Services

We work with the following trusted third-party data processors:

  • Supabase, Inc.: Our primary database and authentication provider. Your account data, profile information, project listings, and messages are stored on Supabase’s infrastructure. Supabase operates under a Data Processing Agreement and stores data on servers in the United States. See Supabase’s Privacy Policy.
  • Vercel, Inc.: Our web hosting and deployment provider. Vercel Analytics collects anonymized, aggregated usage statistics (no personally identifiable information). See Vercel’s Privacy Policy.
  • Google LLC: If you use “Sign in with Google,” Google processes your authentication under Google’s Privacy Policy. We only receive basic profile data (name, email, profile picture) from Google.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

5. Sharing Your Information

We may share your information only in the following limited circumstances:

  • With Other Users: Your public profile (username, grade, state, project listings) is visible to other logged-in users. Your email address is never shared publicly.
  • With Data Processors: As described in Section 4 above.
  • Legal Requirements: We may disclose information if required by law, valid legal process (e.g., subpoena, court order), or at the direction of a government authority.
  • Protection of Rights: We may disclose information to protect the safety, rights, or property of Project Relay, our users, or others — including to investigate suspected fraud or abuse.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

6. Data Storage, Security, and Retention

Your information is stored on Supabase servers located in the United States. We implement technical and organizational security measures including encrypted HTTPS transport, row-level security database policies, and access controls to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. In particular, messages sent through the Platform are stored unencrypted in our database and may be accessible to authorized Platform staff.

Retention periods:

  • Active accounts: Data retained indefinitely while your account is active.
  • Deleted accounts: Account data is deleted within 30 days of a confirmed deletion request, except as required by law.
  • Messages: Messages are retained for the duration of your account; deletion requests remove your messages within 30 days.
  • Log data: Server logs are retained for up to 90 days.

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Update or correct inaccurate information via your account settings or by contacting us.
  • Deletion: Request deletion of your account and associated personal data by emailing privacy@projectrelay.org.
  • Data Portability: Request an export of your data in a structured, machine-readable format.
  • Opt-Out: Opt out of non-essential communications (e.g., product updates) through your account settings or by contacting us. Transactional messages (security alerts, account confirmations) are always sent.
  • Withdraw Google Access: Revoke Project Relay’s access to your Google account at any time via your Google account permissions. This does not delete your Project Relay account.

To exercise any of these rights, contact us at privacy@projectrelay.org. We will respond within 30 days.

8. Cookies and Tracking Technologies

We use browser local storage (not traditional cookies) to store your authentication session token so you remain signed in between visits. Vercel Analytics uses anonymized, cookie-free tracking to measure site traffic. We do not use advertising cookies or cross-site tracking cookies. If you clear your browser’s local storage, you will be signed out.

9. Children’s Privacy (COPPA Compliance)

The Platform is not directed to children under 13 years of age, consistent with the Children’s Online Privacy Protection Act (“COPPA”). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has created an account or provided personal information without your consent, please contact us immediately at privacy@projectrelay.org. We will delete such information promptly.

Users between the ages of 13 and 17 must have parental or guardian consent to use the Platform, as described in our Terms of Service. Parents or guardians may contact us to review, modify, or delete their child’s information.

10. Third-Party Links

The Platform may contain links to external websites or services not owned or controlled by Project Relay (e.g., project websites, research links). We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites. We encourage you to review the privacy policy of every site you visit.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by updating the “Last updated” date above and, where required, by sending an email to registered users. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated Policy. If you disagree with the changes, you may request account deletion.

12. Contact Us

For privacy questions, data requests, or concerns about our privacy practices, please contact us at privacy@projectrelay.org. We are committed to resolving complaints about your privacy and our handling of your personal information.