Relex Privacy Policy

Last updated: 2026-03-23
Service: Relex (https://relex.you)
Support: support@relex.you
Privacy / legal contact: legal@relex.you

1. Who We Are

This Privacy Policy explains how Relex collects, uses, stores, shares, and otherwise processes personal data in connection with:

  • the website https://relex.you;
  • any web or mobile applications we operate;
  • case-management, research, drafting, review, collaboration, and AI features;
  • the marketplace and provider directory; and
  • support, security, billing, onboarding, verification, and compliance activities.

The controller for the personal data described in this Privacy Policy is:

Harmoniis Agents Ltd
Registered office: Office 17108, 182-184 High Street North East Ham, London
Registration number: 16990810
Email: legal@relex.you

If a separate affiliate or local entity acts as controller for a specific service or country, we will identify that in the relevant service flow or notice.

2. Roles: When Relex Is Controller and When Relex Is Processor

Relex may act in different roles depending on the data and service context.

2.1 Relex as controller

Relex generally acts as a controller for personal data used to:

  • create and manage user accounts;
  • provide subscriptions and billing;
  • run the public website and provider directory;
  • perform fraud prevention, security, moderation, and abuse handling;
  • verify providers and manage platform trust and safety;
  • respond to support, complaints, and legal requests;
  • send essential service communications; and
  • comply with legal, tax, accounting, and regulatory obligations.

2.2 Relex as processor or service provider

Where Relex provides workspaces, case-management tools, document tools, or similar functionality to an organization that uploads or controls client matter data, Relex may act as a processor (or equivalent service provider) on behalf of that customer for that specific data set.

If required, we will make available a separate Data Processing Addendum (DPA).

3. Categories of Personal Data We Collect

Depending on how you use the Services, we may collect the following categories of personal data.

3.1 Identification and account data

  • name;
  • email address;
  • phone number;
  • username;
  • organization name;
  • job title;
  • account credentials and authentication metadata.

3.2 Billing and transaction data

  • billing address;
  • tax identifiers where required;
  • subscription status;
  • payment-related metadata;
  • invoice data;
  • transaction references;
  • payout and connected-account data when you are a Provider.

3.3 Provider verification and trust-and-safety data

  • identity-verification status;
  • professional-status or credential-verification data;
  • business registration information;
  • licence, chamber, bar, or notarial registration information where applicable;
  • sanctions, fraud, or risk-screening results;
  • moderation records, complaint records, and review-related information.

3.4 Usage, device, and log data

  • IP address;
  • browser and device information;
  • app and session identifiers;
  • language, timezone, and approximate geolocation derived from IP;
  • pages viewed, clicks, and feature usage;
  • error logs, diagnostics, and security logs.

3.5 Content you provide

  • prompts and inputs to AI Features;
  • uploaded files and documents;
  • messages and communications;
  • matter notes, tasks, contacts, and metadata;
  • support tickets and correspondence.

3.6 Special categories and sensitive data

Because Relex is used in legal, regulatory, and compliance contexts, users may choose to upload or input data that is sensitive under applicable law, including health information, official identification numbers, criminal-offence data, or other special-category data.

We do not require such data unless necessary for the intended service or legal compliance, and we ask users not to upload more personal data than needed.

3.7 Children

The Services are not directed to children. We do not knowingly collect personal data from children in violation of applicable law.

4. Sources of Personal Data

We collect personal data:

  • directly from you;
  • from your organization or account administrator;
  • from users who invite you into a workspace or share data with you;
  • from Providers and Customers interacting through the marketplace;
  • from payment and verification providers, including Stripe;
  • from public registries, professional bodies, sanctions sources, or official verification sources;
  • from cookies and similar technologies; and
  • from third-party integrations you choose to connect.

5. Purposes of Processing and Legal Bases

Under GDPR and similar laws, we process personal data only where we have a lawful basis.

5.1 To provide the Services

We process data to register accounts, authenticate users, provide subscriptions, host workspaces, enable case-management and document features, provide AI Features, display provider profiles, and operate core functionality.

Legal basis: performance of a contract; legitimate interests.

5.2 To process payments and subscriptions

We process data to charge subscription fees, manage invoices, handle payouts, prevent payment fraud, and maintain billing records.

Legal basis: performance of a contract; legal obligation; legitimate interests.

5.3 To verify Providers and protect marketplace integrity

We process data to verify identity, review professional status, assess risk, prevent fraud, manage badges, respond to reports, and suspend or delist unsafe or misleading Providers.

Legal basis: legitimate interests; legal obligation where applicable; substantial public interest or another applicable condition where sensitive verification data is involved and local law requires one.

5.4 To operate AI Features

We process prompts, documents, and outputs to generate responses, summaries, extracts, draft text, and other requested functionality.

Legal basis: performance of a contract; legitimate interests.

5.5 To provide support and communicate with you

We process data to answer questions, resolve issues, send service notices, respond to legal requests, and communicate about your account.

Legal basis: performance of a contract; legitimate interests; legal obligation.

5.6 To secure the Services

We process data for logging, incident response, authentication, abuse detection, fraud prevention, monitoring, backup, rate limiting, and vulnerability management.

Legal basis: legitimate interests; legal obligation where applicable.

5.7 To improve and develop the Services

We use analytics, telemetry, diagnostics, and limited service-improvement data to understand usage patterns, improve reliability, and develop features.

Legal basis: legitimate interests; consent where required by law.

5.8 To comply with legal obligations

We may process data for accounting, tax, sanctions compliance, law-enforcement response, court orders, consumer-law compliance, and regulatory reporting.

Legal basis: legal obligation.

5.9 Marketing

We may send product updates, offers, newsletters, or event invitations where permitted by law.

Legal basis: consent where required; legitimate interests where permitted for existing business contacts. You can opt out at any time.

6. AI and Automated Processing Notice

6.1 AI-assisted features

Some parts of the Services use AI-assisted technologies to generate, review, summarize, extract, classify, compare, or suggest content.

6.2 No solely automated legal decision-making by Relex

Relex does not intentionally use solely automated decision-making that produces legal or similarly significant effects on users unless expressly disclosed and lawfully implemented.

6.3 Human review and quality control

We may use human review, testing, abuse monitoring, and audit logging to improve reliability, security, and compliance.

6.4 Model training

Unless we clearly state otherwise in a separate notice or agreement, we do not use customer matter content or provider-client matter content to train general-purpose AI models.

7. Verification, Identity Checks, and Professional Status Checks

If you are a Provider or apply to become one, we may collect and process personal data needed to verify your identity, business status, tax status, banking status, sanctions exposure, and professional or credential status.

This may include checks performed by Stripe or other vendors, as well as checks against official registries or professional bodies.

We may store the outcome of such checks, including statuses such as verified, pending, failed, expired, or suspended.

8. Cookies and Similar Technologies

We use cookies and similar technologies for:

  • essential site operation;
  • authentication and session management;
  • security and fraud prevention;
  • analytics and performance measurement; and
  • preferences and, where permitted, marketing.

Where required by law, non-essential cookies are used only with your consent. You can manage cookie choices through our cookie banner or browser settings.

A separate Cookie Notice may provide more detail.

9. Sharing of Personal Data

We may share personal data with:

9.1 Service providers and subprocessors

Hosting providers, cloud infrastructure providers, analytics providers, email and support providers, AI providers, payment providers, verification vendors, security vendors, and similar service providers that process data on our behalf.

9.2 Other users and workspace participants

Where the nature of the Service requires it, we may share your profile, communications, documents, or collaboration data with other users in your workspace or transaction flow.

9.3 Providers and Customers

If you use the marketplace, relevant information may be shared between Customers and Providers to facilitate contact, service delivery, payment, verification, and dispute handling.

9.4 Public or semi-public profile information

Provider profiles, badges, business descriptions, languages, jurisdictions, ratings, and similar directory information may be visible to other users or the public, depending on your settings and platform design.

9.5 Authorities and legal recipients

We may disclose personal data to courts, regulators, law-enforcement bodies, tax authorities, professional bodies, or other third parties where required by law or reasonably necessary to establish, exercise, or defend legal claims.

9.6 Corporate transactions

We may share or transfer personal data as part of a merger, acquisition, financing, restructuring, sale of assets, or similar transaction, subject to applicable confidentiality and legal protections.

We do not sell personal data in the ordinary meaning of that term.

10. International Transfers

We may process personal data in countries outside the European Economic Area, United Kingdom, or other country where you are located.

Where we transfer personal data internationally, we use an appropriate transfer mechanism where required, such as:

  • an adequacy decision;
  • Standard Contractual Clauses;
  • the UK International Data Transfer Addendum or equivalent; or
  • another lawful safeguard.

You may request more information about applicable transfer safeguards by contacting legal@relex.you.

11. Data Retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and protect the Services.

Retention periods depend on the category of data and purpose. For example:

  • account and billing records: retained for the period required by tax, accounting, and audit laws;
  • support records: retained for as long as reasonably necessary to resolve the issue and maintain support history;
  • verification and compliance records: retained for as long as necessary to manage trust, safety, fraud prevention, and legal obligations;
  • workspace and matter data: retained according to your plan, settings, contractual commitments, and legal requirements;
  • security logs: retained according to operational and security needs.

We recommend preparing an internal retention schedule that maps exact periods by data category and jurisdiction.

12. Security

We apply technical and organizational measures designed to protect personal data, including access controls, role-based permissions, logging, encryption in transit where appropriate, backup measures, provider due diligence, and security monitoring.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If you believe your account or data has been compromised, contact support@relex.you immediately.

13. Your Rights

Subject to applicable law, you may have the right to:

  • access your personal data;
  • correct inaccurate personal data;
  • delete personal data;
  • restrict processing;
  • object to certain processing;
  • receive your data in portable form;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with a competent supervisory authority.

You may exercise rights by contacting legal@relex.you.

We may ask you to verify your identity before responding.

14. Provider and Customer Responsibilities for Data They Upload

Users are responsible for ensuring they have a valid legal basis for uploading, sharing, or otherwise using personal data through the Services.

If you are a Provider, you remain responsible for your own professional, confidentiality, and data-protection duties to your clients unless a separate written agreement states otherwise.

If you are an organizational customer using Relex as a processor, you are responsible for your instructions, legal bases, transparency to your own data subjects, and any required impact assessments.

15. National Identification Numbers and Similar Sensitive Identifiers

We collect government-issued identification numbers, such as passport numbers, national ID numbers, or equivalent national identification numbers, only where necessary, proportionate, and legally justified for onboarding, identity verification, compliance, payment, or similar lawful purposes.

Please do not provide such identifiers in free-text fields or general support tickets unless specifically requested through a secure flow.

16. Third-Party Websites and Integrations

The Services may link to third-party websites or services or allow you to enable third-party integrations.

We are not responsible for third-party privacy practices. Review the privacy notices of those third parties before using them.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Services, law, our processors, or our practices.

If we make material changes, we will post the updated version on the website and may provide additional notice where appropriate.

18. Contact Us

For privacy, data protection, or legal questions, contact:

  • legal@relex.you
  • support@relex.you

Mailing address: Office 17108, 182-184 High Street North East Ham, London

If you are in the EEA/UK/Switzerland, you may also contact your local data protection authority.