Legal
Relay Privacy Policy
Relay is built on the Internet Computer Protocol and uses end-to-end encryption to provide private messaging, voice calls, video calls, and file transfer to users worldwide. Your calls and messages are always encrypted and stored only in your own personal canister — a sovereign encrypted vault that only you control. Unlike other messaging platforms, Relay has no central servers. We cannot access your data even if we wanted to.
Information you provide
Account Information.
Relay does not require a phone number, email address, or any personally identifying information to create an account. You first create an Internet Identity — a cryptographic credential generated on your device using your biometric hardware (Face ID or Touch ID). Internet Identity is your login key to the network and is created before and separately from anything else in Relay. You then create a Network ID — a self-chosen pseudonymous identifier that is your address on the Relay network. Think of your Network ID as your new phone number — it is what you share with people who want to reach you, it has no required connection to your real world identity, and it is the only name anyone on the network sees.
Your account also has a Canister ID — a unique identifier for your personal encrypted vault on the Internet Computer. Your Canister ID is the technical address of your data on the decentralized network. You may have multiple Internet Identities, each with its own Network ID and its own separate Canister ID — they are completely independent of each other. There is no profile name option. Your Network ID is your only identity on the network.
Messages.
Relay cannot decrypt or otherwise access the content of your messages, calls, or file transfers. Unlike other messaging platforms that queue encrypted messages on their own servers for offline delivery, Relay stores your messages directly in your own personal canister on the Internet Computer — a decentralized blockchain network. Your messages never pass through or rest on any server owned or operated by Knightsky. Your message history lives in your canister, which is controlled entirely by your Internet Identity credential. Knightsky has no access to it under any circumstances.
Calls and Video.
Voice and video calls are transmitted peer-to-peer using WebRTC encryption. Call audio and video never pass through Relay or Knightsky infrastructure. Call signaling — the technical handshake that establishes a connection — passes through your personal canister on the Internet Computer, not through any Knightsky server. Call logs recording duration and timestamp are stored in your canister and are not accessible to Knightsky.
Contacts.
Relay does not scan, upload, or access your device's address book under any circumstances. Contact discovery does not exist on Relay by design. You add contacts only by manually entering a Network ID or Canister ID shared directly with you by that person. Nobody can find you on Relay unless you personally share your Network ID with them. This is a stronger privacy model than other messaging platforms, which use various methods including address book scanning, phone number lookup, or username search to allow strangers to find you.
Network Participation Data.
If you enable relay mode, your device participates in routing encrypted traffic for other users on the network. The only data Relay collects for this purpose is your verified relay event count, your node uptime percentage, and your accumulated earnings balance. This data lives in your canister and in the node directory canister on the Internet Computer. It is used solely to calculate relay earnings distributions. No message content, sender identity, recipient identity, or communication metadata is ever logged as part of relay participation. Relay operators cannot read the content of packets they relay — they are encrypted blobs passing through.
Technical Infrastructure.
A small amount of technical information is maintained by the network to operate the service. This includes your Canister ID (a pseudonymous identifier on the Internet Computer with no required connection to your real identity), your Network ID, and your public encryption key used to encrypt messages sent to you. Aggregate network statistics including total user count and total relay event counts are visible to Knightsky as the network operator. Knightsky can see that canisters exist and aggregate counts. Knightsky cannot see who owns any canister, what messages any canister contains, who any user is communicating with, or any personally identifying information. This is not a policy choice — it is a technical impossibility given the architecture.
User Support.
If you contact Relay support, any information you share is used only to address your issue and is not retained beyond that purpose.
Information we share
Relay collects no personally identifiable information about its users. We have no user data to sell, share, or monetize because there is none. If we run advertising to attract new users, that advertising is targeted using demographic and interest tools provided by ad platforms — not using any data collected from Relay users. Our architecture makes user data collection technically impossible, not just against our policy. Basically, we're shooting in the dark.
Third Parties.
Relay uses Cloudflare for TURN server infrastructure, which relays call traffic in cases where a direct peer-to-peer connection cannot be established. Cloudflare processes connection metadata in accordance with their privacy policy. Cloudflare does not have access to call content, which remains end-to-end encrypted. Apple and Google push notification services are used to deliver incoming call and message alerts on iOS and Android respectively. Apple and Google know that a notification was sent to your device and when — they cannot see the content of any notification. This is the same tradeoff made by other privacy-focused messaging applications on iOS and Android. On GrapheneOS, UnifiedPush is available as an alternative that eliminates Apple and Google involvement entirely.
Legal requests.
Unlike other messaging platforms that operate centralized servers that can be subpoenaed, Relay operates no central servers. Your data lives in your own canister on the Internet Computer, a decentralized network operated by independent node providers globally. Knightsky has no technical ability to produce your messages, contacts, call history, or any communication content in response to a legal request because we do not have access to it. We can confirm that a canister exists and provide aggregate network statistics. We cannot provide anything else because we do not have anything else.
Your control
You control access to your account through your Internet Identity credential. We strongly recommend adding a recovery method — a recovery phrase, a second registered device, or a YubiKey hardware key — to your Internet Identity to ensure you can recover access if you lose your primary device. If you lose access to your Internet Identity with no recovery method, Knightsky cannot restore your account. There is no password reset because there is no password. You may create multiple Internet Identities, each functioning as a completely separate and independent account on the Relay network with its own Network ID and its own Canister ID.
Updates
We will update this privacy policy when our practices change in any meaningful way. Your continued use of Relay following any update constitutes acceptance of the revised policy. We will never update this policy to claim capabilities we do not have or make promises we cannot keep.
For privacy questions or concerns contact us at [email protected] or through the support page at [email protected].