Now accepting pilot requests.
FileRelay

Privacy Policy

Last updated: 2026-05-20

This Privacy Policy describes how FileRelay ("we", "us", "our") collects, uses, and shares information when you use our website and services at filerelay.io (the "Service").

Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and password. If you sign up via Google or Microsoft OAuth, we receive your name, email, and profile picture from those providers.

Workspace and Configuration Data

We store the workspace configurations, repository settings, destination configurations, and connection pipelines you create. Destination credentials (API keys, tokens, passwords) are encrypted at rest using envelope encryption.

Document Metadata

When SAP sends documents through FileRelay, we process and store document metadata including document IDs, SAP object types, file sizes, MIME types, archive dates, and delivery status. We store document content temporarily in encrypted storage for forwarding purposes only.

Usage Data

We collect information about how you use the Service, including pages visited, features used, documents processed, and error logs. We use this to improve the Service and diagnose issues. Site analytics are processed by PostHog (hosted in the EU), which records anonymized events such as page views, clicks, IP-derived country, and session interactions. We do not share this data with third parties.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details. Stripe's privacy policy governs payment data handling.

How We Use Your Information

  • Provide the Service — process and forward your SAP documents to configured destinations
  • Account management — authenticate you, manage your workspaces and team members
  • Communicate — send transactional emails (account verification, password reset, billing), and occasional product updates
  • Improve the Service — analyze usage patterns, fix bugs, develop new features
  • Security — detect and prevent fraud, abuse, and security incidents

Document Data Handling

FileRelay is a document router, not a document store. Documents are:

  1. Received from your SAP system via ArchiveLink
  2. Temporarily stored in encrypted storage (typically less than 60 seconds)
  3. Forwarded to your configured destinations
  4. Deleted from our temporary storage after successful forwarding

We do not read, analyze, index, or mine the content of your documents. We only process document metadata (file name, size, type) for routing and audit trail purposes.

Data Sharing

We do not sell your personal information. We share data only in these circumstances:

  • Your configured destinations — documents are forwarded to the cloud storage, APIs, and services you configure (S3, Azure, SharePoint, etc.)
  • Service providers — we use third-party services for hosting (AWS), payments (Stripe), email delivery (Postmark), site analytics (PostHog, EU-hosted), and error tracking
  • Legal requirements — we may disclose information if required by law, court order, or government request
  • Business transfers — in the event of a merger, acquisition, or sale of assets

Data Security

  • All data in transit is encrypted via TLS
  • Destination credentials are encrypted at rest using envelope encryption with key rotation
  • Document content in temporary storage is encrypted
  • Per-workspace data isolation prevents cross-tenant access
  • We conduct regular security reviews

Data Retention

  • Account data — retained while your account is active, deleted within 30 days of account deletion
  • Document content — deleted from temporary storage after successful forwarding (typically within minutes)
  • Document metadata — retained for audit trail purposes while your account is active
  • Audit logs — retained for 90 days

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data (workspace configurations, document metadata)
  • Object to processing for marketing purposes

To exercise these rights, contact us at [email protected].

GDPR

If you are in the European Economic Area, we process your data under the legal bases of contract performance (providing the Service) and legitimate interest (improving the Service and security). You may contact us to exercise your GDPR rights.

Cookies

We use essential cookies for session management and authentication, and a first-party analytics cookie set by PostHog to distinguish anonymous visitors so we can measure site engagement. We do not use third-party advertising cookies or share cookie data with advertisers.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the Service.

Contact

For privacy-related questions, contact us at [email protected].