What we collect, who we share it with, and how your data and payments are protected — in plain language.
Card payments are handled entirely by Lemon Squeezy, a PCI DSS Level 1 certified merchant of record. Relixr never receives, stores, or transmits your card number. Mobile money (M-Pesa, Airtel) and local bank payments are processed by IntaSend under the same principle — your payment credentials never touch our servers.
All traffic to and from the gateway is encrypted in transit (TLS 1.3). Data at rest — account records, API keys, usage logs, and invoices — is encrypted at the storage layer. Two-factor authentication (TOTP, passkeys, email OTP) is available on every account, and API keys are hashed, never stored in plaintext.
You control whether prompts and completions are logged at all, how long they're retained, and whether your traffic is used for anything beyond serving your own requests — relixr does not train on customer data by default. Configure this in Data & Privacy settings.
Services that may process data on our behalf, and why:
Direct-rail purchases (M-Pesa, IntaSend) come with a VAT-compliant tax invoice you can use for input VAT claims — available any time under Invoices in your dashboard. Card purchases are receipted directly by Lemon Squeezy as merchant of record, which handles applicable tax in your jurisdiction.
Live uptime and incident history are public at relixr.com/status.
Questions about security or compliance? Reach us at security@relixr.com. See also our Privacy Policy and Terms.