Relay App Developer Policy
Applications are an important part of making Relay useful and we appreciate and look forward to the new features you will build for Relay customers. We view an “Application,” as something that has a software application, functionality, workflow or service that is created using the Relay APIs, software development kit or command line interfaces. Developers are required to comply with this Policy and our related API terms and other obligations. When we use the term “Services” we are referring to Relay’s products and services, Relay’s technology, and Relay’s websites and all of the information and content made available by or on behalf of Relay through any of those services.
Privacy, safety and User experience are very important, and this Policy is designed with those goals in mind. We can’t cover every type of Application in this Policy, but we aim to give guidance to developers so that you understand what Applications will be included in Relay’s app directory and what Applications will not. To protect Users and our Services, we reserve the right to take any action we deem necessary if an Application violates the letter or spirit of this Policy. By “User” we mean anyone who uses our Services, including anyone who interacts with the Application directly or indirectly or anyone whose Data is exposed to or used by the Application. By “Data” we mean data, information or content uploaded, posted, transmitted or otherwise made available by Users via the Services, including messages, files, comments, profile information, metadata and token data.
We take the security of Data very seriously, and you must as well. Your network and the operating system and software of your web servers, databases, and computer systems must be properly configured to securely operate your Application and store Data. Data must be stored and served using strong encryption. In addition, Applications and developers are prohibited from:
- Degrading or compromising security in any way
- Providing access to Relay in any fraudulent or unauthorized way, including bypassing or circumventing Relay protocols and access controls
- Using unpublished APIs
- Including misleading and/or deceptive statements about Application functionality, performance, origin or Data use
- Transmitting any viruses or other code that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system or Data
- Attempting to reverse engineer or otherwise derive source code, trade secrets, or know-how in the Relay API or any portion thereof
Every Application must be useful, appropriate, respect User privacy, and provide a generally good User experience. In keeping with this, Applications and developers are prohibited from:
- Degrading or compromising performance of the Services
- Using vulgar or obscene language or images. Your Application must not contain or offer content that is violent, extreme or that a reasonable person would consider inappropriate for the workplace
- Offering sexually-oriented or adult content. Your Application must not contain or offer content that a reasonable person would consider pornographic or indecent
- Creating poor User experiences that do not add value to Users in a work setting or that detract from the overall utility of Relay and the overall Application ecosystem
- Displaying inappropriate communications through your Application. The purpose of the Application and User expectations must be clear and transparent and match Relay requirements and expectations
- Neglecting appropriate customer assistance. You must keep your Application updated and provide timely and accurate User support
- Creating an Application that uses the Services in a mission critical or life or death situation.
Business: In using Relay APIs, developers must agree to respect our business as we respect yours. Every Application must behave in accordance with appropriate and accepted business conduct. As part of good business practices, Applications and developers are prohibited from:
- Circumventing Relay’s intended limitations (including pricing, features and access structures). You may not use the Relay API to replicate or compete with core products or services offered by Relay
- Advertising within the Application experience or Relay platform. In addition, Applications may not use Data or content from Relay in any advertisements or for purposes of targeting advertisements or contacting Users, including in that Application, your other Applications, or elsewhere
- Implying a Relay endorsement, certification, affiliation or partnership unless you have explicit permission from Relay to do so
- Sub-licensing, distributing or allowing access to the Relay APIs to anyone else
Design: Applications and developers are prohibited from:
- Infringing upon any intellectual property rights in your design.
- Changing the Application’s look, feel, function, operation or disclosures after Relay review. Any changes must be submitted for re-review
Use of Data: Protecting Data is paramount at Relay, and must be for you. You have no independent rights to any Data. In accordance with this, Applications and developers are prohibited from:
- Collecting, storing, and using Data without obtaining proper consent of the User. Notwithstanding this bullet, you are prohibited from collecting any location information or voice data related to or created through the Services
- Using Data to contact Users. If you would like to contact Users outside of Relay, you must gain permission through a clear and separate permissions process. You may only contact Users for emergencies in which the safety and security of the User is otherwise at risk and in compliance with the law
- Asking Users to provide sensitive, private, and confidential personal information, such as credit card numbers or passwords unless specifically necessary as part of the Application’s legitimate function and purpose
- Renting, selling or sharing Data with third parties under any circumstances
- Creating Applications that encourage installers to circumvent or interfere with their own workplace and employer data, privacy and security policies
- Exploiting Data to create User profiles other than that which is necessary for the Application to function
- Ignoring a User’s request for deletion. When a User deletes your Application or if you discontinue your Application you must delete all associated Data within 14 business days
- Combining Data with data gathered from other sources for any purposes unrelated to the use of the Application
- Requesting and using scopes not required for your Application’s functioning. Use only the appropriate and necessary scopes and clearly define the need for scopes within your Application’s description
- Accessing Data for surveillance purposes. You may not allow or assist any entity to conduct surveillance or obtain Data using your access to the Relay API
- Otherwise exploiting Data in a way not approved by Relay and not disclosed to and permitted by Users. You may, however, use Data that is both aggregated and anonymized for purposes of analytics and development related to the Application
Law and Safety: Applications should not create unsafe environments or hardships for Users. Each Application must comply with all applicable laws and legal requirements in all locations where it is made available to Users. In addition, Applications and developers are prohibited from:
- Permitting use by children under the age of 16
- Spamming, harassing, stalking, intimidating or threatening Users
- Allowing impersonation of Users or otherwise allowing for false representations within the Application
- Facilitating violations of the law
- Infringing on anyone else’s intellectual property rights (including Relay’s)
- Representing that your Application is authorized by or produced by another company or organization
- Allowing or facilitating financial transactions conducted in an insecure and unapproved manner
Export Controls: You are responsible for classifying your Applications pursuant to the Export Administration Regulations, including submission of any necessary classification requests or self-classification reports. Relay only permits Applications on its platform that have an Export Control Classification Number (“ECCN”) of EAR99 or 5D992 (mass market). Developers are thus prohibited from creating Applications with an ECCN other than EAR99 or 5D992 (mass market).
We require Applications and developers to follow this policy as well as all other Relay guidelines and policies. Further, notify us immediately if you change or discontinue your Application.
Data breach: If Data is breached, exposed, exploited, or otherwise compromised through your Application or company, you must inform all affected Users and Relay immediately. You can reach Relay at firstname.lastname@example.org.
Violations of this policy may result in, among other actions, removal from the Application Directory, developer suspension, User notification, legal action or any other action deemed necessary by Relay. If requested, you must provide us with proof of compliance with this policy. If you violate this policy we may or may not provide notice before taking action. Please note that we may periodically audit Applications. If you fail an audit before notifying us of any issues, penalties will be more severe.
This policy will change as the Relay Application Directory grows and evolves. Please check back regularly for updates. We may use your email address or a notice through the Services to communicate any material changes to this policy.
If you have any questions about the Relay Application Directory or the review process, we’ll be happy to help. Send us a note to email@example.com.