Legal
Privacy Policy
This Privacy Policy describes how OkayRelax LLC, a Florida limited liability company (“OkayRelax,” “we,” “us,” or “our“), collects, uses, shares, and otherwise handles personal information in connection with our website at okayrelax.com (the “Website“), our subscription-based virtual-assistant service (the “Service“), and our communications with you.
This Privacy Policy applies to:
- Visitors to the Website and prospective Clients;
- Clients who subscribe to the Service and their authorized representatives; and
- Other individuals whose personal information we collect in connection with the Service or our business.
This Privacy Policy does not apply to:
- Personal information about our Assistants, Account Managers, and other personnel that we process in our capacity as a counterparty to their independent-contractor agreements with us (that’s governed by separate notices we provide to them); or
- Personal information of your end customers, employees, or other third parties that we process on your behalf as a service provider when you instruct us to perform a task. That data is yours, and your own privacy notice and lawful basis govern how it may be processed.
If you’re in the European Economic Area, the United Kingdom, or Switzerland, see the Notice to European Users section below. If you’re a resident of a U.S. State with a privacy law that applies to us, see the State Law Privacy Rights section.
1. Personal Information We Collect
The personal information we collect depends on how you interact with us. We collect the following categories.
1.1 Information you provide to us
- Contact data: name, email address, phone number, business name, business address, job title.
- Account data: login credentials for the OkayRelax account portal (username, hashed password), authentication tokens, multi-factor authentication settings.
- Subscription and matching data: the Plan you select, the kinds of work you want help with, preferences and instructions you share when setting up your account, scheduling and timezone information.
- Communications data: the content of emails, messages, chats, and call summaries you exchange with your Account Manager, our sales or support staff, or other OkayRelax personnel, excluding the workflow content you exchange directly with your Assistant (see Assistant workflow data, below).
- Payment data: payment card number, bank account number (for ACH or wire), billing address, transaction history. Payment card numbers and bank account numbers are collected and stored by our payment processor and aren’t retained in cleartext by OkayRelax.
- Client Credentials: usernames, passwords, API keys, recovery codes, MFA seeds, and similar secrets that you choose to share with us so that your Assistant can perform work in your systems on your behalf. See Section 4.2 for how we store and handle Client Credentials.
- Assistant workflow data: any documents, files, tasks, notes, calendar entries, emails, messages, attachments, and other information you transmit, share, upload, forward, or otherwise make available to your Assistant or your Account Manager in connection with the work, whether through a task-management platform, email, chat, video conference, or any other channel.
- Marketing data: your preferences for receiving marketing communications, event RSVPs, content you submit through web forms, survey responses.
1.2 Information collected automatically
When you visit our Website or use the Service, we and our service providers may automatically collect:
- Device data: device type, operating system, browser type and version, IP address, screen resolution, language settings, general location derived from IP.
- Usage data: pages viewed, navigation paths, links clicked, time spent, referring URLs, dates and times of access, whether you opened our emails, error logs, and similar performance data.
- Cookies and similar technologies: small data files placed on your device to recognize you, remember preferences, measure engagement, and operate Website functionality. See Section 6 for more.
1.3 Information from third parties
- Business contacts and referrers: name and contact details from people who refer you to us.
- Public sources: publicly available business directories, LinkedIn, your business website.
- Marketing partners and data providers: information that helps us identify and reach prospective Clients with marketing communications.
- Payment processors: confirmation that a charge succeeded or failed, partial card number, expiry, and similar transaction metadata.
1.4 Information about others
You shouldn’t provide us with personal information about a third party (for example, your employees, customers, or contacts) unless you’ve the authority to do so and have provided any notice or obtained any consent required by applicable law. To the extent you provide such information to us in Assistant workflow data, you’re the controller of that data and we’re a processor or service provider acting on your instructions.
2. How We Use Personal Information
We use personal information for the purposes described below. Where you’re in Europe, the legal basis for each purpose is identified in the Notice to European Users section.
2.1 Service delivery
To provide the Service, including: setting up and operating your account; matching you with an Assistant and Account Manager; coordinating tasks; processing your payments; communicating with you about your subscription and the work; storing Client Credentials in the Vault (Section 4.2); and providing support.
2.2 Business operations
To run our business, including: administering and maintaining the Service and our IT systems; monitoring system health, troubleshooting, and security; analyzing usage and performance; managing our relationships with Assistants and Account Managers; financial accounting, audit, and tax; and reporting to legal, financial, or insurance professional advisors.
2.3 Communications
To respond to your inquiries; to send transactional communications about your account, Plan, or Service (these are non-marketing and can’t be opted out of while you’re a Client); and to communicate about changes to these or our other policies.
2.4 Marketing
To send you marketing emails and other communications about our Service and related offerings you may be interested in, subject to your preferences and applicable law. You can opt out at any time by following the unsubscribe link in our marketing emails or by contacting [email protected].
2.5 Service improvement and research
To analyze how the Service is used and how we can improve it, to develop new features and offerings, and to conduct internal research. We may de-identify or aggregate personal information for these purposes; we don’t attempt to re-identify de-identified data.
We may use de-identified or aggregated data to improve the Service, including by training or fine-tuning AI and machine-learning models we operate internally. We don’t use, and don’t permit our service providers to use, identifiable Client Data (including Assistant workflow data) to train AI models controlled by third parties. Our restrictions on Assistants’ use of AI tools in the performance of the Service are described in Section 4.5 of our Terms of Service.
2.6 Coordination, oversight, and quality assurance of Assistants
To coordinate and oversee Assistants’ performance of the Service in a manner consistent with our independent-contractor relationship with them. This may include reviewing deliverables, reviewing communications between Assistants and Clients where necessary for quality or compliance, and routing work to backup coverage where needed.
Important: OkayRelax does not continuously monitor Assistants’ workstations, keystrokes, or off-task activity, and we don’t use surveillance tools to track Assistant presence. Assistants self-report time on tasks they perform for you. Where we review Assistant communications or work product, we do so in connection with specific quality-assurance, support, or compliance needs.
2.7 Compliance and protection
To comply with applicable laws and legal process; respond to lawful requests from government authorities; protect the rights, property, or safety of OkayRelax, our Clients, our Assistants, or others; audit our internal processes; enforce these Terms and other agreements; and prevent, investigate, and deter fraud, unauthorized access, abuse, or illegal activity.
2.8 No sale; no targeted advertising without consent
We don’t “sell” personal information for money, and we don’t engage in cross-context behavioral advertising of the kind subject to opt-out under U.S. State privacy laws, except to the extent our use of standard website analytics and re-marketing pixels constitutes such “sale” or “sharing” under those laws (see Section 6 for cookie controls and Section 10 for state-law rights).
2.9 Response to public statements about OkayRelax
Where you make a public statement about OkayRelax, the Service, an Assistant, or your engagement (such as a review, rating, complaint, or post on a public-facing platform), we may use personal information about you, your account, your use of the Service, or the work performed for you to factually respond to or contextualize that statement, to the extent reasonably necessary for a fair and factual response and consistent with applicable law. Nothing in this Section is intended to retaliate against or chill a good-faith complaint by you, and your rights under the Consumer Review Fairness Act of 2016 (15 U.S.C. § 45b) and comparable laws are unaffected.
3. How We Share Personal Information
We share personal information only with the parties and for the purposes described below.
3.1 With your Assistant and Account Manager
Personal information you provide in connection with the Service (including contact data, subscription data, Client Credentials as scoped, and Assistant workflow data) is shared with your assigned Assistant and Account Manager so that they can perform the Service. Assistants and Account Managers are bound by written confidentiality and data-protection obligations to OkayRelax.
3.2 With service providers and subprocessors
We share personal information with third-party service providers that perform services for us, in categories including:
- Task-management and collaboration platforms, for task tracking, collaboration, and file sharing in connection with the Service. Workflow data you upload to such a platform is also processed by the platform’s provider under its own privacy policy and terms of service.
- Payment processors, for processing your subscription payments to OkayRelax. Payment-card and bank-account data is collected directly by the processor and isn’t retained in cleartext by us.
- Cloud hosting providers and infrastructure vendors, for hosting the Website, the Service, the Vault, and other internal systems.
- Email, communications, and analytics providers, for delivering email, hosting our marketing site, measuring engagement, and similar functions.
- AI and machine-learning service providers, for limited internal uses such as content summarization, search, classification, scheduling assistance, and similar productivity functions. We contractually restrict these providers from using data we share with them to train their own models, and we don’t provide identifiable Client Data to AI providers for any training purpose. See Section 2.5.
- Professional advisors, including lawyers, accountants, auditors, and insurance providers, where necessary in the course of professional services.
We may change the specific service providers in any of the above categories from time to time. Our service providers are contractually limited to using personal information only to provide services to us and in accordance with our instructions. On request, we’ll provide a current list of our material subprocessors.
3.3 The Vault
Client Credentials you choose to share with us are stored in our designated credential-storage system (the “Vault“). Stored credentials are protected by encryption at rest and access controls scoped to the personnel assigned to your engagement. See Section 4.2 for security details and important limitations.
3.4 With authorities and others for compliance and protection
We may share personal information with law enforcement, courts, regulators, government authorities, and other third parties as we believe in good faith is necessary or appropriate to comply with law or legal process, respond to lawful requests, or protect the rights, property, or safety of OkayRelax, our Clients, our Assistants, or others.
3.5 In a business transaction
We may share personal information with prospective or actual acquirers, investors, advisors, and successors in connection with a merger, acquisition, financing, reorganization, sale of all or substantially all of our assets, bankruptcy, or other business transaction.
3.6 With your consent or at your direction
We may share personal information with other parties when you consent or direct us to do so (for example, when you instruct your Assistant to deliver a file to a specific third party).
3.7 De-identified and aggregated data
We may create, use, and share de-identified or aggregated information that doesn’t identify any individual, for any lawful purpose, without restriction.
4. Security
4.1 Our security program
We maintain a security program with administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, or destruction. Measures include:
- encryption of personal information in transit and at rest where appropriate;
- access controls scoped to job function, with multi-factor authentication for OkayRelax personnel accounts;
- audit logging of access to sensitive systems;
- network and endpoint security tooling;
- background screening of Assistants and Account Managers as part of our selection process;
- written confidentiality and data-protection obligations imposed on Assistants, Account Managers, and service providers;
- credential rotation and access revocation upon termination of an engagement;
- periodic review of access, configurations, and dependencies.
4.2 The Vault and Client Credentials
Client Credentials stored in the Vault are encrypted at rest. Access to a given Client’s stored credentials is scoped to the Account Manager and the Assistant(s) actively assigned to that Client’s engagement. Access is revoked upon reassignment or termination.
Important. Please read and act on this:
- No system, including the Vault, is or can be perfectly secure. Sharing any credential with any third party (including OkayRelax) transfers some degree of risk. We work hard to minimize that risk; we don’t represent that it can be eliminated.
- Give us the minimum credentials reasonably necessary for the work, and rotate credentials regularly. Where a system you use supports delegated access without password sharing (for example, “invite as a collaborator,” scoped API keys, OAuth, or shared-vault-with-revocation features in your own password manager), that’s generally a safer pattern and we’ll accommodate it.
- Where the systems you use support it, prefer scoped or limited-permission access (such as delegated user accounts, shared-inbox access without full account login, or API keys with restricted scope), particularly for systems with funds-transfer authority over financial accounts or that hold regulated personal data.
- Rotate credentials and revoke access promptly when the Service ends or when an Assistant is reassigned. We’ll rotate credentials we control and revoke our access on our end; credentials and access in your own systems are controlled by you.
- Our financial responsibility for losses arising from Vault compromise, Assistant misuse of Client Credentials, or other credential-related incidents is limited (see Sections 4.2, 8, and 9 of our Terms of Service).
4.3 Third-party tools
Third-party tools used in the Service are operated by their respective providers. We don’t control their security infrastructure. Their privacy and security practices are governed by their own privacy policies and terms, and we encourage you to review the terms of any tool we ask you to use. Your use of those tools is at your own risk; our financial responsibility for losses arising from incidents on a third-party tool is limited (see Section 4.3 of our Terms of Service).
4.4 Breach notification
If we become aware of a security incident materially affecting your personal information, we’ll notify you without undue delay, as and to the extent required by applicable law.
5. Retention
We retain personal information for as long as needed for the purposes described in this Privacy Policy and as required by law. In general:
- Client account data, contact data, subscription and payment records: for the duration of your subscription, plus a period reasonably necessary for tax, audit, dispute-resolution, and recordkeeping purposes (typically up to 7 years following termination).
- Communications data: for the duration of your subscription, plus a period reasonably necessary for support, audit, and dispute-resolution purposes (typically up to 5 years).
- Assistant workflow data and task records: for the duration of your subscription. After termination, we discontinue your access; we may retain copies for a commercially reasonable period to support handoff, dispute resolution, or legal compliance, after which we delete or de-identify it.
- Client Credentials in the Vault: deleted or returned at your written election within thirty (30) days following termination of the Service.
- Marketing data: until you opt out, or for a reasonable period of inactivity (typically 2 years following last interaction).
- Website analytics and cookie data: typically up to 13 months unless you opt out earlier.
- Information we’re required to retain by law (for example, transaction records under tax law): for the retention period required.
Where deletion from active systems is required by applicable law or your request, we may retain backup copies for a limited period until they’re overwritten in the ordinary course of backup rotation.
6. Cookies and Similar Technologies
Our Website uses cookies and similar technologies for purposes including: keeping you signed in; remembering preferences; measuring how our pages are used; and supporting our marketing.
You can control cookies through your browser settings (most browsers allow you to refuse or delete cookies). Disabling cookies may affect Website functionality. For information about specific analytics services we use and how to opt out, see our Cookie Notice (linked from the Website footer), if available.
We don’t respond to “don’t Track” browser signals at this time. If your browser sends a Global Privacy Control (GPC) signal, we’ll treat it as a request to opt out of “sale” and “sharing” of personal information under applicable U.S. State privacy laws.
7. International Data Transfers
OkayRelax is headquartered in the United States. We and our service providers may store and process personal information in the United States and other countries, including in countries where some of our Assistants are located. These countries may have data-protection laws that differ from those in your country.
Where we transfer personal information out of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards required by applicable law, including the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Addendum, as applicable. You may request a copy of our applicable transfer mechanism by contacting [email protected].
8. Children’s Privacy
The Service is intended for businesses and other adults. It isn’t directed to children under 18, and we don’t knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact [email protected] and we’ll take appropriate steps to delete it.
9. Other Sites and Services
Our Website and Service may contain links to third-party websites, applications, and services that we don’t control. This Privacy Policy doesn’t apply to those third parties. We encourage you to review their privacy policies before providing them with personal information.
10. Your Privacy Choices and Rights
10.1 Account choices
You can review and update most of the information in your OkayRelax account by signing in, or by asking your Account Manager. You can ask us to delete your account by contacting [email protected]; we’ll process the request subject to the retention rules in Section 5 and any legal obligations we’ve to keep records.
10.2 Marketing opt-out
You can opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email or by contacting [email protected]. You’ll continue to receive transactional communications about your account and Service.
10.3 Cookie controls
See Section 6.
10.4 Direct your Assistant
You can direct your Assistant or Account Manager at any time to stop using particular categories of information for particular purposes, subject to our ability to continue providing the Service.
10.5 Statutory rights
Depending on where you live, you may have additional rights under European, U.S. State, or Canadian law (see the sections below).
11. Notice to European Users
This section applies if you’re in the European Economic Area (“EEA“), the United Kingdom (“UK“), or Switzerland (collectively, “Europe“).
11.1 Controller
OkayRelax LLC is the controller of personal information described in this Privacy Policy, except where we act as a processor for our Clients (as described in the introduction).
11.2 Legal bases for processing
We rely on the following legal bases:
- Contractual necessity, to perform our agreement with you, including to deliver the Service, process payments, and provide support.
- Legitimate interests, to run, improve, secure, and grow our business, and to communicate with you in ways you would reasonably expect.
- Legal obligation, to comply with our legal and regulatory obligations.
- Consent, where required (for example for certain marketing communications, cookies that aren’t strictly necessary, or sensitive data you voluntarily provide).
You can withdraw consent at any time where consent is the legal basis, without affecting the lawfulness of processing before withdrawal.
11.3 Your rights
you’ve the following rights, subject to applicable conditions and exceptions:
- right of access to your personal information;
- right of rectification of inaccurate or incomplete information;
- right of erasure (“right to be forgotten”);
- right to restrict processing;
- right to object to processing based on legitimate interests, and to direct marketing;
- right to data portability;
- right to withdraw consent where consent is the basis;
- right to lodge a complaint with your supervisory authority (a list is at edpb.europa.eu; UK residents can complain to the ICO at ico.org.uk).
To exercise any of these rights, contact [email protected]. We may need to verify your identity before responding.
11.4 Sensitive personal data
We don’t require you to provide sensitive personal data (such as health, biometric, or trade-union data) to use the Service. If you voluntarily provide sensitive personal data (for example, in Assistant workflow data), you consent to our handling of it consistent with this Privacy Policy.
11.5 International transfers
See Section 7.
12. State Law Privacy Rights (U.S.)
This section applies to residents of U.S. States whose privacy laws apply to us, including (where applicable) California, Virginia, Colorado, Connecticut, Utah, and others (collectively, “State Privacy Laws“). The specific rights available to you depend on your state of residence.
12.1 Rights
Depending on your state, you may have the following rights, subject to exceptions:
- Right to know / access: confirm whether we process personal information about you and request information about our practices.
- Right to obtain a copy: receive a portable copy of certain personal information.
- Right to correct: request correction of inaccurate personal information.
- Right to delete: request deletion of certain personal information.
- Right to opt out of “sale” / “sharing”: request that we not “sell” or “share” your personal information for cross-context behavioral advertising, as those terms are defined under State Privacy Laws.
- Right to opt out of profiling that produces legal or similarly significant effects.
- Right to nondiscrimination: exercise these rights without discriminatory treatment.
- Right to appeal a denial of your request.
12.2 How to exercise
To exercise any of these rights, email [email protected] with the specific request, the state in which you reside, and enough information for us to verify your identity (typically, the email address associated with your account or other identifiers we already hold). For “opt-out of sale/sharing” requests, you may also enable the Global Privacy Control (GPC) signal in your browser, which we’ll honor for the browser and device from which it’s sent.
If we decline a request, we’ll explain why to the extent allowed by law. You may appeal a denial by replying to the denial email within 45 days; we’ll respond to your appeal within the time period required by applicable law.
12.3 California-specific disclosures
We don’t knowingly sell or share personal information of California residents under 16. We don’t use sensitive personal information for purposes that would trigger a right to limit under the CCPA. Categories of personal information we collect, sources, purposes, and disclosures are described in this Privacy Policy.
You may designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of authority, and may require you to confirm with us directly that you authorized the request.
13. Notice to Canadian Users
If you’re a Canadian resident, you’ve rights under the Personal Information Protection and Electronic Documents Act (“PIPEDA“) and applicable provincial privacy laws, including:
- right to access your personal information;
- right to correction of inaccuracies;
- right to withdraw consent, subject to legal and contractual restrictions;
- right to complain to the Office of the Privacy Commissioner of Canada or your provincial commissioner.
To exercise rights, contact [email protected].
14. Changes to This Privacy Policy
We may modify this Privacy Policy from time to time. If we make material changes, we’ll notify you by email to the address on your account or by a prominent notice on the Website at least 30 days before the change takes effect, where required by law. The “Effective date” at the top of this Privacy Policy reflects the date of the most recent version. Your continued use of the Service after the effective date constitutes acceptance.
15. Contact Us
For questions, comments, or requests about this Privacy Policy or our privacy practices, contact:
OkayRelax LLC Attn: Privacy Email: [email protected]
For general account questions, contact your Account Manager. For legal notices, see Section 15.1 of the Terms of Service.
QUESTIONS