Effective: June 1, 2026 · Contact: support@vsrelay.dev · Data protection: legal@vsrelay.dev
VSRelay records local diagnostic information on your device. We do not transmit, upload, persist, or otherwise process that information unless you choose to share it (by emailing a diagnostic excerpt to support, or by pairing a phone via VSRelay's pairing flow).
This page is the canonical public description of VSRelay's privacy posture. The bundled text in the EULA at vsrelay.dev/eula (Section 5) controls in the event of any conflict.
VSRelay is a mobile control plane for AI coding agents. It connects a phone-based Progressive Web App to the Claude Code agent running inside Cursor or VS Code on your own machine. The phone is a viewport and a set of controls — your code, files, and editor state never leave your machine except as directed by you.
The Software records a local diagnostic file at ~/.vsrelay/diagnostic.log on your device. The file rotates at 10 MB (one rotation kept as .log.1). This file is local-only: we do not transmit, upload, persist, or otherwise process its contents unless you manually email the file (or extracts of it) to support via the vsrelay.copyDiagnosticInfo command, which copies a sanitized excerpt to the clipboard for you to paste at your discretion.
Auth tokens are redacted at log-write time via the redactMessage() function and never appear in the diagnostic file.
The following identifiers are recorded so we can correlate events when you send diagnostic excerpts to support:
editorInstanceIdOpaque SHA-256 hash of the canonical install realpath. Does not reveal the underlying path. Stable per Cursor / VS Code installation.traceIdPer-action correlation tokens. Opaque short strings (e.g. t-3kx9z2).vscode.version (e.g. 1.93.0).vscode.extensions.getExtension('anthropic.claude-code').packageJSON.version (e.g. 2.1.158).process.platform value: darwin, linux, or win32.The following are explicitly not recorded or transmitted by the Software:
vsrelay.copyDiagnosticInfo command runs platform-path scrubbing on excerpts./Users/<you>/, /home/<you>/, C:\Users\<you>\ are scrubbed to <workspace>.redactMessage() at log-write time.<4chars>...<4chars> format or stripped entirely.Diagnostic data leaves your device only when you choose to send it, via one of these channels:
vsrelay.copyDiagnosticInfo command and paste the clipboard content into an email to support@vsrelay.dev.We do not run scheduled telemetry uploads. We do not register a custom issue reporter that uploads logs to our backend.
VSRelay operates across trust tiers. In each tier the data flow is different:
relay.vsrelay.dev). The relay is a transparent forwarder: it routes who-talks-to-whom, does not inspect message bodies, and does not store your prompts, code, file contents, or workspace paths. All traffic is TLS-encrypted in transit. Room admission is validated against Supabase before any messages are forwarded — each WebSocket upgrade calls a secret-gated relay_lookup_room RPC and verifies a SHA-256 hash of the presented token against the stored hash.Device pairing uses Supabase for account identity and room admission. When you create an account or pair a device, Supabase stores the email address you provide (if any) and a hashed representation of your relay room token — not the token itself. Supabase's own privacy policy governs their handling of that data. We do not share your account data with third parties.
The marketing site (vsrelay.dev) uses Vercel Analytics and Speed Insights for aggregate, cookieless traffic measurement. No personal data is collected; no cross-site tracking is performed. Individual page views are not linked to your identity.
You have the right to:
EU / EEA consumers may exercise the rights in Regulation (EU) 2016/679 (GDPR) and the Norwegian Personal Data Act. California residents may exercise the rights in CCPA / CPRA. Quebec residents may exercise the rights in Law 25. Local data (the extension configuration at ~/.vsrelay/ and the extension itself) is on your own machine and can be removed by uninstalling the extension and deleting the directory.
We may update this page when material changes occur and note the effective date above. When the policy changes materially, we will bump the in-extension consent state key (privacy-consent.v1 → privacy-consent.v2), which causes the extension to re-prompt at next activation.