Yes. Are you, the relay operators, deleting stuff? Which ones? Where is the line? Do you delete CSAM? Are you saving logs of what each pubkey is querying and receiving from your relay? Are you building interest lists per pubkey? Etc etc.

It it true but relay have more datas about client (ip, browser, app...), thisi s not yet a public data here. But you are true we all publish things that can be scrap by anyone. And it is easier for "fake or bad" relay to use/sell/exploit it

Ah true. I didn't consider the data a relay operator may have that's not just nostr events.

You're absolutely right. I had not considered all the data

My privacy policy is I dont do shit with your data, that's more trouble than it's worth 😂 But now I have another thing to add to grain! It's a great idea to have a standard PP/ToS in the repo that displays on the frontend footer and can be changed by the operator.

Only relay operators know what is being request, who is doing the requesting and habits around requests (timezone inferrence, etc)

Yea, I quickly realized this. Jumped the gun on my original reply. Although I did phrase it as a question! I knew I was missing something simple. 😂