Privacy Policy

Last updated: April 19, 2026

This Privacy Policy describes how Sandy Brook DevWorks LLC ("Sandy Brook," "we," "us," or "our") collects, uses, and safeguards information when you visit sandybrookdevworks.com, interact with our consulting services, or use our Relay platform (available at relay.sandybrook.io). By using our website, services, or sending SMS to a phone number we operate, you agree to the practices described below.

1. Information We Collect

Information you provide directly

  • Contact form data. Name, business email, website URL, and message text when you submit our contact form.
  • Scheduling data. Your name, email, and meeting details when you book a discovery call through our Google Calendar integration.
  • Account data (Relay platform). Business name, owner email, authentication identifiers, billing information (processed by Stripe — we do not store card numbers), and phone-number preferences.

Information collected automatically

  • Basic server logs. IP address, user agent, and request path, retained for security and diagnostics.
  • Theme preference. Whether you selected light or dark mode, stored in your browser's local storage. This stays on your device.

Information collected through SMS/voice (Relay platform)

When you call or text a phone number provisioned through our Relay platform, we collect: the phone numbers involved, the time of communication, the audio recording and transcript of voice calls, the content of SMS messages, and any delivery-status information the carrier returns.

2. SMS / Text Messaging — Important Disclosures

Our Relay platform replies to SMS on behalf of small businesses that subscribe to it. The disclosures below apply to every phone number provisioned through Relay.

What we do with SMS data

Phone numbers and message content are collected when you send or receive SMS from a Relay-operated phone number. We use this data solely to provide the service you are requesting — forwarding your message to the business you are contacting, generating an AI reply on behalf of that business, and retaining the conversation so both you and the business can refer back to it.

We do not sell or share your data for marketing

We do not sell your phone number, message content, or any other personal information to third parties. We do not share your data with third parties for their own marketing purposes. Mobile phone numbers and SMS consent are not shared with third parties or affiliates for marketing under any circumstances.

Opting out of SMS (STOP)

You can opt out of SMS communications from any Relay-provisioned number at any time by replying STOP, UNSUBSCRIBE, CANCEL, QUIT, or END. You will receive one confirmation message, and no further automated replies will be sent to you from that number.

Getting help (HELP)

Reply HELP to any Relay-provisioned number for information about the service. You may also contact us directly at hello@sandybrook.io.

Message frequency and rates

Message frequency depends entirely on your own interaction with the business you are texting — we reply only when you first initiate contact. Message and data rates may apply based on your mobile carrier plan. Sandy Brook DevWorks is not responsible for carrier charges you incur.

3. How We Use Information

  • To respond to contact form inquiries and schedule discovery calls.
  • To operate the Relay platform on behalf of subscribing businesses — answering calls, replying to texts, sending owner notifications, and generating call summaries.
  • To bill subscribing businesses (via Stripe) for their use of the Relay platform.
  • To monitor service quality, investigate errors, and detect abuse or fraud.
  • To comply with legal obligations and enforce our Terms of Service.

4. Data Retention

Contact form submissions are retained as long as our relationship requires. Relay call recordings and SMS conversations are retained per the subscribing business's plan — 30 days for Solo, one year for Team, indefinitely for Business, unless the business or end user requests earlier deletion. Billing records are retained for the period required by tax law (typically seven years).

5. Sharing With Third Parties

We use a small set of service providers to operate our website and Relay platform. Each is bound by a data processing agreement and processes data only as needed to provide its service:

  • Google Cloud Platform — hosting, Firestore database, Cloud Run compute, Vertex AI (Gemini) language model, and Google Calendar (only for businesses that connect it).
  • Twilio — telephony and SMS delivery infrastructure.
  • Stripe — subscription and usage billing.
  • SendGrid — transactional email notifications.
  • Formspree — contact form submissions on this website.

We do not share information with advertising networks or data brokers. We may disclose information when required by law (subpoena, court order, or valid government request) or to protect the rights, property, or safety of Sandy Brook DevWorks, our users, or the public.

6. Security

We use industry-standard safeguards including TLS encryption in transit, encryption at rest for sensitive credentials (Google Cloud KMS), and principle-of-least-privilege access controls. No system is perfectly secure, and we encourage you to use strong, unique passwords and to report any suspected misuse to security@sandybrook.io.

7. Your Rights

Depending on where you live (for example, California, Virginia, Colorado, or the European Economic Area), you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Request deletion of your information.
  • Object to, or limit, certain processing.
  • Receive your information in a portable format.
  • Withdraw consent, including opting out of SMS (see Section 2).

To exercise these rights, email privacy@sandybrook.io. We respond within 30 days. We do not sell personal information, so no "Do Not Sell" process is required — but you are welcome to confirm this directly with us.

8. Children

Our services are intended for use by businesses and adults. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be noted by updating the "Last updated" date at the top of this page, and, where appropriate, we will notify active users directly. Continued use of our services after an update constitutes acceptance of the revised policy.

10. Contact

Sandy Brook DevWorks LLC
Central Texas, United States
Email: hello@sandybrook.io
Privacy inquiries: privacy@sandybrook.io