Privacy Policy

Last updated: June 8, 2026

This Privacy Policy describes how Sandy Brook DevWorks LLC ("Sandy Brook," "we," "us," or "our") collects, uses, and safeguards information when you visit sandybrookdevworks.com, interact with our consulting services, or use our Relay platform (marketed at relayconnect.net and available at relay.sandybrook.io). By using our website or services, you agree to the practices described below.

1. Information We Collect

Information you provide directly

  • Contact form data. Name, business email, website URL, and message text when you submit our contact form.
  • Scheduling data. Your name, email, and meeting details when you book a discovery call through our Google Calendar integration.
  • Account data (Relay platform). Business name, owner email, authentication identifiers (including, where you register one, a WebAuthn passkey credential — public key, sign count, and user handle; no biometric data is collected or transmitted to us), billing information (processed by Stripe — we do not store card numbers), and phone-number preferences.

Information collected automatically

  • Basic server logs. IP address, user agent, and request path, retained for security and diagnostics.
  • Theme preference. Whether you selected light or dark mode, stored in your browser's local storage. This stays on your device.

Information collected through voice calls (Relay platform)

When you call a phone number provisioned through our Relay platform, we collect the phone numbers involved, the time and duration of the call, the audio recording, and the AI-generated transcript and summary. Relay uses this information to answer calls, classify urgency, book appointments when configured by the subscribing business, transfer urgent calls when configured, and email clean summaries to the business.

2. Relay Notifications

Relay currently sends tenant and caller notifications by email only. It does not send SMS/text messages, marketing blasts, or broadcast notifications, and tenant-provisioned phone numbers are voice-only.

When we will email you

There are three cases in which you may receive email from Relay:

  • You're a subscribing business owner or configured recipient. Relay emails per-call summaries, urgency flags, and optional daily call digests to the addresses configured by the business.
  • You're a caller who requested an appointment confirmation. If the AI receptionist books an appointment and you provide an email address, Relay may send an appointment confirmation and, if applicable, a cancellation notice.
  • You're an account user. Relay may email account, billing, authentication, or service notices related to your use of the platform.

What we do with notification data

Recipient email addresses, message contents, delivery metadata, and appointment details are processed solely to operate the Relay notification service, deliver account-related notices, and maintain service records.

We do not sell or share your data for marketing

We do not sell your phone number, email address, message content, call content, or any other personal information to third parties. We do not share your data with third parties for their own marketing purposes.

3. How We Use Information

  • To respond to contact form inquiries and schedule discovery calls.
  • To operate the Relay platform on behalf of subscribing businesses — answering calls, generating call summaries, emailing owner notifications and daily digests, and sending caller appointment confirmations when the caller provides an email address.
  • To bill subscribing businesses (via Stripe) for their use of the Relay platform.
  • To monitor service quality, investigate errors, and detect abuse or fraud.
  • To comply with legal obligations and enforce our Terms of Service.

4. Data Retention

Contact form submissions are retained as long as our relationship requires. Relay call recordings and transcripts are retained per the subscribing business's configured retention window unless the business or end user requests earlier deletion. Notification emails and delivery metadata may be retained alongside the related call, appointment, or account record. Billing records are retained for the period required by tax law (typically seven years).

5. Sharing With Third Parties

We use a small set of service providers to operate our website and Relay platform. Each is bound by a data processing agreement and processes data only as needed to provide its service:

  • Google Cloud Platform — hosting, Firestore database, Cloud Run compute, Vertex AI (Gemini) language model, and Google Calendar (only for businesses that connect it).
  • Google Identity Platform (Firebase Auth) — stores email/password authentication credentials for Relay subscribers; passwords are never transmitted to or stored by Sandy Brook.
  • Twilio — telephony infrastructure.
  • Stripe — subscription and usage billing.
  • Brevo — transactional email notifications.
  • Formspree — contact form submissions on this website.

We do not share information with advertising networks or data brokers. We may disclose information when required by law (subpoena, court order, or valid government request) or to protect the rights, property, or safety of Sandy Brook DevWorks, our users, or the public.

6. Security

We use industry-standard safeguards including TLS encryption in transit, encryption at rest for sensitive credentials (Google Cloud KMS), and principle-of-least-privilege access controls. No system is perfectly secure, and we encourage you to use strong, unique passwords and to report any suspected misuse to security@sandybrook.io.

7. Your Rights

Depending on where you live (for example, California, Virginia, Colorado, or the European Economic Area), you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Request deletion of your information.
  • Object to, or limit, certain processing.
  • Receive your information in a portable format.
  • Withdraw consent where processing is based on consent.

To exercise these rights, email privacy@sandybrook.io. We respond within 30 days. We do not sell personal information, so no "Do Not Sell" process is required — but you are welcome to confirm this directly with us.

8. Children

Our services are intended for use by businesses and adults. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be noted by updating the "Last updated" date at the top of this page, and, where appropriate, we will notify active users directly. Continued use of our services after an update constitutes acceptance of the revised policy.

10. Contact

Sandy Brook DevWorks LLC
5900 Balcones Dr Ste 100
Austin, TX 78731-4298
United States
Email: hello@sandybrook.io
Privacy inquiries: privacy@sandybrook.io