Privacy Policy

Last updated: June 11, 2026

The short version: Sprayberry Labs only collects information you give us directly — through the Ask Alf chat, by email, or by running the free mini-audit. We don't sell your data, run ads, or use what you send us to train AI models. We do rely on a few service providers (including OpenAI) to run the chat and the mini-audit — they're listed below. Data is held only as long as needed to respond to you or deliver an engagement.

What we collect

sprayberrylabs.com is hosted on Cloudflare Pages. Most of it is static, with two interactive features that run server-side as Cloudflare Pages Functions — the Ask Alf chat and the free mini-audit (both described below). The pages set no tracking cookies and load no advertising or third-party analytics scripts; the only client-side code is first-party (the chat widget) plus Google Fonts for typography and Cloudflare's privacy-respecting web analytics. The chat widget also sends a small, cookieless count of anonymous interaction events — for example, that a call-to-action was clicked, the chat was opened, an inquiry was shared, or a mini-audit was run — to our own first-party endpoint, with no identifiers, no message contents, and no IP address.

We collect information in three ways, and only what you choose to give us:

Ask Alf chat — when you message the on-site assistant, your conversation is sent to OpenAI to generate the replies (see Third parties involved below). If you choose to share your name, email, and a description of what you need, we save that as an inquiry so we can follow up — and we're notified of it through Discord and email.
Email — if you email us (for example, hello@sprayberrylabs.com) or click an "Inquire" link, we receive whatever you write.
Free mini-audit — when you paste a public GitHub repository URL, our server fetches that repository's public metadata and a sample of its source code from GitHub and sends them to OpenAI for analysis. It doesn't ask for your name or email, and private repositories aren't reachable here.

Beyond what you type, email, or submit, the only thing we record is the anonymous, cookieless interaction counts described above — an event name (such as "call-to-action clicked" or "chat opened") and the page it happened on. They aren't tied to you, carry no identifiers or message contents, and we don't build advertising or tracking profiles.

How we use it

To reply to your inquiry by email
To scope and price an engagement if we proceed together
To deliver the work, including incidentally retaining email correspondence as part of project records

We don't share your information with third parties for marketing, and we don't sell or rent it. We don't use it to train AI models — and the provider that processes it for us (OpenAI, for the chat and the mini-audit) states that data sent through its API is not used to train its models and is retained only briefly for abuse monitoring.

How long we keep it

Inquiries we don't respond to or that don't lead to an engagement: deleted within 12 months. Inquiries that lead to engagements: retained for the duration of the engagement plus 7 years for tax and legal records (a standard US business retention window). Inquiries captured through the Ask Alf chat follow the same schedule. The mini-audit doesn't store personal data; a generated result for a given public repository may be cached at Cloudflare's edge for up to about 15 minutes to speed repeat lookups.

Third parties involved

Cloudflare — hosts the site, runs the serverless functions, and may collect standard server logs (IP, user agent, request URL). See Cloudflare's privacy policy.
OpenAI — processes Ask Alf chat messages and mini-audit code samples to generate responses. Per OpenAI's API terms, data sent through their API is not used to train their models and is retained only briefly for abuse monitoring. See OpenAI's privacy policy.
GitHub — the mini-audit reads public repository data through GitHub's API. See GitHub's privacy statement.
Discord — when the chat captures an inquiry, we're notified in an internal team channel via a Discord webhook. See Discord's privacy policy.
Resend — delivers the inquiry notification to our email inbox. See Resend's privacy policy.
Google Fonts — typography. See Google's privacy policy.
Cloudflare Web Analytics — privacy-respecting visit counts. No cookies, no IP logging, no fingerprinting. See Cloudflare Web Analytics.
Cloudflare Analytics Engine — stores the anonymous, cookieless interaction counts described above (an event name, which call-to-action, and the page path). No cookies, no IP, no identifiers; processed by Cloudflare as part of hosting. See Cloudflare's privacy policy.
Email provider — correspondence after an inquiry is conducted via standard email. The email provider's privacy policy applies in transit.

Your rights

You can request that we delete the inquiry data we hold about you at any time. Email hello@sprayberrylabs.com with the address you submitted from and we'll remove it within 30 days. If you're in the EU/UK, the same right applies under GDPR; if you're in California, the same applies under CCPA.

Cookies

We don't set cookies on this site. Cloudflare may set strictly-necessary security cookies (e.g., bot mitigation) — those are first-party, short-lived, and not used for tracking.

Changes to this policy

If we change anything material, we'll update the date at the top. Substantive changes will also get a brief note in our next reply to you if we're already in conversation.

Contact

Questions about this policy: hello@sprayberrylabs.com