Privacy Policy

Last updated: April 29, 2026

Boneyard Collective LLC (“Boneyard,” “we,” “us,” or “our”) operates boneyardcollective.com and provides product design, development, and consulting services. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using our website, contacting us, booking a call, accepting a demo site, or opting in to SMS communications, you agree to the practices described here.

1. Information we collect

You provide directly

Contact info — name, email address, phone number, business name when you fill in a contact form, audit form, booking, demo-acceptance form, or reply to outreach
Business context — what you’re trying to build, timeline, budget, and any notes you share with us
Payment info — handled by Stripe; we never store full card numbers on our servers
Account credentials — if you log in to a client portal, your email and password (passwords are hashed; we never see the plaintext)

Collected automatically

Usage data — pages viewed, referrer, session and visitor identifiers (anonymous), browser, OS, device type, and approximate geographic location (city/region) inferred from IP
Cookies and similar technologies — first-party cookies for session management and basic analytics. We do not use third-party advertising trackers.

From public sources

For prospect research we may collect publicly listed business information (business name, address, public phone number, public website, owner names from About/Team pages, public reviews) from sources like Google Places. We do not purchase consumer marketing lists.

2. SMS messaging

This section applies if you have given Boneyard Collective consent to text you.

How you opt in: by replying affirmatively to outreach we send (email, web form, or in-person request), checking an opt-in box on a Boneyard form, providing your phone number on a booking, or texting START to a number we provide. SMS consent is never a condition of purchase.
What we send: follow-ups about a project we’re actively discussing, reminders about scheduled calls, and occasional requests for reviews after a project ships. Frequency is typically fewer than 4 messages per month.
How to opt out: reply STOP at any time to immediately stop all messages. Reply HELP for assistance. Standard message and data rates may apply.
Phone numbers and SMS consent are never shared with third parties for marketing purposes. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors is limited to those performing services for our SMS program (currently Twilio for delivery) and is subject to the same restrictions.

3. How we use information

To respond to inquiries and deliver the services you requested
To contact you about an active project, scheduled call, or proposal
To improve the website, prevent fraud, and maintain account security
To send you SMS messages you have consented to receive
To comply with legal obligations

We do not sell your personal information. We do not use your data to train external AI models for purposes unrelated to delivering our service to you.

4. Service providers we use

We share data with the following processors only to the extent needed to operate the service:

Vercel — hosting and analytics
Turso — database
Resend — transactional email delivery
Twilio — SMS delivery
Stripe — payment processing
Anthropic — AI inference for site generation and internal coaching tooling. We do not send personally identifiable client data to model providers when not strictly necessary.

5. Cookies

We use first-party cookies for session management (keeping you signed in to a client portal) and basic analytics. We do not use cookies for third-party advertising, retargeting, or sale to data brokers. You can disable cookies in your browser settings, though some site features may not work.

6. How long we keep data

Inquiry and lead data: retained while we are in active conversation, then up to 24 months after the last interaction unless you ask us to delete it sooner.
Active client data: retained for the life of the engagement plus 7 years for tax and contract purposes.
SMS opt-out records: retained indefinitely so we never re-contact a number that has opted out.

7. Your choices

Email — every outreach email contains an unsubscribe link. Click it and we stop emailing you.
SMS — reply STOP to any message.
Access, correction, deletion — email hello@boneyardcollective.com from the address we have on file and we’ll honor reasonable requests within 30 days.

8. California, Virginia, and other state privacy rights

If you are a resident of a state with a comprehensive consumer privacy law (CA, CO, CT, VA, UT, and others), you have the right to access, delete, and correct personal information we hold about you, and to opt out of any sale or sharing for cross-context behavioral advertising. We do not sell or share personal information for advertising. To exercise other rights, email hello@boneyardcollective.com.

9. Children

Our services are intended for businesses and adults. We do not knowingly collect data from children under 13. If you believe we have, contact us and we will delete it.

10. Security

We use industry-standard safeguards (encryption in transit, encrypted databases, access controls). No internet-based system is perfectly secure; we cannot guarantee absolute protection but we will notify affected users of any breach in line with applicable law.

11. International users

Our servers are located in the United States. By using our services from outside the U.S., you consent to your information being processed in the U.S.

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be posted prominently on this page; if you have opted in to SMS we may also notify you by text.

13. Contact

Questions about this Privacy Policy or our data practices?

Boneyard Collective LLC
hello@boneyardcollective.com