Data Handling Policy

What We Do

Sound Automations builds and manages AI-powered automation tools for small businesses. This policy explains how we handle your data and your customers' data when delivering those services.

What Data We Access

We only access data that is directly required to operate the automation we've built for you. Depending on your service, this may include:

• Customer phone numbers (for SMS automations)
• Appointment information (for reminder systems)
• Customer review text (for review response tools)
• Business name and contact details

We do not access financial records, payment information, employee records, or any data outside the scope of the agreed service.

Where Your Data Goes

Your data flows through the following enterprise-grade platforms:

We do not sell, share, or transfer your data to any third party outside of the platforms listed above.

How Long We Retain Data

• Active clients: Data is retained only as long as needed to operate the service
• Upon cancellation: All client data is deleted or returned within 30 days of termination
• Logs: System logs may be retained for up to 90 days for troubleshooting purposes only

How We Protect Your Data

• All data is transmitted over encrypted connections (TLS/HTTPS)
• API credentials and secrets are stored securely and never in plain text
• Access to your data is limited to Sound Automations personnel only
• All accounts use strong passwords and two-factor authentication

Healthcare Clients

If your business is subject to HIPAA (medical offices, dental practices, mental health providers), we will execute a Business Associate Agreement (BAA) before any work begins. Please notify us during onboarding.

Your Rights

You may request at any time:

• A description of what data we hold related to your account
• Deletion of your data
• A copy of this policy or our vendor agreements

To make a request, email mike@soundautomationsct.com. We will respond within 5 business days.