SandCastle ("the App," "we," "us") is a financial operations tool for independent restaurant operators. This Privacy Policy explains what information we collect, how we use it, and what rights you have.
SandCastle comes in two versions:
Both versions are designed to keep your financial data local to your device at all times.
We do not collect, transmit, store, or have access to:
All data you enter or upload in the web version is stored exclusively in your browser's IndexedDB — a local storage mechanism built into your browser. This data:
All data is stored in a local JSON file on your computer:
This file is never transmitted anywhere. It is not encrypted by default — anyone with physical or remote access to your computer can read it. We recommend enabling full-disk encryption (FileVault on Mac, BitLocker on Windows) to protect locally stored data.
The web version uses Umami Analytics, an open-source, cookieless analytics tool. Umami does not use cookies or track individuals across websites or sessions.
For each page view or in-app interaction, Umami records the following:
We use this data solely to understand how the app is used and to improve it. It is not shared with, sold to, or accessible by any third party. It is retained for up to 12 months.
City-level location data derived from IP addresses may constitute personal data under GDPR in some interpretations. If you are a resident of the European Economic Area (EEA) and wish to request deletion of any data associated with your visit, contact us at hello@sandcastle.best with the approximate date of your visit and your country/city.
If you use the Contact & Feedback form, you may voluntarily provide your name (optional), email address (optional), and the content of your message. This is sent to us via your email client — we never see it unless you send it.
We use this information only to respond to your inquiry and improve the product. We do not add you to any mailing list, share your information with third parties, or retain it beyond the time needed to address your feedback.
SandCastle uses one functional item stored in localStorage:
No advertising cookies, tracking cookies, or third-party cookies are used. No cookie banner is required.
No advertising networks, social media trackers, or data brokers are used.
Because SandCastle stores data locally rather than on our servers, the security of your financial data is primarily governed by your own device security. We recommend:
The web version is served over HTTPS (TLS 1.2+), which encrypts the app files in transit. Since no financial data is ever transmitted to us, this applies only to the app code itself.
Because SandCastle does not sell personal information and collects minimal personal data (limited to voluntary contact form submissions and anonymous analytics), most CCPA provisions have limited practical applicability to our service.
To the extent CCPA applies, you have the right to know what personal information we have collected, request its deletion, and opt out of its sale (we sell none). To exercise these rights, contact us at [email protected].
SandCastle is not directed at individuals under 18. We do not knowingly collect personal information from children. If you believe a child has submitted personal information, contact us immediately at [email protected].
We may update this policy from time to time. If we make material changes — particularly any that involve collecting financial data on our servers — we will update the effective date at the top of this page and notify users through the app. Any changes involving server-side financial data will require your explicit consent before taking effect.