Privacy Policy

Effective date: January 1, 2025. Version: 2025-01.

1. Data We Collect

We collect the following categories of personal data:

  • Account data: email address, username, business name, and profile information you provide during registration and onboarding.
  • Usage data: pages visited, features used, session timestamps, and browser/device information collected automatically.
  • Payment data: billing information processed by Stripe. We do not store full card numbers — payment data is handled by Stripe in accordance with PCI-DSS standards.
  • Order and business data: orders, products, recipes, inventory, and customer data that you upload or create within BakerKit.
  • Cookie data: see our Cookie Policy.

2. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Performance of a contract: to provide the BakerKit service you have subscribed to.
  • Legitimate interests: to operate, secure, and improve our platform, and to prevent fraud and abuse.
  • Consent: for optional marketing communications where you have opted in. You may withdraw this consent at any time.
  • Legal obligation: where required by applicable law.

3. How We Use Your Data

  • To create and manage your account.
  • To process payments and manage subscriptions.
  • To provide customer support.
  • To send transactional emails (order confirmations, account alerts).
  • To send marketing emails, if you have opted in.
  • To monitor and improve platform performance and security.
  • To comply with legal obligations.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. If you close your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law (e.g., financial records for tax purposes, which may be retained for up to 7 years).

5. Data Sharing

We share your data with the following third-party processors:

  • Supabase — database and authentication infrastructure. Data is stored in the EU (AWS Frankfurt region unless otherwise configured).
  • Stripe — payment processing and subscription management.
  • Resend — transactional and marketing email delivery.
  • Vercel — hosting and edge infrastructure.

We do not sell your personal data to third parties.

6. Your Rights

Under the GDPR and applicable data protection law, you have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data (“right to be forgotten”), subject to legal retention requirements.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: withdraw marketing consent at any time via your account settings or by emailing support@bakerkit.app.

To exercise any of these rights, contact us at support@bakerkit.app. We will respond within 30 days.

7. Cookies

We use cookies to operate the platform. See our Cookie Policy for details.

8. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Contact & DPA

For privacy enquiries or to exercise your rights, contact us at support@bakerkit.app. If you are a business customer requiring a Data Processing Agreement (DPA), please contact us at the same address.