Privacy Policy — BakeFlow

1. Information we collect

We collect information you provide directly: your name, email address, and business details when you create an account. We also collect information about your use of the service, including orders, customers, products, and payments processed through BakeFlow.

Authentication is handled by Clerk. We do not store your passwords. Payment processing is handled by Stripe. We do not store card numbers or sensitive payment information.

2. How we use your information

To provide and improve the BakeFlow service
To process payments and send invoices on your behalf
To communicate with you about your account and the service
To diagnose technical issues and prevent abuse

We do not sell your personal information or your customers' data to third parties.

3. Your customers' data

When your customers place orders through your storefront, their information (name, email, order details) is stored in your account. You are the data controller for your customers' data. We process it on your behalf as a data processor.

You can export or delete your customers' data at any time from your dashboard.

4. Third-party services

We use the following third-party services:

Clerk — authentication and user management
Stripe — payment processing and Connect onboarding
Neon — database hosting (your data is encrypted at rest)
AWS — application hosting and infrastructure

5. Data retention

We retain your account data for as long as your account is active. If you close your account, we will delete your data within 30 days, except where retention is required by law (e.g. financial records).

6. Your rights

You have the right to access, correct, or delete your personal data at any time. You can do this from your account settings, or by contacting us at privacy@tradeflow.app.

7. Contact

Questions about this policy? Contact us at privacy@tradeflow.app.