Back to home

Privacy Policy — BakeCost

This policy describes how BakeCost ("the app", "we") handles your information when you use the mobile application.

Quick summary

  • Without an account, the app works 100% offline and your information stays only on your device. Orders, customers, recipes, photos, everything: never leaves the phone if you don't sign in. Creating an account is optional: it is never required to use the app.
  • Cloud is optional (opt-in). Only when you create an account and sign in does your information sync to your own account on our server, for backup and multi-device use. You choose to enable it.
  • The public storefront is optional (opt-in). If you choose to publish a public ordering page (yourbusiness.bakecost.app), your end customers can send you order requests with their contact details from the web. That data goes only to your account; you are the controller of it and BakeCost only processes it to deliver the order to you. Nothing is charged on the site.
  • Your information goes only to your own account. We do not sell it, do not share it with third parties for advertising, and do not use it to track you.
  • We don't use analytics, tracking, or advertising.
  • Encryption in transit: when you sign in, your information travels encrypted (HTTPS/TLS) between the app and our server.
  • You can delete your account and all its cloud data at any time from within the app, under Settings → Account → Delete account, or by emailing soporte@bakecost.app (see "Your cloud account"). Separately, deleting your local data inside the app is immediate (see "Your rights").
  • Crash reports: when the app crashes, we automatically send the technical error trace (no names, no orders, nothing personal) to a service called Sentry so we can fix it. Details below.

The two modes: offline (default) and cloud (optional)

BakeCost works in two ways, and you choose:

  • Without an account (default): all your information is stored locally on your device, using the app's private storage. No server receives your business information, the app works fully offline, and nothing leaves the phone unless you actively share it. The guarantees in the "Offline" sense apply in full.
  • With an account (optional / opt-in): if you choose to create an account and sign in, your information syncs to your own account on our server, so you have a backup and can use it across multiple devices. You still keep a local copy on the device. See "Your cloud account".

Information the app handles

Everything you create in BakeCost includes:

  • Your products, recipes, and ingredients
  • Your customers (name, phone, email, address, birthday if you add them)
  • Your orders, quotes, and payments
  • Your inventory and movements
  • Your price history
  • Your expenses
  • Notes, photos of products and orders
  • Business settings (name, contact, currency)

Without an account, all of this lives only on your device and nothing leaves the phone unless you share it. With an account, this same information syncs to your cloud account (see below).

Your cloud account (optional)

This section applies only if you choose to create an account and sign in. If you never sign in, none of this happens.

How you sign in. You can create your account with email and password. We are also adding Google and Apple sign-in (depending on availability). Identity is handled by our authentication provider (Supabase Auth); we never see your password.

What syncs when you sign in. Your business information: ingredients, recipes and sizes, products, orders, inventory, stock movements, price history, expenses, and notes. Important: this includes the personal data of your customers that you enter (name, phone, email, address, birthday). You are the controller of your customers' data; we process it on your behalf, solely to provide you with backup and sync, and only within your own account.

Where it is stored. With our database and authentication provider (Supabase, on Postgres) and hosted on Vercel. Your information is associated with your account and isolated from other users'. We do not share it with third parties for advertising and do not use it to track you.

How to delete your account and your cloud data. You can delete your account directly from the app, under Settings → Account → Delete account: we permanently erase your account and its data from the server, along with your sign-in identity. If you prefer, you can also request it by email at soporte@bakecost.app. This is separate from deleting your local data: information stored on your device is independent and remains unless you use More → Backup → Delete all (which affects only your device) or uninstall the app. Deleting your cloud account does not erase the data on this device. Signing out does not delete your cloud account; it only disconnects this device.

Public storefront (optional)

This section applies only if you enable a public storefront (an ordering page at yourbusiness.bakecost.app). It is opt-in: if you never enable it, none of this happens and the app keeps working the same.

What it is. When you publish your storefront, your end customers can see your catalog (products, sizes, and prices — never your costs or margins) and send you an order request from a web page, with no app install and no account.

What end-customer data is collected. To send you the request, the customer enters in the web form: their name, phone, email (optional), the delivery address (only if they choose delivery), the products they want, the desired date, and a preferred payment method. That data is stored as an order in your account (just like any other order).

Who is responsible. You, the business owner, choose to publish the storefront and are the controller of your end customers' data. BakeCost acts as the data processor: we process that data on your behalf, solely to deliver the order request to you, and only within your own account. We do not sell it, do not share it with third parties for advertising, and do not use it to track anyone.

The end customer has no account. Whoever places the order does not sign in, has no profile, and receives no notifications from us. The page shows them a privacy note at the moment they submit their data.

No payments are processed on the storefront. The payment method is only a declared preference; nothing is charged on the site, there are no cards, no payment gateway, and no in-app purchases. Payment is arranged and made directly between you and your customer, outside BakeCost.

Abuse prevention. To prevent spam, the site may temporarily use the IP address of whoever submits the form; it is not stored with the order and is not used to track anyone.

Deletion. Like any order, the end-customer data that arrives via the storefront lives in your account and is deleted when you delete those orders or when you delete your account (see "Your cloud account" and "Your rights").

Actions you control

When you decide to share something, the following happens:

  • Quote via WhatsApp: opens your WhatsApp app with the message ready. You choose who to send it to. We see nothing.
  • Quote PDF: generates the file on your device and opens the system panel so you can choose how to share it (email, AirDrop, messages, etc.).
  • Backup of your data: you generate a file and share it by email, WhatsApp, or save it to iCloud / Google Drive. You decide where.
  • Call / WhatsApp a customer: opens your system app with the number prefilled.

System permissions

The app may ask you for these permissions. You can deny them without losing core functionality:

  • Camera: only if you choose to take a photo of a product or reference for an order. The photo is saved locally.
  • Photos / Library: only if you choose to pick an existing image.
  • Notifications: only if you enable order reminders. They are generated locally on your device.

Your rights over your information

  • Access: all your information is visible and editable directly from the app.
  • Edit and delete: you can modify or delete products, orders, customers, ingredients, photos, and notes individually.
  • Export: from More → Backup → Create backup, you generate a file with all your information to keep on your own.
  • Delete everything (on device): from More → Backup → Delete all, you erase absolutely all information from the app on your device. This action is immediate and cannot be undone.
  • Delete your cloud account: if you signed in, you can delete your account and all your cloud data from Settings → Account → Delete account, or by writing to us at soporte@bakecost.app (see "Your cloud account"). This is separate from the local wipe above.

Without an account, all your information lives only on your device and you have full, direct control at any time. With an account, you exercise these same rights from the app, and you can delete your cloud data whenever you want.

Data retention

  • On your device: information remains until you decide to delete it or uninstall the app.
  • In the cloud (only if you signed in): your information is kept in your account as long as the account exists, to give you backup and sync. When you delete your account, we erase all that data and your sign-in identity. Uninstalling the app does not by itself delete your cloud account; for that, use Settings → Account → Delete account inside the app or write to us at soporte@bakecost.app.

If you create a manual backup and upload it to iCloud, Google Drive, or send it by email, that copy is outside our control and is governed by the privacy policies of the service where you store it.

Security

  • Encryption in transit: when you sign in, the information that syncs travels encrypted via HTTPS/TLS between the app and our server.
  • Offline / no account: if you don't sign in, your information is not sent to any server; it stays only on your device.
  • On the device: local information is protected by your operating system's security measures (iOS / Android): device encryption, lock code, and your phone's own privacy controls.
  • In the cloud: each account is isolated; your information is only accessible from your own authenticated session.

If you lose your device or switch phones: with an account, you can recover your information by signing in on another device; without an account, the only way to recover it is from a backup you made previously.

Third-party services and libraries

The app is built on standard technologies that may include third-party components:

  • Expo / React Native: development framework. Does not collect user data in production.
  • Expo Notifications: handles local notifications. Notifications are scheduled on your device.
  • Expo Image Picker: lets you pick images from your gallery or take photos. Images are saved in the app's private storage.
  • Supabase (only with an account): database and authentication provider. When you sign in, it stores your business information and manages your identity (email/password, and Google/Apple depending on availability). It acts as our data processor and only processes your information to provide the service.
  • Vercel (only with an account): hosting for our server (backend) that the app syncs your information with when you sign in.
  • Google Play Services / Apple App Store: handle installation and updates according to Google's and Apple's policies respectively. If you sign in with Google or Apple, the corresponding provider handles that sign-in.
  • PayPal (optional, Android only): on Android, if you choose to support development from the "Support" screen, the app opens an external PayPal Donations link in your browser. The payment is processed entirely by PayPal; we do not receive any information about your card or account. Supporting does not unlock any feature. On iOS this option is not available.
  • Sentry (crash reporting): when the app crashes unexpectedly or detects a technical error, it automatically sends a report to Sentry so we can diagnose and fix it. The report includes: the error stack trace, your device model, the OS version, the app version, and your timezone/locale. It does NOT include: your name, your orders, your customers, your recipes, photos, amounts, or any data from your business. Sentry is NOT used for tracking, advertising, or behavioral analysis.

We do not use third-party analytics (Google Analytics, Firebase, Mixpanel, etc.), advertising, or behavioral trackers.

Children

The app is intended for adults who manage a bakery business. We do not request or track the user's age.

We do not knowingly collect personal information from children under 13. If you have evidence that a child under 13 is using the app and need any associated information removed, write to us at soporte@bakecost.app. The local information on the child's device can also be erased directly from the Delete all option within the app, and if a cloud account exists, write to us at soporte@bakecost.app to delete it.

On the public storefront, orders are intended for people able to enter into a transaction; BakeCost does not knowingly request or collect minors' data through the public form. The business owner (controller) can delete any order — and with it the end-customer data — at any time; if you believe a minor submitted data through this channel, write to us at soporte@bakecost.app and we will delete it.

Changes to this policy

If we change something important, we will update the date at the top of this document and, where applicable, notify you in the app.

Contact

If you have questions about this policy or how the app handles your information, write to us at:

soporte@bakecost.app