← Back to Home

Privacy Policy

Last Updated: 11/27/2025

We voluntarily comply with CCPA, GDPR, and COPPA standards to protect your privacy.

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information (email, name) through Clerk authentication
  • Recipe data you import or create
  • Baking plans and schedules you generate
  • Usage data and analytics

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your recipe imports using AI parsing
  • Generate baking schedules and plans
  • Send you technical notices and support messages
  • Respond to your requests and inquiries

3. Data Security

We implement industry-standard security measures to protect your data:

  • AES-256-GCM encryption for sensitive data at rest
  • HTTPS/TLS encryption for data in transit
  • Multi-tenant database isolation
  • Rate limiting and access controls
  • Regular security audits and testing

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Clerk: Authentication and user management
  • Anthropic: AI-powered recipe parsing (recipes only, no personal data)
  • Stripe: Payment processing (when applicable)

5. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Export your data in JSON format
  • Objection: Object to processing of your data

6. Data Retention

We retain your data as follows:

  • Recipes and Plans: Until you delete them or close your account
  • Audit Logs: 90 days
  • Account Data: Until account deletion

7. Exercising Your Rights

To exercise your privacy rights:

  • Data Export: Visit /api/user/export while logged in
  • Account Deletion: Contact support or use our deletion endpoint
  • Questions: Email privacy@doughflow.com

8. Cookies

We use essential cookies for:

  • Authentication (Clerk session cookies)
  • Security (CSRF protection)
  • Functionality (user preferences)

9. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@doughflow.com.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email (if you have an account) and by posting the new policy on this page with an updated "Last Updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information collected, used, or shared
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, email privacy@doughflow.com or use our data export/deletion endpoints.

12. Do Not Sell My Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We only share data with service providers necessary to operate the service (Clerk, Anthropic, Stripe).

13. International Users

Doughflow is operated from the United States. If you are accessing the service from outside the U.S., your information will be transferred to, stored, and processed in the United States. By using our service, you consent to this transfer.

14. Contact Us

For privacy questions or concerns, contact us at:

Email: privacy@doughflow.com
Mailing Address:
Doughflow
Michael Borohovski
2066 N Capitol Ave
Unit #8181
San Jose, CA 95132