Privacy Policy

I hate when websites pretend to care about your privacy in pages of legalese. So here's the deal in plain English: I collect the bare minimum needed to bake bread for you and let you know when it's ready. I don't sell your information. Ever.

1. What I collect

• When you place an order: name, email, phone (optional), pickup week, notes, and order contents.
• When you subscribe to be notified: just your email.
• When you send a contact message: name, email, and the message body.
• Automatically: basic technical info (browser type, IP address, referring page) collected by the hosting provider (Vercel) for security and to make the site load fast. I don't use third-party advertising trackers.

2. What I do with it

• Run your order — confirm it, send you status updates by email, coordinate pickup, and keep records for my own bookkeeping.
• Send you the email you asked for — order updates, or the “orders are open again” email if you subscribed.
• Reply to you if you send me a contact message.
• That's it. I do not run ads, profile you, or sell your data to anyone.

3. Who I share it with

A few service providers see your data so the site works. I've picked services I trust and that have their own privacy commitments:

• Vercel — hosts the website. Sees request data and any data you submit through the site.
• Neon — stores order and subscriber records securely in a Postgres database.
• Resend — delivers transactional email (order updates, reopen notifications). Receives your email address and the message contents.

Other than those operational providers, I don't share your information with anyone unless required by law.

4. How long I keep it

• Order records: kept for up to 3 years for tax/recordkeeping reasons, then deleted.
• Subscriber emails: kept until you unsubscribe.
• Contact messages: kept indefinitely so I can refer back to past conversations, unless you ask me to delete them.

5. Your choices

• Unsubscribe from notifications anytime — reply to any email I send and ask, or email Bakedbyalexa24@gmail.com.
• Ask me to delete your data — email me and I'll remove your records (except where I'm required to retain them for tax purposes).
• Get a copy of what I have — email me and I'll send you everything I've stored about you.
• California residents have additional rights under CCPA; please reach out and I'll honor any applicable request.

6. Cookies

The site uses a couple of basic cookies to remember if you're signed in to the admin area and to store your in-progress cart in your browser. I don't use third-party tracking cookies or analytics that profile individual users.

7. Children

The site is not intended for children under 13. I don't knowingly collect data from them.

8. Security

I take reasonable precautions to protect your data — all traffic is encrypted via HTTPS, passwords are hashed, and the database is hosted on Neon's secure infrastructure. That said, no online service is 100% secure, and I can't guarantee against every possible breach.

9. Changes

If this policy changes meaningfully, I'll update the date at the top and (for big changes) post a note on the home page.

10. Contact

Privacy questions, deletion requests, or anything else: email me at Bakedbyalexa24@gmail.com.