Privacy Policy
Version 1.0 — Effective March 20, 2026
1. Who We Are
CakeLedger is made by The Ledger Pulse Inc., based in Alberta, Canada.
The Ledger Pulse Inc. ("Company," "we," "us"), an Alberta corporation, is the data controller for personal data collected through the CakeLedger application ("Service"). For privacy inquiries, contact: privacy@cakeledger.com.
2. What We Collect
We collect what you give us (name, email, business info, recipes, orders) plus basic technical data about how you use the app.
2.1 Account Data
Name, email address, city, business name, and currency preference.
2.2 Baking Data
Ingredients, purchase entries, recipes, products, orders, customer details, labour entries, equipment records, and tax lines.
2.3 Financial Data
Subscription tier, billing status, and payment history (processed via Stripe; we never see or store your full card numbers).
2.4 Usage Data
Pages visited, features used, session duration, device type, browser, operating system, and IP address.
2.5 Community Data
If you opt in to community data sharing: ingredient prices, product prices, recipe compositions, and city.
3. Why We Collect It
We use your data to run CakeLedger, process payments, and improve the product. We never sell it.
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Provide the Service | Contract performance | Account, Baking, Usage |
| Process payments | Contract performance | Financial |
| Improve the product | Legitimate interest | Usage (aggregated) |
| Community insights | Consent | Community (anonymized) |
| Send transactional emails | Contract performance | Account (email) |
| Marketing emails | Consent | Account (email) |
| Legal compliance | Legal obligation | As required |
4. Who Sees Your Data
Only you see your baking data. Our infrastructure providers (Supabase, Vercel, Stripe) process it to keep the app running. We never sell your data.
4.1 Infrastructure Providers
Your data is processed by: Supabase (database hosting, US East region), Vercel (application hosting, global CDN), and Stripe (payment processing). Each provider acts as a data processor under contractual obligations to protect your data.
4.2 No Sale of Data
We do not sell, rent, or trade your personal data to any third party. We never have and never will.
4.3 Community Pool
If you opt in to community data sharing, anonymized data (ingredient prices, product prices, city) is contributed to a shared pool used to generate community insights. Your identity is never attached to community data. See Section 8 for full details.
4.4 Law Enforcement
We will only disclose your data to law enforcement or government authorities when required by valid legal process (court order, subpoena, or equivalent legal instrument). We will notify you of such requests unless legally prohibited from doing so.
4.5 Business Transfer
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you via email and in-app notification before any such transfer and provide you with the opportunity to delete your account.
5. Cross-Border Data Transfers
Your data is stored on servers in the United States. If you're outside the US, your data crosses borders. We use standard legal protections.
Your data is primarily stored and processed in the United States (Supabase, US East region). If you access the Service from outside the United States, your data will be transferred across international borders. We protect cross-border transfers using the following mechanisms: Standard Contractual Clauses (SCCs) for transfers from the EU/EEA/UK, consent-based transfer mechanisms as permitted under Canada's PIPEDA, and contractual protections with all infrastructure providers. By using the Service, you acknowledge and consent to the transfer of your data to the United States and other jurisdictions where our service providers operate.
6. Your Rights
You can see your data, download it, correct it, or delete it. The exact rights depend on where you live.
6.1 All Users
Regardless of your location, you have the right to: access your data, export your data, correct inaccurate data, delete your account and associated data, and withdraw consent for optional processing.
6.2 EU/EEA/UK Users (GDPR)
Additional rights include: restriction of processing, data portability in machine-readable format, right to object to processing based on legitimate interest, and the right to lodge a complaint with your supervisory authority.
6.3 California Users (CCPA/CPRA)
Additional rights include: right to know what data is collected and how it is used, right to delete, right to opt out of sale of personal information (we do not sell data), and right to non-discrimination for exercising your rights.
6.4 Canadian Users (PIPEDA)
Additional rights include: right to access your personal information, right to challenge the accuracy of your information, and right to withdraw consent for collection, use, or disclosure.
6.5 Nigerian Users (NDPA)
Additional rights include: right to access, right to rectification, right to deletion, and right to data portability.
6.6 Response Time
We will respond to data rights requests within 30 days. Complex requests may require an additional 30 days, in which case we will notify you of the extension and the reason.
6.7 How to Exercise Your Rights
You can exercise your rights by emailing privacy@cakeledger.com or through the data management options in Settings within the app.
7. Data Retention
Your data stays as long as your account is active. If you delete your account, we delete your data within 30 days. Backups purged within 90 days.
Active accounts: Data is retained for the duration of your account.
Deleted accounts: Production data is deleted within 30 days of account deletion. Database backups containing your data are purged within 90 days.
Community pool: If you opted in, your individual data rows are deleted upon opt-out or account deletion within 30 days. Aggregate statistics that have already been computed from your data may persist, as they cannot be individually disaggregated.
Payment records: Retained for 7 years as required by Canadian tax law.
Legal hold: Data may be retained beyond standard periods if required by legal proceedings, regulatory investigations, or valid legal process.
8. Community Data Sharing
Community data sharing is completely separate and optional. You choose to join. You can leave anytime.
8.1 Separate Consent
Community data sharing requires separate, explicit consent. It is not included in the general Terms of Service acceptance. You will be prompted to opt in with a clear explanation of what is shared and what is not.
8.2 What Is Shared
Ingredient prices (per unit), product prices (per product type), and city (for regional comparisons).
8.3 What Is Never Shared
Your name, email, business name, customer information, effective hourly rate, labour hours, total costs, profit margins, profit amounts, or physical address are never included in community data.
8.4 Anonymity
Community data is pooled and anonymized. Minimum thresholds apply before data is surfaced: at least 5 products and 3 ingredients must be contributed by different users in a category before any community insights are displayed.
8.5 Opt-Out
You can opt out at any time through Settings. Your individual data rows will be removed from the community pool within 30 days. Aggregate statistics already computed may persist.
8.6 Backfill on Opt-In
When you opt in, eligible historical data (ingredient prices, product prices, city) may be contributed to the community pool retroactively. You will be informed of this at the time of opt-in.
9. Cookies
We use cookies to keep you logged in. Analytics and marketing cookies are off by default. You choose.
| Category | Default | Purpose |
|---|---|---|
| Essential | Always on | Authentication, session management, security |
| Analytics | Off (opt-in) | Understanding usage patterns to improve the product |
| Marketing | Off (opt-in) | Measuring effectiveness of outreach |
10. Email Communications
We send emails about your account (password resets, billing). Marketing emails only if you opt in. Unsubscribe anytime.
10.1 Transactional Emails
We send emails necessary for the operation of the Service, including password resets, billing confirmations, account security alerts, and service announcements. These do not require marketing consent and cannot be unsubscribed from while your account is active.
10.2 Marketing Emails
Marketing emails (tips, feature announcements, promotions) are only sent if you opt in. We comply with CASL (Canada), GDPR (EU/UK), and CAN-SPAM (US) requirements. Every marketing email includes a one-click unsubscribe link. Unsubscribe requests are processed within 10 business days.
11. Children
CakeLedger is for people 18 and older. We don't knowingly collect data from anyone under 18.
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a person under 18, we will delete that data promptly. If you believe a minor has provided us with personal data, please contact privacy@cakeledger.com.
12. Changes to Privacy Policy
If we change this policy, we'll let you know and post the updated version.
We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' notice via in-app notification and email. The current version of this policy, with its effective date, is always available at /legal/privacy. Non-material changes (formatting, clarifications) take effect immediately upon posting.