Privacy Policy

• Account data: your email address and a hashed password.
• Baker profile: your bakery name, the state whose cottage-food law you operate under, and your pickup address. Your address is treated as private (see the address-privacy guarantee above).
• Listings: baked-good menu items, photos, pricing, ingredient and allergen information, and pickup windows.
• Customer order data: customer name, email, phone, order line items, special instructions, and pickup slot. Provided by your customers when they place an order with you.
• Stripe billing metadata: Stripe customer ID, subscription ID, and payment intent IDs received via the Stripe SDK. We do not store full payment card numbers.

• Full payment card numbers — these are tokenized and held by Stripe. CottageOps only receives reference IDs (e.g.,payment_intent_id).
• Behavioural analytics, advertising IDs, or third-party tracking pixels.
• Sensitive demographic data (race, religion, sexual orientation, health) — we have no field for it and no interest in collecting it.

• To provide the CottageOps service to you.
• To process your subscription billing through Stripe.
• To respond to support requests you send us via email or in-app channels.
• To send transactional notifications (order placed, payment received, refund issued, account security).
• We do not sell your data, share it with third-party advertisers, or use it to train external machine-learning models.

• Stripe — processes subscription payments and your customers' order payments. Stripe's privacy policy applies to data they hold.
• Calendly — used only for the founder onboarding call (first 100 bakers). Calendly receives the attendee's name, email, and chosen time slot.
• Google Cloud Platform (GCP) — hosts the CottageOps backend, database, and static assets. GCP is the infrastructure provider; they do not access application data.

We retain your account and operational data for as long as your account is active. After account closure, billing records are retained for 90 days for reconciliation and tax purposes, after which we delete them on a rolling schedule. You may request earlier deletion at any time (see §7).

• Export: you may export your menu, customer, and order data as CSV from your dashboard at any time.
• Correct: you may edit your account, baker profile, and listings directly.
• Delete: email tianfang_pku@hotmail.com to request full deletion of your account and associated data.

CottageOps uses essential session cookies to keep you logged in and to remember dashboard preferences (e.g., a dismissed welcome banner). We do not run third-party analytics, ad networks, or behavioural tracking. We do not have a cookie consent banner because we do not set non-essential cookies.

CottageOps is intended for users 18 years of age or older. The service is not directed at children, and we do not knowingly collect personal information from minors. If we discover such data, we will delete it.

Privacy questions, data-export requests, and deletion requests: tianfang_pku@hotmail.com.