Back to homeFlours and Figures

Privacy Policy

Last updated: February 2025 · Effective date: February 2025

1. Introduction

This Privacy Policy describes how Flours and Figures ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our web application and related services (the "Platform"). We are committed to protecting your privacy and being transparent about our practices.

By using the Platform, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Platform.

2. Scope

This policy applies to:

  • Visitors to our website and landing pages
  • Registered users (bakers and small bakery businesses) who create an account
  • Users who subscribe to Flours and Figures paid tiers (Starter, Pro)
  • Any personal data we process in connection with the Platform, including data stored or processed by our service providers on our behalf

It does not apply to:

  • Third-party websites or services linked from the Platform
  • Information you choose to share on invoices, quotes, or other documents you generate and send to your own customers (you are responsible for your own data handling with your customers)

3. Information We Collect

We collect information in the following ways.

3.1 Information You Provide Directly

Account and profile

  • Email address — required for account creation and authentication
  • Password — stored in hashed form by our authentication provider; we do not have access to your plain-text password
  • Business name — required at sign-up
  • Display name (optional) — used for in-app personalisation
  • Currency preference — e.g. USD, EUR, GBP, JPY, CHF; used for pricing, costs, and documents

Business and operational data (optional)

  • Contact details — mobile number, business address
  • Store logo — image you upload for use on quotes and invoices
  • Banking details — used only to display on your invoices and quotes as you configure
  • Document settings — custom footer text, payment options

Subscription and billing

When you subscribe to a paid tier, you are redirected to our payment provider. We do not store your full card number. We store: subscription tier, status, end of billing period, and identifiers that link your account to the payment provider.

Content you create in the Platform

Ingredients, recipes, products, customers, orders, invoices and quotes — all stored so you can run your baking business through the Platform.

3.2 Information Collected Automatically

Usage and analytics

We use Google Analytics (GA4) via Firebase Analytics to understand how the Platform is used (e.g. page views, feature usage). This may include device and browser type, general location (e.g. country), pages visited and time on site, and aggregate events. Analytics can be disabled via your browser settings.

Cookies and local storage

Our authentication provider may use cookies to keep you signed in. We may store preferences (e.g. sidebar state). Our analytics provider may set cookies to measure usage.

Logs and security

Our hosting providers may collect server logs (e.g. IP address, request time, URL) for security and operational purposes. We retain these only as long as necessary.

3.3 Information From Third Parties

From our payment provider we receive subscription status, plan, and billing period — not your full payment card details. From our authentication provider we receive your email and a unique user identifier when you sign up or log in.

4. Legal Basis for Processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following bases:

  • Contract — To create and manage your account, provide the Platform, and process your subscription.
  • Legitimate interests — To improve the Platform, ensure security, prevent fraud, and communicate important service-related messages.
  • Consent — Where we rely on consent (e.g. for certain non-essential cookies or marketing), you may withdraw it at any time.
  • Legal obligation — Where we must retain or disclose data to comply with applicable law.

5. How We Use Your Information

We use the information we collect to: provide the Platform; manage subscriptions; communicate with you (e.g. password reset, subscription confirmations); improve and secure the Platform; and provide support. We do not sell your personal data. We do not use your data for advertising or profiling in a way that would require additional consent, except as described in this policy or with your explicit consent.

6. Who We Share Your Information With

Service providers (processors): Firebase (Google) for authentication, Firestore, storage, and analytics; Stripe for payment processing and subscription management; hosting and infrastructure providers. We require them to protect your data and use it only for the purposes we specify.

Legal and safety: We may disclose data if required by law or when we believe disclosure is necessary to protect rights, safety, or to detect and prevent fraud or abuse.

No sale: We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

7. Data Retention

We retain your account and the data you create for as long as your account is active. If you close your account, we will delete or anonymise this data within a reasonable period, except where we must retain it for legal, tax, or dispute resolution purposes. Subscription-related data is retained as needed for the service and for legal and accounting purposes. Logs and analytics are retained according to our and our providers' retention policies. You may request deletion of your account and associated data subject to applicable law.

8. Data Security

We take reasonable technical and organisational measures to protect your personal data: passwords are hashed; access to user data is restricted and scoped by user; data in transit is encrypted (HTTPS); we use providers that support encryption at rest where available. No method of transmission or storage is 100% secure. We encourage you to use a strong password and keep your login details confidential.

9. International Transfers

Your data may be processed in countries outside your country of residence. Where we transfer data from the EEA or UK to countries not deemed to provide adequate protection, we rely on appropriate safeguards such as standard contractual clauses (SCCs). You can request more information about these safeguards by contacting us at the address in Section 14.

10. Your Rights

Depending on where you live, you may have the right to: access; rectification; erasure; restriction; portability; objection; withdraw consent; and to lodge a complaint with a supervisory authority. To exercise any of these rights, please contact us using the details in Section 14. We will respond within the time required by applicable law (e.g. one month under GDPR). You can update much of your profile and business information from within the Platform.

11. Children

The Platform is not intended for users under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on the Platform and, where required by law, notify you and/or ask for your consent. The "Last updated" and "Effective date" at the top will indicate when the policy was last revised. Continued use of the Platform after the effective date of changes constitutes acceptance of the updated policy, except where further consent is required by law.

13. Additional Information for Certain Jurisdictions

13.1 California (CCPA/CPRA)

If you are a California resident, you may have additional rights (e.g. right to know, delete, correct, limit use of sensitive personal information, non-discrimination). We do not sell or share personal information for cross-context behavioural advertising. To exercise your rights, contact us at the address in Section 14.

13.2 Other U.S. States

Other states may provide similar rights. We will honour such rights in accordance with applicable state law. Contact us to exercise them.

13.3 United Kingdom and EEA

For the UK and EEA, we process data in accordance with the UK GDPR and the EU GDPR. Our legal basis, international transfer safeguards, and your rights are set out in Sections 4, 9, and 10 above.

14. Contact Us

For any questions about this Privacy Policy, your personal data, or to exercise your rights, please contact us:

Email: info@floursnfigures.com

We will respond as required by applicable law.

Back to home