This policy explains what Bakify (“we,” “us”) collects, how we use and share it, and the choices you have. It applies to the Bakify website and mobile app (the “Service”). By using the Service you agree to this policy and our Terms of Service.
Information we collect
- Account & profile: name, username, email, phone (optional), age, bio, profile photo, whether you sell on Bakify, and your acceptance of our terms.
- Location:the city you set on your profile (with its coordinates), precise device location if you choose “use my location” or enable nearby browsing, and pickup/meetup locations attached to orders and delivery windows. Location powers distance filtering and meetup coordination.
- Listings & orders: products, photos, prices, drops, order details, customization notes, cancellations, refunds, and disputes.
- Payments: processed by Stripe. We store order amounts, payment status, and Stripe identifiers — we never see or store full card numbers. Sellers onboarding to payouts provide information directly to Stripe under Stripe's own privacy policy and Connected Account Agreement.
- Verification documents (sellers): if you apply for verification, your ID document and/or food-handler certificate are stored in a private storage bucket, accessible only to authorized reviewers through short-lived signed links.
- Content you post: reviews, review photos, seller replies, taste rankings, saved treats, follows, and reports you file.
- Device & usage: push-notification tokens, device platform, app interactions, log and error data (via Sentry), and approximate technical metadata (IP, browser) collected by our hosting providers.
How we use information
- Operate the marketplace: listings, orders, payments, payouts, drops, notifications, and reminders;
- Show relevant nearby content (distance filtering, leaderboards, rails);
- Trust & safety: verification, fraud prevention, moderation, enforcing our Terms, and complying with law;
- Communications: transactional emails and push notifications about your orders and drops (marketing, if ever sent, will be opt-out);
- Improve and debug the Service (aggregate analytics, error monitoring).
What other users can see
Your marketplace presence is public by design: name, username, profile photo, bio, city and approximate distance, seller status, ratings and reviews (including your review photos and replies), listings, and drops. Your email and phone number are not publicly readable. When you are party to an order, your counterparty (and only them) can request your contact details to coordinate pickup. Taste rankings are shown only in aggregate (leaderboards) — your personal ranked list is visible only to you.
Who we share information with
- Service providers: Supabase (database, auth, storage), Stripe (payments, payouts, identity for sellers), Resend (transactional email), Expo (push notifications), Sentry (error monitoring), and Vercel (web hosting). Each receives only what it needs to perform its function.
- Other users: as described above.
- Legal & safety: when required by law, subpoena, or to protect the rights, safety, or property of users, the public, or Bakify (including health authorities investigating a foodborne-illness report).
- Business transfers:in a merger, acquisition, or asset sale, information may transfer with the business under this policy's protections.
- We do not sell your personal information and we do not share it with third parties for their own advertising.
Retention & deletion
We keep information while your account is active. You can delete your account in-app (Profile → Delete Account), which removes or de-identifies your profile. We retain what we must: order and payment records (tax, accounting, dispute, and fraud purposes), safety reports, and content already embedded in other users' transaction history (e.g., a review on a completed order), for as long as legally required or reasonably necessary. Push tokens are deleted on sign-out and pruned automatically when a device stops responding.
Security
We use industry-standard measures: encrypted connections (TLS), row-level security on every database table, column-level restrictions on sensitive fields, private storage buckets with short-lived signed URLs for documents, server-side payment verification, webhook signature checks, and least-privilege access keys. No system is perfectly secure — if we learn of a breach affecting your data we will notify you as required by law.
Your choices & rights
- Access & correction: view and edit your profile in-app; contact us for a copy of your data.
- Deletion: delete your account in-app, or contact us.
- Push notifications: controlled in your device settings.
- Location: you can decline device-location permissions and set your city manually.
- Depending on where you live (e.g., California, Virginia, the EU/UK), you may have additional rights — access, portability, correction, deletion, and non-discrimination. Contact us to exercise them; we will verify your identity first. We do not sell or “share” personal information as defined by the CCPA.
Children
The Service is for adults 18 and older. We do not knowingly collect information from anyone under 18; if we learn we have, we will delete it.
Changes & contact
We may update this policy; material changes will be posted here with a new date, and significant changes will be communicated in-app or by email. Questions or privacy requests: contact Bakify support at the email address published in the app.
Strong baseline, not legal advice — have counsel confirm state-specific disclosures (CCPA/CPRA notices at collection, GDPR representative if you ever serve the EU) before scale.