Privacy Policy

Last Updated: April 28, 2026

01. Introduction

Welcome to FLOURish ("we," "our," or "us"). We respect your privacy and are committed to protecting the personal information of our users (bakery owners, managers, and staff). This Privacy Policy explains how we collect, use, and safeguard your data when you use our web application.

02. Information We Collect

  • Account Information: We collect business names, owner names, and email addresses upon registration.
  • Staff Information: When owners create accounts for their staff, we collect the staff member's name, email address, and assigned role to enforce appropriate access levels.
  • Payment Information: We use **Stripe** to securely process subscription payments. We do not store full credit card numbers on our servers; we only store billing status, plan types, and Stripe customer reference IDs.
  • Operational Data: We host data related to your business operations, including inventory logs, secret recipes, custom orders, and sales margins.

03. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the FLOURish platform.
  • Authenticate users and enforce role-based access control.
  • Process subscription billing, upgrades, and prorations via Stripe.
  • Communicate regarding account updates, security alerts, and technical support.

04. Data Security and Isolation

Multi-Tenant Integrity

FLOURish utilizes a multi-tenant architecture with Row-Level Security (RLS). This ensures that your business's inventory, sales, and recipe data are logically isolated at the database level and cannot be accessed by other tenants on the platform.

05. Cookies and Authentication

We use essential cookies and encrypted session tokens solely for the purpose of keeping you logged in and maintaining your session security. We do not use tracking or advertising cookies.

06. Third-Party Services

We share necessary information with trusted third-party service providers solely to operate our software, including:

  • Stripe: For payment processing and subscription management.
  • Infrastructure Providers: For secure hosting and database management within isolated server environments.

07. Data Retention

We retain your data for as long as your account is active. Upon subscription termination, we follow our Data Portability protocol as outlined in our Terms of Service, after which tenant data is purged from our active databases.

08. Contact Information

If you have questions regarding this Privacy Policy or your data, please contact us at support@knead.name.