Privacy Policy
How Superior Dough collects, uses, and protects your data.
Superior Dough ("we", "us") is a baking app operated by Coppermore LLC, a Wyoming limited liability company. This Privacy Policy explains what we collect, why, and the choices you have. If anything here is unclear, email privacy@superiordough.com.
What we collect
- Account information. Email address, display name, optional username, and the skill level, equipment, and goals you provide during onboarding.
- Profile content. Avatar image, bio, and location (city or ZIP — we display city or region only).
- Content you create. Starters, bakes, photos, formulas, notes, and comments. This is your data; we store it so you can access it across devices and back it up.
- Baker Chat messages. The questions you send to Baker Chat and the recipe, starter, and environmental context the app attaches to give the assistant something to work with. Usage counts are kept for free-tier rate limiting.
- Voice playback (Baker Voice, planned). When Baker Voice is enabled, the text we send to ElevenLabs to synthesize speech. We do not record or store your microphone input.
- Subscription state. Plan tier, billing status, Founding Baker membership flag, renewal date. Payment card numbers are never seen by us; they live with Stripe or Apple.
- Device and technical data. Approximate device model, OS version, app version. Used for diagnostics and to ship the right build to the right surface.
- Coarse location (optional). Only if you grant permission. Used to tailor weather-aware baking advice (humidity, temperature on bake day).
- Crash reports. Stack traces with personally identifying fields scrubbed. No email addresses or tokens are attached to crash events.
What we do not collect
- We do not track you across other apps, websites, or offline properties.
- We do not sell or share your personal data with advertisers.
- We do not serve third-party advertising in the app.
- We do not collect precise GPS location.
- We do not record microphone or camera input outside of explicit upload flows you initiate.
How we use your data
- To run the core features of the app — Formula Lab, the workflow engine, starter tracking, the Bake Log, Baker Chat, and The Bench community feed.
- To sync your data across the devices you sign in on.
- To enforce free-tier usage limits server-side.
- To communicate with you about your account — receipts, security notices, and material changes to these policies.
- To diagnose crashes and technical faults in aggregate.
Service providers
We use the following processors to run the app. Each is contractually bound to use your data only for the purposes we direct.
- Supabase — account authentication, database, file storage, and real-time sync. Data resides in Supabase infrastructure with row-level security enforced at the database layer.
- Stripe — subscription billing for web and Android. Card numbers, billing addresses, and tax data are held by Stripe; we receive only a customer reference and subscription state.
- Apple App Store — subscription billing for iOS. Apple holds the payment relationship; we receive only a transaction identifier and entitlement.
- Anthropic — Baker Chat is proxied through our server to Anthropic's Claude API. Your messages are sent for the duration of a response and are not retained by us afterward. See Anthropic's privacy policy for their retention.
- ElevenLabs (planned) — text-to-speech for Baker Voice. We send only the text to be spoken; no account identifier and no audio recording.
- Resend — transactional email (password reset, receipts, account-deletion confirmations). No marketing email.
- Vercel and Cloudflare — hosting and static-asset delivery.
- Mercury — business banking. Used for company finances; no end-user personal data flows to Mercury.
Photo and content storage
Photos you upload are stored in Supabase Storage. Avatars and Bench posts are publicly readable (that is the point of a community feed). Bake-log photos default to private and are only readable when you sign a share link or post them to the Bench. You can delete any photo at any time from the surface where you posted it.
Cookies and tracking
We use only essential cookies — session tokens to keep you signed in. We do not use third-party advertising, marketing-attribution, or behavioral-tracking cookies. The app uses local storage on your device to cache your settings and offline-available content.
Data security
All traffic between your device and our servers is encrypted in transit (TLS 1.2 or higher). Row-level security policies are enforced at the database layer, which means user A cannot read user B's data even if a query is malformed. API keys never reach the browser. Production data on the Supabase Pro tier benefits from point-in-time recovery (PITR) — we can restore the database to any moment in the recent past in the event of a serious bug or attack.
Data retention
Account and content data are retained for the life of your account. When you delete your account (Settings → Account → Delete Account), we immediately remove all rows linked to your account, all photos you uploaded, and all comments you posted. Active subscriptions are cancelled with your payment provider in the same flow. Some operational records (audit logs, billing receipts) are retained for the period required by law — typically seven years for tax records.
Your rights
- Access and export. You can export every piece of your data from Settings → Account → Export Data as a JSON archive.
- Correction. You can edit or remove any content you create.
- Deletion. You can permanently delete your account from Settings → Account → Delete Account. Deletion is immediate and irreversible.
- Consent withdrawal. You can revoke location, notification, and microphone permissions from your device's system settings at any time.
For EU and UK users (GDPR)
Our legal basis for processing your account and content data is contract — we need it to run the app you signed up for. Our legal basis for sending service emails is legitimate interest. You have the rights above plus the right to lodge a complaint with your local supervisory authority. Our representative for EU data subjects can be reached at privacy@superiordough.com.
For California users (CCPA and CPRA)
We do not sell or share personal information as those terms are defined under CCPA and CPRA. You have the right to know what we collect, to delete it, to correct it, and to opt out of sale (not applicable — we do not sell). To exercise any of these, email privacy@superiordough.com. We will respond within the statutory window.
Children's privacy
Superior Dough is not directed at children under 13 (or the local equivalent minimum). We do not knowingly collect data from minors below that threshold. If you believe a minor has provided us data, email privacy@superiordough.com and we will delete it.
Changes to this policy
If we make material changes to this policy, we will notify you in-app and require re-acceptance before continuing to use the service. The version and effective date above identify the active policy.
Contact
Coppermore LLC · Wyoming, USA · privacy@superiordough.com