Privacy Policy

1. What we collect

When you sign up, we hold your email address and (if you create one) a hashed password. As you use Doughflow, we store the recipes, ingredients, costs, vendor details, and receipts you enter. That’s the data the app exists to organize.

We also keep light usage logs (page views, errors) so we can tell what’s working and fix what isn’t.

If you send us a message through the contact form, we receive the name, email, and message you submit, so we can write back. That is all we use it for.

2. What we do with it

• Show your recipes and costs back to you
• Run the cost-per-gram, scaling, and margin math
• Send a small number of service emails (sign-in, password reset, beta updates)
• Improve Doughflow based on which features people actually use

We don’t sell your data. We don’t train AI models on your recipes. We don’t share it with advertisers.

3. Where it lives

Your data is stored on managed Postgres infrastructure in the United States. Receipt images are stored encrypted at rest. We use industry-standard practices to keep it safe, but no system is bulletproof. Please use a strong password and don’t reuse it elsewhere.

4. Who we share it with

We use a small number of vendors who help us run the service: hosting (Fly.io), email delivery (Resend), and an AI vendor (Anthropic) that powers the receipt-extraction feature. They only see the data they need to do their job, under their own privacy commitments.

We won’t share your data with anyone else unless we’re required to by law, and we’ll push back where we can.

5. Google Calendar

If you connect Google Calendar, we create one calendar on your account called “Doughflow Events” and keep it in sync with your events: vending hours, load-in and load-out, the venue address, and decision deadlines. We only ever touch the calendar we create; your personal calendars are never read or changed.

We ask for the narrowest permission Google offers for this (managing only app-created calendars). The access Google grants us is stored encrypted, used solely to keep your events in sync, and never sold, shared, or used for advertising or to train AI. You can disconnect any time from Settings → Calendar, which stops the sync and revokes our access.

Doughflow’s use of information received from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements.

6. Shopify

If you connect your Shopify store, we read it only to show you what actually sells against your true costs. We ask for read-only access to your products, orders, and inventory, and nothing else. We never change anything in your store.

From your orders we read the sales side: what sold, how much, when, and the order totals and fees, so we can line each sale up with your recipe costs and show real margins. We do not request or store your customers’ names, addresses, phone numbers, or email addresses. The access Shopify grants us is stored encrypted, used solely to keep your sales and catalog in sync, and never sold, shared, or used for advertising or to train AI.

You can disconnect any time from Settings → Integrations, which stops the sync. If you uninstall the app from Shopify, we disconnect automatically; and when Shopify asks us to erase a store’s data, we delete the orders, sales, product links, and connection we hold for that store.

7. Cookies and analytics

We use a single session cookie to keep you signed in, and that is the only cookie we set.

For traffic insight we use privacy-friendly, cookieless analytics (Plausible). It counts page views in aggregate, sets no cookies, collects no personal data, and never follows you across other sites or builds a profile of you. We don’t use ad trackers.

8. Your rights

You can read, edit, export, or delete your data from the app at any time. If you want everything wiped, including your account, email us and we’ll handle it within seven days.

9. How long we keep things

We keep your data while your account is active. If you delete your account, we remove your personal data within 30 days. Backups roll off after 90 days.

10. Changes to this policy

If we make a material change to how we handle your data, we’ll email you and update the “last updated” date above.

11. Get in touch

Privacy questions? Email privacy@doughflow.ai.