Privacy Policy
Version 1.1, Effective April 2, 2026
1. Who We Are
CakeLedger is operated by The Ledger Pulse Inc., an Alberta, Canada corporation.
The Ledger Pulse Inc. ("Company," "we," "us"), an Alberta corporation, is the data controller for personal data collected through the CakeLedger application ("Service"). The Company has designated a Privacy Officer who is accountable for compliance with this policy. For privacy inquiries, contact: privacy@cakeledger.com.
2. What We Collect
We collect information you provide (name, email, business details, recipes, orders) and technical data about your use of the Service.
2.1 Account Data
Name, email address, city, business name, and currency preference.
2.2 Baking Data
Ingredients, purchase entries, recipes, products, orders, customer details, labour entries, equipment records, and tax lines.
2.3 Financial Data
Subscription tier, billing status, and payment history (processed by our payment provider; we never see or store your full card numbers).
2.4 Usage Data
Pages visited, features used, session duration, device type, browser, operating system, and IP address.
2.5 Community Data
If you opt in to community data sharing: ingredient prices, product prices, product attributes (such as size, shape, and flavour), store names, recipe compositions, postal code area, and city.
2.6 AI-Processed Data
If you use AI-powered features, certain data may be sent to external service providers for processing. This may include ingredient names and costs, recipe compositions, product descriptions, order details, and business name. This data is processed solely to provide the requested feature. We do not permit our AI service providers to use your data to train their models.
2.7 Image and Media Data
Photos you upload (order photos, receipts), AI-generated images, and invoice documents. Images are optimized and stored on our database infrastructure in the United States. Images are retained for the duration of your account and deleted when you delete the associated record or your account.
2.8 Referral Data
If you participate in the referral program: your name, email address, and business name are shared with the person you invite via the referral invitation. A tracking identifier is stored for up to 7 days to attribute the referral.
3. Why We Collect It
We use your data to operate the Service, process payments, and improve the product. Data use is limited to the purposes listed below.
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Provide the Service | Contract performance | Account, Baking, Usage |
| Process payments | Contract performance | Financial |
| Improve the product | Legitimate interest | Usage (aggregated) |
| Community insights | Consent | Community (anonymized) |
| Send transactional emails | Contract performance | Account (email) |
| Marketing emails | Consent | Account (email) |
| Legal compliance | Legal obligation | As required |
4. Who Sees Your Data
Only you see your baking data. Our infrastructure providers process it to keep the app running. We never sell your data.
4.1 Infrastructure Providers
Your data is processed by third-party infrastructure providers for database hosting, application hosting, payment processing, email delivery, and, where applicable, AI-powered features. Each provider acts as a data processor under contractual obligations to protect your data.
4.2 No Sale of Data
We do not sell, rent, or trade your personal data to any third party. Any material change to this position would constitute a material change to this Privacy Policy and would be subject to the notice and consent provisions described in Section 12.
4.3 Community Pool
If you opt in to community data sharing, anonymized data (ingredient prices, product prices, city) is contributed to a shared pool used to generate community insights. Your identity is never attached to community data. See Section 8 for full details.
4.4 Law Enforcement
We will only disclose your data to law enforcement or government authorities when required by valid legal process (court order, subpoena, or equivalent legal instrument). We will notify you of such requests unless legally prohibited from doing so.
4.5 Business Transfer
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. The successor entity will be bound by the terms of this Privacy Policy with respect to data collected prior to the transfer. We will use commercially reasonable efforts to notify you via email or in-app notification of any such transfer.
4.6 Data Processing Agreement
If you require a Data Processing Agreement for regulatory compliance purposes, contact privacy@cakeledger.com.
5. Cross-Border Data Transfers
Your data is stored on servers in the United States. If you are outside the US, your data crosses borders. We use standard legal protections.
Your data is primarily stored and processed in the United States. If you access the Service from outside the United States, your data will be transferred across international borders. We protect cross-border transfers using the following mechanisms: Standard Contractual Clauses (SCCs) for transfers from the EU/EEA/UK, transfer mechanisms as permitted under Canada's PIPEDA, and contractual protections with all infrastructure providers.
6. Your Rights
You may access, export, correct, or delete your data. Your specific rights depend on your jurisdiction.
6.1 All Users
Regardless of your location, you have the right to: access your data, export your data in a structured, commonly used, machine-readable format, correct inaccurate data, delete your account and associated data, and withdraw consent for optional processing.
6.2 EU/EEA/UK Users (GDPR)
Additional rights include: restriction of processing, data portability in machine-readable format, right to object to processing based on legitimate interest, and the right to lodge a complaint with your supervisory authority.
6.3 California Users (CCPA/CPRA)
Additional rights include: right to know what data is collected and how it is used, right to delete, right to opt out of sale of personal information (we do not sell data), and right to non-discrimination for exercising your rights.
6.4 Canadian Users (PIPEDA)
Additional rights include: right to access your personal information, right to challenge the accuracy of your information, and right to withdraw consent for collection, use, or disclosure.
6.5 Nigerian Users (NDPA)
Additional rights include: right to access, right to rectification, right to deletion, and right to data portability.
6.6 Response Time
We will respond to data rights requests within 30 days. Complex requests may require an additional 30 days, in which case we will notify you of the extension and the reason.
6.7 How to Exercise Your Rights
You can exercise your rights by emailing privacy@cakeledger.com. Account deletion requests should be directed to support@cakeledger.com and will be processed within thirty (30) days.
7. Data Retention
Your data is retained for the duration of your account. Upon account deletion, production data is deleted within 30 days. Backups are purged within 90 days.
Active accounts: Data is retained for the duration of your account.
Deleted accounts: Production data is deleted within 30 days of account deletion. Database backups containing your data are purged within 90 days.
Community pool: If you opted in, your individual data rows are deleted upon opt-out or account deletion within 30 days. Aggregate statistics that have already been computed from your data may persist, as they cannot be individually disaggregated.
Payment records: Retained for 7 years as required by Canadian tax law.
Legal hold: Data may be retained beyond standard periods if required by legal proceedings, regulatory investigations, or valid legal process.
7A. Data Breach Notification
If a data breach affects your personal data, we will notify you without undue delay.
In the event of a data breach affecting your personal data, the Company will notify affected users without undue delay and, where required by applicable law, within the time periods mandated by such law. Notification will be provided via email and in-app notification and will include: the nature of the breach, the categories of data affected, the measures taken in response, and contact information for further inquiries.
8. Community Data Sharing
Community data sharing is separate and optional. Participation requires explicit consent and may be withdrawn at any time.
8.1 Separate Consent
Community data sharing requires separate, explicit consent. It is not included in the general Terms of Service acceptance. You will be prompted to opt in with a clear explanation of what is shared and what is not.
8.2 What Is Shared
Ingredient prices (per unit), product prices (per product type), product attributes (such as size, shape, and flavour), store names, your postal code area, and city (for regional comparisons).
8.3 What Is Never Shared
Your name, email, business name, customer information, effective hourly rate, labour hours, total costs, revenue, order volume, profit margins, profit amounts, or physical address are never included in community data.
8.4 Anonymity
Community data is pooled and anonymized. Minimum thresholds apply before data is surfaced: at least 5 products and 3 ingredients must be contributed by different users in a category before any community insights are displayed.
8.5 Opt-Out
You can opt out at any time through Settings. Your individual data rows will be removed from the community pool within 30 days. Aggregate statistics already computed may persist.
8.6 Backfill on Opt-In
When you opt in, eligible historical data (ingredient prices, product prices, city) may be contributed to the community pool retroactively. You will be informed of this at the time of opt-in.
9. Cookies
Essential cookies are required for authentication. Analytics and marketing cookies are off by default. You control which optional cookies are enabled.
| Category | Default | Purpose |
|---|---|---|
| Essential | Always on | Authentication, session management, security |
| Analytics | Off (opt-in) | Understanding usage patterns to improve the product |
| Marketing | Off (opt-in) | Measuring effectiveness of outreach |
You may change your cookie preferences at any time through the Legal & Privacy section in Settings within the app.
10. Email Communications
We send transactional emails related to your account (password resets, billing). Marketing emails are sent only with your consent and may be unsubscribed from at any time.
10.1 Transactional Emails
We send emails necessary for the operation of the Service, including password resets, billing confirmations, account security alerts, and service announcements. These do not require marketing consent and cannot be unsubscribed from while your account is active.
10.2 Marketing Emails
Marketing emails (tips, feature announcements, promotions) are only sent if you opt in. We comply with CASL (Canada), GDPR (EU/UK), and CAN-SPAM (US) requirements. Every marketing email includes a one-click unsubscribe link. Unsubscribe requests are processed within 10 business days.
11. Children
CakeLedger is for people 18 and older. We do not knowingly collect data from anyone under 18.
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a person under 18, we will delete that data promptly. If you believe a minor has provided us with personal data, please contact privacy@cakeledger.com.
12. Changes to Privacy Policy
If we change this policy, we will notify you and post the updated version.
We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' notice via in-app notification and email. The current version of this policy, with its effective date, is always available at /legal/privacy. Non-material changes (formatting, clarifications) take effect immediately upon posting.