Privacy Policy

How we protect your data in The Baker mobile app.

Effective Date: 2026-04-17

1. Introduction

"The Baker" ("we," "our," or "us") values your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our mobile application on iOS and Android.

2. Information Collection & Use

2.1. Personal Information

When you create an account or sign in via Google or Apple Sign-in, we collect limited personal information to provide authentication and synchronization services:

  • Email Address: To identify your account and send service-related emails (verification, password resets).
  • Display Name & Photo: Optional profile information used to personalize your experience within the app.

2.2. Synchronization Data & Cloud Sync (PRO Users)

If you are a PRO user, we use Cloud Sync to synchronize your custom recipes and settings with our secure backend (Firebase) to allow multi-device access.

2.3. Sharing Features

When you use the sharing feature, the application generates a "Recipe Card" image locally on your device containing the recipe title and app branding. This image and its associated text are shared directly via your device's native sharing capabilities. No recipe content or personal data is transmitted to or stored in a public collection on our servers for the purpose of sharing.

2.4. Local Data

For non-synchronized features and anonymous users, data such as built-in recipes, timers, and local settings are stored only on your device.

2.5. Security & Abuse Prevention

To protect our services and your data from unauthorized access and abuse, we use Firebase App Check along with platform-specific attestation providers (Google Play Integrity API on Android and App Attest/DeviceCheck on iOS). These services help verify that requests originate from our authentic app and a certified, untampered device.

  • Data Processed: Technical device identifiers and attestation results.
  • Purpose: Security, fraud prevention, and ensuring a safe environment for all users.

3. Data Deletion (GDPR Compliance)

We provide a transparent and permanent data deletion process. You can request the deletion of your account and all associated data via Settings → Privacy → Delete Account.

Upon deletion:

  1. Authentication: Your account record is permanently removed from our identity systems.
  2. Cloud Purge: A secure, automated process (Cloud Function) immediately and recursively purges all user-associated data from our databases, including your profile, private recipe collections, and purchase receipts.
  3. Local Wipe: The application performs a "nuclear reset," wiping all local caches, settings, and secure storage from your device before signing you out.
  4. Irreversibility: This action is irreversible and ensures a full "right to be forgotten" under GDPR standards. Irreversibility is enforced to protect user privacy.

4. Third-Party Services

We use Firebase (Google) for:

  • Authentication: Secure sign-in (Google/Apple).
  • Firestore: Data synchronization and storage.
  • Crashlytics: Anonymous crash reporting (can be disabled in Settings).
  • Performance Monitoring: Anonymous diagnostics (can be disabled in Settings).

5. Children’s Privacy

Our app does not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13.

6. Contact Us

For privacy-related inquiries:
support@indiedesert.com