BakeSuite LogoBakeSuite Beta
Sign InGet Started

Privacy Policy

Last updated: November 2025

BakeSuite ("we", "us", or "our") operates the website www.bakesuite.com.au and provides the BakeSuite software platform (the "Service"). This Privacy Policy outlines how we collect, use, store, disclose, and protect your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Service.

1. What Personal Information We Collect

We may collect the following categories of personal information:

  • • Identity Data – first name, last name, username, title.
  • • Contact Data – billing and business address, email, phone number.
  • • Business Data – business name, ABN (if applicable), website.
  • • Financial Data – payment information (processed via third-party providers, not stored by us).
  • • Transaction Data – payment history and subscription records.
  • • Technical Data – IP address, browser type, device identifiers, log data.
  • • Profile Data – account preferences, feedback, survey responses.
  • • Usage Data – interactions with the Service and support tickets.
  • • Marketing and Communications Data – marketing preferences, opt-ins, and correspondence.
  • • Receipt Data – when using automated receipt processing features, we collect receipt images and extracted text containing supplier names, purchase dates, item descriptions, quantities, and transaction amounts.
  • • Recipe Data – when using the recipe PDF import feature, we process recipe PDF documents to extract recipe content including recipe names, ingredients, quantities, instructions, and notes.

2. How We Collect Personal Information

We collect your personal information when you:

  • • Sign up or use the BakeSuite Service
  • • Contact our support team
  • • Fill out forms or respond to surveys
  • • Interact with our website or app (including through cookies)
  • • Subscribe to newsletters or product updates

Some information is collected automatically using cookies or tracking tools (e.g., Google Analytics).

3. How We Use Your Personal Information

We use your personal information for the following purposes:

  • • To provide and maintain the BakeSuite platform
  • • To process payments and manage your subscription
  • • To send important service updates and support communications
  • • To improve our features and user experience
  • • To provide customer support and respond to inquiries
  • • To send marketing communications (with your consent)
  • • To comply with legal and regulatory requirements

Our Privacy-First Commitment

Privacy is at the core of BakeSuite. Your business data—including recipes, contacts, financial information, and receipts—is YOUR data. We treat it with the highest level of care and respect.

What We Do With Your Data:

  • Store it securely – All data is encrypted at rest and in transit using Supabase's enterprise-grade security infrastructure
  • Use it operationally – We only access your data to provide the services you requested (e.g., generating reports, processing receipts)
  • Keep it private – Your recipes, contacts, and financial data remain completely confidential within your account
  • Process support requests – When you contact support, we may access your account (with your permission) to troubleshoot issues
  • Improve the platform – We use anonymized, aggregated usage data (not your business content) to understand feature usage and improve user experience

What We Will NEVER Do:

  • Sell your data – We will never sell your information to third parties
  • Share for marketing – We will never share your business data (recipes, contacts, financials) with advertisers or marketers
  • Use your recipes – Your proprietary recipes are never used for any purpose other than providing them back to you in the application
  • Share with competitors – Your business information is never shared with other businesses or third parties
  • Mine your data – We do not analyze your proprietary recipes or business practices for competitive intelligence

Third-Party AI Processing: When you use features like receipt OCR or recipe PDF import, text content is temporarily sent to specialized AI services (LlamaParse, Google Gemini AI) solely for processing your request. These services:

  • • Process data only to fulfill the specific function (OCR text extraction, data structuring)
  • • Do not store your content long-term (cached 48 hours maximum, then deleted)
  • • Operate under their own privacy policies (linked in sections below)
  • • Are used only when you explicitly upload a receipt or recipe PDF—these features are completely optional

Your Control: You can export your data at any time, and if you delete your account, all your business data (recipes, contacts, orders, etc.) is permanently removed from our systems within 30 days, except where retention is required by law (e.g., financial records for tax compliance).

4. Third-Party Services

We work with reputable third-party providers who may process your data on our behalf:

  • • Supabase – Database and authentication services. www.supabase.com
  • • Stripe – Payment processor used for subscriptions. www.stripe.com
  • • Vercel – Website hosting and deployment. www.vercel.com
  • • Canva – Design platform integration for the Cake Design tool. www.canva.com
  • • Google Analytics – Website usage analytics (anonymized data)
  • • LlamaParse (LlamaCloud) – Receipt and recipe PDF text extraction (OCR). www.llamaindex.ai
  • • Google Gemini AI – Receipt data structuring and analysis (may be used for recipe parsing in future). ai.google.dev

These services comply with relevant data protection frameworks and process your data according to their own privacy policies.

When you use our Cake Design tool, you can import your designs into Canva to continue editing. When you choose to use this feature, certain information (such as your design content and account details) is shared with Canva in accordance with their Privacy Policy and Developer Terms. You are not required to use this integration to access other BakeSuite features.

Automated Receipt Processing

When you use our automated receipt upload and processing features, your receipt data is processed using third-party AI services:

  • • LlamaParse (LlamaCloud) – Extracts text from receipt images using optical character recognition (OCR). Receipt images are temporarily uploaded to LlamaCloud servers for processing. Data is cached for up to 48 hours and then permanently deleted. View their Privacy Policy.
  • • Google Gemini AI – Structures extracted receipt text into organized data (supplier names, items, prices, dates). Only text is sent to Gemini, not images. Receipt text may be retained by Google for up to 48 hours for abuse monitoring, and reviewed conversations may be retained for up to 3 years for quality assurance (disconnected from your account). Data may be used to improve Google's AI models. View Google's Gemini Privacy Notice.

What data is shared: Receipt images (LlamaParse) and receipt text including supplier names, addresses, purchased items, quantities, prices, dates, and payment methods (Gemini AI).

What is NOT shared: Your personal information (name, email, business name), customer data, or any information that identifies you personally.

Alternative option: You can choose to manually enter receipt information instead of using the automated processing feature if you prefer not to use these third-party AI services.

By uploading receipts for automated processing, you consent to this data being processed by these third-party services in accordance with their privacy policies.

Recipe PDF Import

When you use our Recipe PDF import feature to extract recipes from PDF documents, your recipe data is processed using third-party services:

  • • LlamaParse (LlamaCloud) – Extracts text from recipe PDF documents using optical character recognition (OCR). PDF files are temporarily uploaded to LlamaCloud servers for text extraction only. Data is cached for up to 48 hours and then permanently deleted. View their Privacy Policy.

What data is shared: Recipe content from the PDF including recipe names, ingredients, quantities, instructions, preparation methods, and notes.

What is NOT shared: Your account information, business name, existing recipes, customer data, or any information that identifies you personally.

Alternative option: You can manually enter recipes or paste recipe text instead of using PDF upload if you prefer not to use these services.

By uploading recipe PDFs for processing, you consent to this data being processed by these third-party services in accordance with their privacy policies.

5. Data Security

We take comprehensive steps to protect your personal and business information from misuse, interference, loss, unauthorised access, modification, or disclosure.

  • • Secure Infrastructure – All data is stored on Supabase's enterprise-grade PostgreSQL database hosted on AWS. Data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • • Authentication & Authorization – User authentication is handled by Supabase Auth with industry-standard security practices. Row-level security policies ensure users can only access their own data.
  • • API Security – All API endpoints require authentication. Rate limiting is implemented to prevent abuse. File uploads are validated for type and size.
  • • Access Control – Access to production systems and databases is strictly limited to authorized personnel who need it to perform their job. All access is logged and monitored.
  • • Regular Updates – We maintain up-to-date security patches and monitor for vulnerabilities in our dependencies.
  • • Data Breach Response – In the event of a data breach likely to cause serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) within required timeframes (within 72 hours of becoming aware).

While we implement strong security measures, no system is 100% secure. We encourage you to use strong passwords and enable two-factor authentication when available.

6. Data Retention

We retain your personal information only as long as necessary to fulfil the purpose for which it was collected, in compliance with the Australian Privacy Principles and relevant legal obligations.

Retention Periods:

  • • Active Account Data – Recipes, contacts, orders, and business information are retained while your account is active to provide you with continuous service.
  • • Financial Records – Transaction data, invoices, and payment history are retained for 7 years to comply with Australian tax and accounting requirements.
  • • Support Communications – Support tickets and correspondence are retained for 3 years for quality assurance and legal compliance.
  • • Usage Logs – System logs and activity logs are retained for 90 days for security monitoring and troubleshooting.
  • • Marketing Data – Marketing preferences and communications are retained until you unsubscribe or request deletion.

Account Deletion:

If you request account deletion (via support@bakesuite.com.au), we will permanently delete your business data within 30 days, including:

  • • Your recipes and proprietary formulations
  • • Contact and customer information
  • • Orders, quotes, and invoices
  • • Design files and uploaded images
  • • Personal profile information

Note: Financial transaction records required by Australian tax law may be retained for 7 years after account deletion. These records are anonymized where possible and securely archived with restricted access.

Before deleting your account, we recommend exporting your data. Account deletion is permanent and cannot be undone.

7. Cookies & Tracking

We use cookies and similar technologies to improve user experience, analyse traffic, and ensure secure login sessions. You can modify your browser settings to disable cookies, but doing so may affect your ability to use certain parts of the Service.

We also use Google Analytics to understand how users interact with our site. This information is anonymised and does not identify you personally.

8. International Data Transfers

Although BakeSuite is based in Australia, some of our third-party providers (e.g., Stripe, Supabase, LlamaParse, Google Gemini AI) may store or process data outside of Australia, including in the United States. When you use automated receipt processing or recipe PDF import features, your receipt and recipe data will be transmitted to servers located in the United States for processing.

We ensure these providers are reputable and offer adequate data protection safeguards as required by APP 8 (cross-border disclosure of personal information). These providers comply with relevant data protection frameworks including GDPR and have appropriate security measures in place.

9. Your Rights Under Australian Law

You have the right to:

  • • Request access to the personal information we hold about you
  • • Request correction of your data if inaccurate
  • • Request deletion of your data (subject to legal obligations)
  • • Withdraw consent for marketing communications
  • • Lodge a complaint with the OAIC if you believe we have mishandled your information

To exercise these rights, please contact us using the details below.

10. Age Privacy

Our Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from individuals under this age. If we become aware of such collection, we will delete the data.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes to our practices or legal obligations. We will notify users of significant updates and post the latest version on this page.

12. Contact Us

For questions, data requests, or complaints, please contact:

BakeSuite
Email: support@bakesuite.com.au

© 2025 BakeSuite. All rights reserved.