🚧 TEST MODE
Test Mode

Privacy Policy

Last updated: September 29, 2025

Our Commitment to Privacy

At Wheat Flour Bakes, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. We are committed to protecting your personal data and being transparent about what information we collect and how we use it.

Canadian Privacy Compliance: We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA). This policy describes how we handle your personal information in accordance with these laws.

Information We Collect

Personal Information You Provide

When you create an account, place an order, or subscribe to our services, we collect:

  • Name and contact information (email, phone number)
  • Billing and shipping addresses
  • Payment information (processed securely through Stripe)
  • Account credentials (username and encrypted password)
  • Order history and preferences
  • Communication preferences

Information Automatically Collected

When you visit our website, we automatically collect certain information:

  • Browser type and version
  • Device information and operating system
  • IP address and approximate location
  • Pages visited and time spent on our site
  • Referring website addresses
  • Shopping cart contents
  • Timezone information

How We Use Your Information

We use your information only for legitimate business purposes and to provide you with the best possible service. We never sell your personal information to third parties.

We use the collected information to:

  • Process and fulfill your orders
  • Manage your account and subscriptions
  • Send order confirmations and updates
  • Respond to customer service requests
  • Send marketing communications (with your consent)
  • Improve our website and services
  • Prevent fraudulent transactions
  • Comply with legal obligations

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information with:

Service Providers

  • Stripe: Secure payment processing
  • Amazon SES: Email delivery services
  • Fly.io: Website hosting and infrastructure

These providers are bound by confidentiality agreements and only process data on our behalf.

Legal Requirements

We may disclose information if required by law, court order, or to protect our rights, property, or safety of our customers.

Data Security

Our Security Measures

  • SSL/TLS encryption for all data transmission
  • Secure password hashing using bcrypt
  • PCI-compliant payment processing through Stripe
  • Regular security audits and updates
  • Limited access to personal information
  • Secure data centers with physical security controls

While we implement strong security measures, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and keep your account credentials confidential.

Your Privacy Rights

You have the right to:

Access Your Data: Request a copy of the personal information we have about you
Correct Your Data: Update or correct inaccurate information
Delete Your Data: Request deletion of your personal information
Data Portability: Receive your data in a structured, machine-readable format
Opt-Out: Unsubscribe from marketing communications at any time

To exercise these rights, please contact us using the information provided below.

Email Marketing and Anti-Spam Compliance

Our Email Practices

We comply with Canada's Anti-Spam Legislation (CASL) and the U.S. CAN-SPAM Act:

  • We only send marketing emails with your express consent (CASL requirement)
  • Every email includes an unsubscribe link
  • We honor opt-out requests within 10 business days
  • We clearly identify ourselves as the sender
  • We include our physical mailing address
  • We never use misleading subject lines
  • We maintain records of consent for CASL compliance

Types of emails we may send:

  • Transactional: Order confirmations, shipping updates, account changes (no consent required)
  • Marketing: Promotions, new products, newsletters (requires express consent)
  • Service: Important updates about our services or policies

To unsubscribe: Click the unsubscribe link in any marketing email, or contact us at [email protected]. You will continue to receive transactional emails related to your orders and account.

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Account information: As long as your account is active
  • Order history: 7 years for tax and legal purposes
  • Marketing consent records: 3 years after consent withdrawal (CASL requirement)
  • Email suppression list: Indefinitely to prevent unwanted emails
  • Payment records: As required by financial regulations

Children's Privacy

Our services are not directed to individuals under 19 years of age (the age of majority in British Columbia). We do not knowingly collect personal information from minors. If we become aware that we have collected information from someone under 19, we will delete that information immediately.

Canadian Privacy Rights

Under PIPEDA and British Columbia's PIPA, Canadian residents have the following rights:

  • Right to access your personal information
  • Right to know how your information is used and disclosed
  • Right to withdraw consent at any time (subject to legal restrictions)
  • Right to challenge the accuracy and completeness of your information
  • Right to file a complaint with the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia

To file a privacy complaint:

Privacy Commissioner of Canada: priv.gc.ca
BC Information & Privacy Commissioner: oipc.bc.ca

International Data Transfers

Your personal information is primarily stored and processed in Canada. However, some of our service providers may process data in other countries, including the United States.

Important Notice: When data is transferred outside of Canada, it may be subject to the laws of those jurisdictions, which may differ from Canadian privacy laws. We ensure all data transfers comply with PIPEDA requirements and maintain appropriate safeguards.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

Contact Information

If you have questions, concerns, or requests regarding your privacy, please contact us:

Privacy Officer
Wheat Flour Bakes
Email: [email protected]
Phone: 1-800-BAKERY-1
Address: Vancouver, BC
Canada

Back to Home Cookie Policy Terms of Service