Privacy Policy
Last updated: May 23, 2026
1. Introduction
Ovendrop LLC ("Ovendrop," "we," "us") operates the Ovendrop marketplace at ovendrop.com. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding your data.
By using Ovendrop, you consent to the data practices described in this policy. If you do not agree, please do not use the Platform.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, and password when you create an account.
- Baker profile information: Business name, city, state, bio, profile photo, and Minnesota MDA registration number (if applicable).
- Order information: Pickup details, order notes, and purchase history.
- Payment information: Payment details are collected and processed directly by Stripe. Ovendrop does not receive or store your full credit card number, CVV, or bank account details.
- Baker financial information: Identity verification and banking information for payouts is collected and processed directly by Stripe Connect. Ovendrop does not store this data.
- Content you create: Product listings, product images, profile photos, reviews, ratings, and messages sent through the Platform.
- Communications: Messages you send to other users through in-platform messaging, and any emails or support requests you send to us.
- Waitlist information: Email address, state, and interest type (buyer, seller, or both) if you join our waitlist.
2.2 Information Collected Automatically
- IP address: Collected from standard request headers for abuse prevention, rate limiting, and security logging. Not used to identify you across sites or shared with third-party trackers.
- Device and browser information: Browser type, operating system, and device type, collected through standard HTTP headers.
- Usage data: Pages visited, features used, and timestamps of activity.
2.3 Information We Do Not Collect
We do not knowingly collect personal information from children under 13. We do not collect biometric data, social security numbers, or government IDs (Stripe may collect identity verification documents directly as part of Baker onboarding — see Stripe's privacy policy for details).
3. How We Use Your Information
We use your personal information to:
- Create and manage your account
- Process orders and facilitate transactions between Buyers and Bakers
- Display Baker storefronts and product listings to potential Buyers
- Send transactional emails (order confirmations, pickup notifications, order status updates)
- Facilitate communication between Buyers and Bakers via in-platform messaging
- Process Baker payouts through Stripe Connect
- Display reviews and ratings on product and Baker pages
- Detect and prevent fraud, abuse, and violations of our Terms of Service
- Improve and maintain the Platform
- Respond to your support requests and communications
We limit data collection to what is adequate, relevant, and reasonably necessary for the purposes described above.
4. How We Share Your Information
4.1 With Other Users
- Baker information visible to Buyers: Business name, city, state, bio, profile photo, product listings, and review ratings are displayed publicly on Baker storefronts.
- Buyer information visible to Bakers: When a Buyer places an order, the Baker receives the Buyer's name and any order notes.
- Reviews: Your first name and review content (rating and comment) are displayed publicly on the Platform.
4.2 With Third-Party Service Providers
We share data with the following service providers who process information on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication | Email, password (hashed), account metadata |
| Stripe | Payment processing, Baker payouts | Payment details, name, email, identity verification (Bakers) |
| Cloudflare R2 | Image storage and delivery | Uploaded images (product photos, profile photos) |
| Resend | Transactional email delivery | Email address, name, order details |
4.3 We Do Not Sell Your Data
Ovendrop does not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not use your data for targeted advertising.
4.4 Legal Requirements
We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of Ovendrop, our users, or the public.
5. SMS Notifications
Ovendrop offers optional SMS (text message) notifications for transactional account activity. These are opt-in only — we never send SMS unless you affirmatively consent by checking the SMS consent box during account signup or by enabling the preference in your account.
5.1 Information We Collect for SMS
When you opt in to SMS, we collect and store: your mobile phone number, the timestamp of your initial opt-in (for carrier- compliance recordkeeping), and your current consent status. We do not collect SMS content from outside Ovendrop or import phone numbers from third parties.
5.2 How We Use SMS
SMS is used exclusively for transactional notifications related to your orders, including: order confirmations, pickup notifications, and order status updates. We do not send marketing, promotional, or advertising messages by SMS.
5.3 Sharing SMS Data
Your mobile phone number and consent record are shared only with our SMS delivery provider for the purpose of sending the messages you have consented to receive. We do not sell, rent, lease, share, or otherwise disclose your mobile phone number or SMS opt-in information to third parties or affiliates for their own marketing or promotional purposes. This restriction applies even if you later opt out.
5.4 Frequency, Cost, and Carrier Disclaimer
Message frequency varies based on your account activity. Message and data rates may apply depending on your mobile carrier and plan. Mobile carriers are not liable for delayed or undelivered messages.
5.5 Opting Out
You can opt out of SMS at any time by replying STOP to any Ovendrop text message. Reply HELP for assistance. You may also revoke consent in your account settings or by emailing [email protected]. Opting out of SMS does not affect transactional email notifications.
6. Cookies and Tracking
Ovendrop uses essential cookies required for authentication and Platform functionality. We use Firebase Authentication, which may set session cookies to maintain your logged-in state.
We do not use third-party advertising cookies or cross-site tracking technologies. We do not participate in ad networks or sell data to advertisers.
7. Data Retention
- Account data: Retained while your account is active and for a reasonable period after deletion to comply with legal obligations.
- Order data: Retained for at least 7 years for tax and legal compliance purposes.
- Messages: Retained while both parties' accounts are active.
- Reviews: Retained as long as the associated Baker profile remains active, even if the reviewer's account is deleted (reviews will be anonymized).
- Payment records: Retained by Stripe in accordance with their data retention policy and applicable financial regulations.
8. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including:
- All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
- Passwords are hashed and managed by Firebase Authentication
- Payment data is handled by Stripe, which is PCI DSS Level 1 certified
- Database access is restricted and authenticated
- API endpoints require authentication tokens for access to personal data
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
9. Your Rights
Depending on your state of residence, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct inaccurate personal information.
- Deletion: Request that we delete your personal information, subject to legal retention requirements.
- Portability: Request your data in a structured, commonly used format.
- Opt-out: Opt out of the sale of personal information (Ovendrop does not sell personal information, but you may still exercise this right).
To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 45 days.
10. State-Specific Disclosures
10.1 Minnesota Consumer Data Privacy Act (MNCDPA)
If you are a Minnesota resident, you have the right to: access your data, correct inaccuracies, delete your data, obtain a portable copy, and opt out of data sales or targeted advertising. Ovendrop does not sell personal data or use it for targeted advertising. To exercise your rights, contact [email protected].
10.2 California Consumer Privacy Act (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. Ovendrop does not sell personal information. For requests, contact [email protected].
Categories of personal information collected in the past 12 months: Identifiers (name, email, IP address), commercial information (order history), internet activity (usage data), and geolocation data (state-level, derived from IP).
11. Children's Privacy
Ovendrop is for adults. You must be 18 or older to create an account, and we ask every user to confirm their age at signup. We are not directed at children, and we do not knowingly collect personal information from anyone under 18. This is stricter than the federal COPPA standard (which addresses children under 13) because every order on Ovendrop involves real-money payment, real names and addresses, and direct in-person handoff between a buyer and a baker — all activities that require adult capacity to consent.
If we learn that we have collected information from someone under 18, we will promptly delete it. If you believe a minor has provided us with personal information, please contact us at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent notice on the Platform at least 30 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.
13. Contact Us
For questions or concerns about this Privacy Policy or our data practices, contact us at:
Ovendrop LLC
Email: [email protected]
See also: Terms of Service