Privacy Policy

• Order details: name, contact number, email, delivery or pickup address, order items, allergy/dietary notes, and payment confirmation references.
• Enquiries & chat messages: the contents of messages you send us via the contact form, chat widget, SMS or social DMs.
• Subscriber details: the email address (and optional name) you give when subscribing to "Fresh Out the Oven" updates.
• Account information (if you create one): email address and an encrypted password handled by our authentication provider.
• Basic technical data: standard server logs (IP address, browser type, pages visited) used to keep the site secure and working.

• To bake, confirm, schedule and deliver your order.
• To respond to enquiries and provide customer support.
• To send order updates and, if you have subscribed, occasional bakery news.
• To keep records required for tax, food-safety and accounting purposes.
• To protect the site against fraud and abuse.

We do not sell your personal information, and we do not use it for advertising profiling.

Payments are made by direct bank transfer or via third-party payment processors. We do not see or store your full card or banking credentials — only a reference confirming the payment.

We only share what is necessary, with providers that help us run the bakery:

• Our hosting, database and email-delivery providers.
• Couriers or delivery drivers (name, address, contact number only).
• Our accountant and, where required, government authorities.

These providers may store data outside Australia. We choose reputable providers with appropriate security and privacy commitments.

• Order & transaction records: kept for at least 7 years to meet Australian tax and record-keeping obligations.
• Chat messages & enquiries: kept for up to 24 months after the last interaction, then deleted or anonymised.
• Subscriber lists: kept until you unsubscribe; you can unsubscribe at any time via the link in any email or at /unsubscribe.
• Account data: kept while your account is active; deleted on request (subject to records we must keep by law).
• Server logs: typically rotated within 90 days.

Information is stored in access-controlled databases with row-level security and encryption in transit. No system is perfectly secure, but we take reasonable steps to protect your information against misuse, loss and unauthorised access.

We use a small number of strictly-necessary cookies and local storage entries to keep you signed in, remember your cart, and run the site. We do not use advertising or cross-site tracking cookies.

You can ask us to access, correct or delete the personal information we hold about you, or to stop sending you marketing. To do so, contact us using the details below. We will respond within a reasonable time, and in any event within 30 days.

For privacy questions or requests, email us via the contact page or text 0425 347 037. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner at oaic.gov.au.

We may update this policy from time to time. The "Updated" date at the top of this page reflects the most recent revision.