Privacy Policy
Last updated: April 14, 2026
1. Introduction
Ovendrop LLC ("Ovendrop," "we," "us") operates the Ovendrop marketplace at ovendrop.com. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding your data.
By using Ovendrop, you consent to the data practices described in this policy. If you do not agree, please do not use the Platform.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, and password when you create an account.
- Baker profile information: Business name, city, state, bio, profile photo, and Minnesota MDA registration number (if applicable).
- Order information: Pickup details, order notes, and purchase history.
- Payment information: Payment details are collected and processed directly by Stripe. Ovendrop does not receive or store your full credit card number, CVV, or bank account details.
- Baker financial information: Identity verification and banking information for payouts is collected and processed directly by Stripe Connect. Ovendrop does not store this data.
- Content you create: Product listings, product images, profile photos, reviews, ratings, and messages sent through the Platform.
- Communications: Messages you send to other users through in-platform messaging, and any emails or support requests you send to us.
- Waitlist information: Email address, state, and interest type (buyer, seller, or both) if you join our waitlist.
2.2 Information Collected Automatically
- IP address: Used for geolocation to determine your state and show relevant products and bakers. We use geoip-lite, which performs IP lookups locally without sending your IP to a third party.
- Device and browser information: Browser type, operating system, and device type, collected through standard HTTP headers.
- Usage data: Pages visited, features used, and timestamps of activity.
2.3 Information We Do Not Collect
We do not knowingly collect personal information from children under 13. We do not collect biometric data, social security numbers, or government IDs (Stripe may collect identity verification documents directly as part of Baker onboarding — see Stripe's privacy policy for details).
3. How We Use Your Information
We use your personal information to:
- Create and manage your account
- Process orders and facilitate transactions between Buyers and Bakers
- Display Baker storefronts and product listings to potential Buyers
- Determine your state for geographic content relevance
- Send transactional emails (order confirmations, pickup notifications, order status updates)
- Facilitate communication between Buyers and Bakers via in-platform messaging
- Process Baker payouts through Stripe Connect
- Display reviews and ratings on product and Baker pages
- Detect and prevent fraud, abuse, and violations of our Terms of Service
- Improve and maintain the Platform
- Respond to your support requests and communications
We limit data collection to what is adequate, relevant, and reasonably necessary for the purposes described above.
4. How We Share Your Information
4.1 With Other Users
- Baker information visible to Buyers: Business name, city, state, bio, profile photo, product listings, and review ratings are displayed publicly on Baker storefronts.
- Buyer information visible to Bakers: When a Buyer places an order, the Baker receives the Buyer's name and any order notes.
- Reviews: Your first name and review content (rating and comment) are displayed publicly on the Platform.
4.2 With Third-Party Service Providers
We share data with the following service providers who process information on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication | Email, password (hashed), account metadata |
| Stripe | Payment processing, Baker payouts | Payment details, name, email, identity verification (Bakers) |
| Cloudflare R2 | Image storage and delivery | Uploaded images (product photos, profile photos) |
| Resend | Transactional email delivery | Email address, name, order details |
4.3 We Do Not Sell Your Data
Ovendrop does not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not use your data for targeted advertising.
4.4 Legal Requirements
We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of Ovendrop, our users, or the public.
5. Cookies and Tracking
Ovendrop uses essential cookies required for authentication and Platform functionality. We use Firebase Authentication, which may set session cookies to maintain your logged-in state.
We do not use third-party advertising cookies or cross-site tracking technologies. We do not participate in ad networks or sell data to advertisers.
6. Data Retention
- Account data: Retained while your account is active and for a reasonable period after deletion to comply with legal obligations.
- Order data: Retained for at least 7 years for tax and legal compliance purposes.
- Messages: Retained while both parties' accounts are active.
- Reviews: Retained as long as the associated Baker profile remains active, even if the reviewer's account is deleted (reviews will be anonymized).
- Payment records: Retained by Stripe in accordance with their data retention policy and applicable financial regulations.
7. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including:
- All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
- Passwords are hashed and managed by Firebase Authentication
- Payment data is handled by Stripe, which is PCI DSS Level 1 certified
- Database access is restricted and authenticated
- API endpoints require authentication tokens for access to personal data
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
8. Your Rights
Depending on your state of residence, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct inaccurate personal information.
- Deletion: Request that we delete your personal information, subject to legal retention requirements.
- Portability: Request your data in a structured, commonly used format.
- Opt-out: Opt out of the sale of personal information (Ovendrop does not sell personal information, but you may still exercise this right).
To exercise any of these rights, contact us at privacy@ovendrop.com. We will respond to verified requests within 45 days.
9. State-Specific Disclosures
9.1 Minnesota Consumer Data Privacy Act (MNCDPA)
If you are a Minnesota resident, you have the right to: access your data, correct inaccuracies, delete your data, obtain a portable copy, and opt out of data sales or targeted advertising. Ovendrop does not sell personal data or use it for targeted advertising. To exercise your rights, contact privacy@ovendrop.com.
9.2 California Consumer Privacy Act (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. Ovendrop does not sell personal information. For requests, contact privacy@ovendrop.com.
Categories of personal information collected in the past 12 months: Identifiers (name, email, IP address), commercial information (order history), internet activity (usage data), and geolocation data (state-level, derived from IP).
10. Children's Privacy
Ovendrop is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete it. If you believe a child under 13 has provided us with personal information, please contact us at privacy@ovendrop.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent notice on the Platform at least 30 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact Us
For questions or concerns about this Privacy Policy or our data practices, contact us at:
Ovendrop LLC
Email: privacy@ovendrop.com
See also: Terms of Service