CakeFriend.co Privacy Notice

Last updated: April 15, 2024

I. Introduction

In this notice, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data. We never sell your data.

This notice applies to users of CakeFriend’s apps, websites, and other services globally, including customers, site visitors, cakeshops, delivery providers.

This Privacy Notice is effective as of 2024-04-15 and will remain in effect except concerning any changes in its provisions in the future, which will be in effect immediately after being posted on this page. We reserve the right to update or change our Privacy Notice at any time and you should check this Privacy Notice periodically.

Our privacy practices are subject to applicable laws in the places in which we operate.

II. Data collections

Our guiding principle is to collect only what we need. Here’s what that means in practice:

1. 1. Data provided by users. This includes:
   1. 1.1. Account information: We collect data when users create or update their CakeFriend accounts. This includes email address and name. For Cakeshops, this also includes store name, name of representative, role of the representative, address of cakeshop, phone number, email address, GST tax number, bank wire transfer details, Interac E-transfer details, relevant and official certificate or license to approve the cakeshop is eligible to run their business.
   2. 1.2. User content: We collect data (including chat logs and call recordings) when users contact Cakefriend customer support, provide ratings, feedback and surveys, use features that enable users to upload content, or otherwise contact CakeFriend.
   
   
2. 2. Data created during use of our services. This includes:
   1. 2.1. Transaction information: We collect transaction information related to the use of our services, including the type of services requested or provided, personal data (such as first and last name, email address, phone number, address), order details (such as date and time, requested pickup and delivery addresses, items ordered), and payment transaction information (such as a cakeshop’s name and location, amount charged, and payment method).
   2. 2.2. Usage data: We collect data about how users interact with our services. This includes access dates and times, app features or pages viewed, browser type, and app crashes and other system activity.
   3. 2.3. Device data: We collect data about the devices used to access our services, including the hardware models, device IP address or other unique device identifiers, operating systems and versions, software, preferred languages, advertising identifiers, device motion data, and mobile network data.
   4. 2.4. Communications data: We collect data regarding communications between users that are enabled through CakeFriend’s apps. This includes communication type (phone, text or in-app message), date/time, and content (including recordings of phone calls solely when users are notified of the recording in advance).
   
   
3. 3. Data from other sources. These include:
   1. 3.1 users participating in our referral programs. For example, when a user refers another person, we receive the referred person’s data from that user.
   2. 3.2. users or others providing information in connection with claims or disputes.
   3. 3.3. service providers who help us verify users’ identity, detect fraud, and screen users in connection with sanctions, anti-money laundering, or know-your-customer requirements.
   4. 3.4. partner transportation companies.
   5. 3.5. publicly available sources.
   6. 3.6. marketing partners and service providers.
   7. 3.7. law enforcement officials, public health officials, and other government authorities.

III. How we use data

CakeFriend uses data to enable reliable and convenient custom cake design and order, and other products and services. We also use data:

1. a. for customer support
2. b. for research and development
3. c. for marketing and advertising
4. d. to send non-marketing communications to users
5. e. in connection with legal proceedings

CakeFriend uses the data we collect:

1. 1. To provide our services. CakeFriend uses data to provide, personalize, maintain, and improve our services.
   1. This includes using data to:
   
   
   2. 1.1. create/ update accounts.
   3. 1.2. create order by handling the orders to the partnered Cakeshops
   4. 1.3. enable delivery and other services/features by CakeFriend or a third party delivery facilitator
   5. 1.4. calculating prices, including tax jurisdictional details, measure the distance between the cakeshop and the delivery address by a third party provider
   6. 1.5. process payments, and enable payment via payment processors
   7. 1.6. personalize users’ accounts. For example, we may present order recipients with personalized Cakeshops based on their prior orders and delivery location.
   8. 1.7. provide users order updates, generate receipts, and inform them of changes to our terms, services, or policies.
   9. 1.8. perform necessary operations to maintain our services, including to troubleshoot software bugs and operational problems.
   
   
2. CakeFriend performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, are compatible with such uses, or are necessary for purposes of CakeFriend’s and its users’ legitimate interests.


3. 2. Safety, fraud protection and security. We use data to help maintain the safety, security, and integrity of our services and users. This includes:
   1. 2.1. Verifying users’ accounts, identity or compliance with safety requirements.
   2. 2.2. using account, device, location, usage, transaction, wireless carrier, and other data, including communications between users and metadata, to prevent, detect, and combat fraud.
   
   
4. CakeFriend performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, and/or for purposes of the legitimate safety and security interests of CakeFriend, our users and members of the general public.


5. 3. Customer support. We use the information we collect (which may include call recordings, chat logs, in-app audio recordings) to provide customer support, including to investigate and address user concerns and to monitor and improve our customer support responses and processes.


6. CakeFriend performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users or for purposes of CakeFriend’s legitimate interests in monitoring and improving its customer support services.


7. 4. Research and development. We use data for analysis, machine learning, product development, research, and testing. This helps us make our services more convenient and easy-to-use, enhance the safety and security of our services, and develop new services and features.


8. CakeFriend performs the above activities on the grounds that they are necessary for purposes of CakeFriend’s legitimate interests in improving and developing new services and features.


9. 5. Marketing and Advertising. CakeFriend uses data to market its services, and those of CakeFriend partners.


10. We specifically use account, approximate location, device and usage data, preferred language, and order history to provide ads and marketing communications. We never sell users’ data.


11. This includes using this data to:
1. 5.1. send emails, text messages, push notifications, and in-app messages or other communications marketing or advertising CakeFriend products, services, features, offers, promotions, sweepstakes, news and events.
2. 5.2. display personalized advertising on third party apps or websites.


12. CakeFriend performs the above activities on the grounds that they are necessary for purposes of CakeFriend’s legitimate interests in informing users about CakeFriend services and features or those offered by CakeFriend partners.


13. 6. Non-marketing communications. CakeFriend may use data to send surveys and other communications that are not for the purpose of marketing the services or products of CakeFriend or its partners.


14. CakeFriend performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, or for purposes of CakeFriend’s and its users’ legitimate interests in informing users about events that may have an impact on their use of CakeFriend’s services.


15. 7. Legal proceedings and requirements. We use data to investigate or address claims or disputes relating to use of CakeFriend’s services, to satisfy requirements under applicable laws, regulations, operating licenses or agreements, insurance policies, or pursuant to legal process or governmental request, including from law enforcement.


16. CakeFriend performs the above activities on the grounds that they are necessary for purposes of CakeFriend’s legitimate interests in investigating and responding to claims and disputes relating to use of CakeFriend’s services and features, and/or necessary for compliance with applicable legal requirements.

IV. Data sharing and disclosure

Some of CakeFriend’s services and features require that we share data with other users, or at users’ request or with their consent. We may also share such data with our affiliates, subsidiaries, and partners, for legal reasons or in connection with claims or disputes.

CakeFriend may share data:

1. 1. With other users


2. This includes sharing:


1. 1.1. order recipients’ name, address, contact info, order details, transaction detail, ratings and feedback with the chosen cakeshop after ordering.
2. 1.2. order recipients’ name, address, contact info with the delivery facilitator if the order method is delivery.
3. 1.3. we may share a number of delivery person’s information such as name, car color, car model, license plate with the order recipient or Cakeshop based on their request.


3. 2. With CakeFriend subsidiaries and affiliates


2.1. We share data with our subsidiaries and affiliates to help us provide our services or conduct data processing on our behalf. For example, CakeFriend processes and stores such data in the United States and Canada on behalf of its international subsidiaries and affiliates.


4. 3. With CakeFriend service providers and business partners
5. These include the third parties, or categories of third parties, listed below. Where a third party is identified, please see their linked privacy notices for information regarding their collection and use of personal data.
1. 3.1. payment processors and facilitators, including https://stripe.com/en-ca/privacy
2. 3.2. cloud infrastructure and server providers.
3. 3.3. customer support platform and service providers.
4. 3.4. geolocation service providers https://heigit.org/privacy-policy
5. 3.5. a GDPR-compliant analytic provider https://plausible.io/privacy
6. 3.6. marketing partners and marketing platform providers, including social media advertising services, advertising networks, third-party data providers, and other service providers to reach or better understand our users and measure advertising effectiveness.
7. 3.7. communication service provider https://mattermost.com/privacy-policy
8. 3.8. research partners, including those performing surveys or research projects in partnership with CakeFriend or on CakeFriend’s behalf.
9. 3.9. service providers that assist CakeFriend to enhance the safety and security of CakeFriend apps and services.
10. 3.10. service providers that provide us with artificial intelligence and machine learning tools and services.
11. 3.11. accountants, consultants, lawyers, and other professional service providers.
12. 3.12. delivery facilitators
13. 3.13. insurance and financing partners.


6. 4. For legal reasons or in the event of a dispute


7. CakeFriend may share users’ data if we believe it’s required by applicable law, regulation, operating license or agreement, legal process or governmental request, insurance policy, or where the disclosure is otherwise appropriate due to safety or similar concerns.



8. This includes sharing data with law enforcement officials, public health officials, other government authorities, or other third parties as necessary to enforce our Terms of Service, user agreements, or other policies; to protect CakeFriend’s rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services. In the event of a dispute relating to use of another person’s credit card, we may be required by law to share a user’s data, including order or order information, with the owner of that credit card.


9. This also includes sharing data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
10. With consent


11. CakeFriend may share a user’s data other than as described in this notice if we notify the user and they consent to the sharing.

V. Data retention and deletion

Users may request account deletion through our email address at hi@cakefriend.co

CakeFriend retains user data for as long as necessary for the purposes described above, which varies depending on data type, the category of user to whom the data relates, the purposes for which we collected the data, and whether the data must be retained after an account deletion request for the purposes described below.

For example, we retain data:

for the life of users’ accounts if such data is necessary to provide our services. E.g., account data.

for 7 years if necessary to comply with tax requirements.

for defined periods as necessary for purposes of safety or fraud prevention.

Following an account deletion request, we delete the user’s account and data, except as necessary for purposes of safety, security, fraud prevention or compliance with legal requirements, or because of issues relating to the user’s account (such as an outstanding credit or an unresolved claim or dispute). We generally delete data within 90 days of an account deletion request, except where retention is necessary for the above reasons.

VI. How we secure your data

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. There is no password stored on CakeFriend’s servers. Whenever a user attempt to login or signup, CakeFriend sends a time-based, one-time passcode to the user’s email. Users are responsible to keep their own email safe and secure.

VII. Your rights with respect to your information

At CakeFriend, we strive to apply the same data rights to all customers. Some of these rights include:

1. Right to Know. You have the right to know what personal information is collected, used or shared. We outline both the categories and specific bits of data we collect, as well as how they are used, in this privacy note.


2. Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.


3. Right to Correction. You have the right to request correction of your personal information.


4. Right to Erasure / “To Be Forgotten”. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, from all of our service providers. Fulfillment of some data deletion requests may prevent you from using CakeFriend services because our applications may then no longer work. In such cases, a data deletion request may result in closing your account.


5. Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of your personal information. (Again: we never have and never will sell your personal data.)


6. Right to Object. You have the right, in certain situations, to object to how or why your personal information is processed.


7. Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party. If you want to export data from your accounts, you can do so by contacting hi@cakefriend.co

Please note that certain information may be exempt from such requests under applicable law. For example, we need to retain certain information in order to provide our services to you.

In some cases, we also need to take reasonable steps to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name and email address. If we are unable to verify you, we may be unable to respond to your requests. If you have questions about exercising these rights or need assistance, please contact us at hi@cakefriend.co or mail us at Ponderbloom Inc, 264 Queens Quay W, #111 Toronto ON, M5J 1B5 Canada. If an authorized agent is corresponding on your behalf, we will need written consent with a signature from the account holder before proceeding.

Depending on applicable law, you may have the right to appeal our decision to deny your request, if applicable. We will provide information about how to exercise that right in our response denying the request. You also have the right to lodge a complaint with a supervisory authority.

VIII. Legal information

PonderBloom Inc. is controller of the data processed in connection with CakeFriend’s services globally.

For any inquiries, please contact us at hi@cakefriend.co or mail us at Ponderbloom Inc, 264 Queens Quay W, #111 Toronto ON, M5J 1B5 Canada

Appendix 1: Additional Terms for EEA and UK Customers

In compliance with EEA and UK privacy and data protection laws, the following information pertains to our valued customers and visitors of the CakeFriend platform operated by PonderBloom Inc. For any inquiries regarding this Policy, please contact us at hi@cakefriend.co or mail us at Ponderbloom Inc, 264 Queens Quay W, #111 Toronto ON, M5J 1B5 Canada

If you have any concerns regarding the processing of your data or our response to a request or complaint, you reserve the right to address the matter with your local supervisory authority.

WHEN DO WE SHARE YOUR PERSONAL DATA?

Please note that your information might be transferred to and stored in locations outside the EEA or UK.

Kindly acknowledge that non-EEA countries may not offer the same level of protection for personal data as provided in the EEA. However, PonderBloom Inc. implements various measures to ensure the security of your data, including assessing security measures at data transfer destinations, and utilizing appropriate safeguards as described in Article 46 of GDPR.

For more detailed information on international data transfers and safeguards, please contact us at hi@cakefriend.co.

LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

Our processing of your personal data is based on the following legal grounds, as per applicable data protection laws:

1. Necessity to perform contractual obligations or steps requested by you prior to entering into a contract.
2. Legitimate interests pursued by PonderBloom Inc. or third parties, provided such interests do not override your rights.
3. Consent provided by you for specific processing activities.
4. Compliance with legal obligations.

We may process special categories of data under specific circumstances outlined in applicable laws.

Should you require further information on the legal bases for processing your data, or our legitimate interests, please do not hesitate to reach out.

In instances where we have obtained your consent for data processing, you retain the right to withdraw your consent at any time by contacting our us at hi@cakefriend.co.

DO YOU HAVE TO GIVE US YOUR PERSONAL INFORMATION?

While providing your personal data to us is generally optional, failure to do so may restrict your access to certain features of our Services. For example, certain details such as your name, address, and payment information are necessary for facilitating transactions.

PROFILING AND AUTOMATED DECISION MAKING

We utilize automated decision-making processes as part of our Services, primarily for fraud prevention, security, and risk assessment purposes. These processes may include:

• Evaluation of order information for additional requirements or eligibility determination.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law or contractual agreements. Retention periods may vary based on the nature of the data and legal obligations.

Should you request removal of your personal data, please note that complete deletion may not always be feasible due to technological or legal constraints. However, we will take appropriate steps to secure or anonymize the data as necessary.

YOUR RIGHTS UNDER GDPR

You possess various rights concerning your personal data, including:

• Accessing your data
• Correcting inaccuracies
• Erasing data under certain circumstances
• Restricting processing
• Objecting to processing
• Data portability
• Challenging automated decision making

For assistance in exercising your rights or further clarification, please contact us at hi@cakefriend.co.

We commit to promptly addressing your requests and ensuring compliance with applicable regulations.