Privacy Policy

Effective Date: February 12, 2026

1. Introduction

Twisted Confections LLC ("we," "us," "our") operates DoughMetrics, a web-based recipe costing and ingredient management platform. We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your personal information.

This Privacy Policy applies to information collected through our website and services (collectively, the "Service"). By using DoughMetrics, you agree to the collection and use of information in accordance with this policy.

Contact Information:
Twisted Confections LLC
Signal Mountain, Tennessee
Email: info@twisted-confections.com

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, password (encrypted), display name
  • Payment Information: Processed and stored securely by Stripe (we do not store credit card numbers)
  • Content Data: Recipes, ingredients, costs, and other business data you create in the Service
  • Communications: When you contact us for support or feedback

2.2 Automatically Collected Information

  • Usage Data: Features used, pages visited, time spent, actions taken (collected via Google Analytics)
  • Device Information: Browser type, operating system, device identifiers, IP address
  • Cookies and Tracking: Session cookies, authentication tokens, analytics cookies, advertising cookies (Meta Pixel) (see Section 8)

2.3 Information from Third Parties

  • Google Sign-In: If you authenticate with Google, we receive your email and profile information
  • Payment Processor: Stripe provides transaction and subscription status information
  • Advertising (Free Tier Only): Google AdSense may collect information about your browsing for targeted advertising
  • Marketing Analytics: Meta (Facebook) Pixel may collect information about your activity for conversion tracking and advertising optimization (with your consent)

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: To provide, operate, and maintain the DoughMetrics platform
  • Account Management: To create and manage your account, including authentication and subscription status
  • Payment Processing: To process transactions through Stripe and manage billing
  • Communications: To send transactional emails (account verification, password resets, subscription notifications) via SendGrid
  • Analytics and Improvement: To understand usage patterns and improve features using Google Analytics
  • Advertising (Free Tier Only): To display relevant ads via Google AdSense to free tier users
  • Marketing and Advertising: To measure ad performance, optimize marketing campaigns, and show relevant ads on third-party platforms like Facebook/Instagram (with your consent via Meta Pixel)
  • Security: To detect, prevent, and respond to fraud, security issues, and violations of our Terms
  • Legal Compliance: To comply with legal obligations and respond to lawful requests
  • Customer Support: To respond to your questions and provide technical assistance

4. How We Share Your Information

We share your information with third parties only as described below. We do not sell your personal information for monetary consideration. However, under certain privacy laws (like CCPA), sharing data for advertising purposes may be considered a "sale" or "share" - see Section 6 for opt-out rights.

Service Providers We Use:

  • Google: Authentication, database, file storage, and hosting
  • Stripe: Payment processing and subscription management
  • SendGrid: Transactional email delivery
  • Google Analytics: Usage analytics and service improvement
  • Google AdSense (Free Tier Only): Advertising to free users (may involve data sharing with advertisers)
  • Meta (Facebook): Conversion tracking and advertising optimization via Meta Pixel (with your consent)

Other Sharing Scenarios:

  • Legal Requirements: To comply with laws, regulations, legal processes, or government requests
  • Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share information

5. Your Privacy Rights

Depending on your location, you have specific rights regarding your personal information:

All Users:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your account and personal information
  • Data Portability: Request your data in a machine-readable format
  • Withdraw Consent: Withdraw consent for processing where we rely on consent

Additional Rights (California, Virginia, Colorado, Connecticut, Utah, and other applicable US states):

  • Know: Know what personal information we collect and how we use it
  • Opt-Out of Sale/Sharing: Opt-out of the "sale" or "sharing" of personal information (see Section 6)
  • Limit Sensitive Data Use: Limit use and disclosure of sensitive personal information
  • Non-Discrimination: We will not discriminate against you for exercising your rights

Additional Rights (EU/UK GDPR):

  • Object: Object to processing of your personal information
  • Restrict Processing: Request restriction of processing in certain circumstances
  • Lodge Complaint: File a complaint with your local data protection authority

Additional Rights (Canada PIPEDA):

  • Challenge Compliance: Challenge our compliance with PIPEDA
  • Access Safeguards: Be informed of safeguards we've implemented

To Exercise Your Rights:

Email us at info@twisted-confections.com with the subject line "Privacy Rights Request." We will respond within 45 days (or as required by applicable law). You may be required to verify your identity before we fulfill your request.

6. California "Do Not Sell or Share My Personal Information"

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to opt-out of the "sale" or "sharing" of their personal information.

Important Information About Advertising

Free Tier Users: We display Google AdSense advertisements to free tier users. This may involve "sharing" your information (such as browsing activity and device identifiers) with Google and its advertising partners for targeted advertising purposes. Under CCPA/CPRA, this may be considered a "sale" or "share" of personal information.

Pro Tier Users: Paid subscribers do not see advertisements and their information is not shared for advertising purposes.

To Opt-Out:
  • Upgrade to Pro: Subscribe to our Pro tier to remove all ads
  • Browser Settings: Use browser-based ad blockers or privacy tools
  • Google Ad Settings: Manage personalized advertising at adssettings.google.com
  • Contact Us: Email info@twisted-confections.com with "Do Not Sell My Information" to discuss options

We do not sell personal information for monetary consideration. The only data "sharing" that occurs is through Google AdSense for free tier users to support our free offering.

7. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication through Google
  • Payment processing through PCI-compliant Stripe (we never store credit card numbers)
  • Regular security audits and monitoring
  • Access controls and authentication requirements

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide functionality and improve your experience. We use Cookiebot to manage your cookie preferences and ensure compliance with privacy laws.

8.1 Essential Cookies (Always Active)

These cookies are necessary for the website to function and cannot be disabled:

  • Authentication: Firebase authentication tokens to keep you signed in
  • Session Management: Session identifiers for security and functionality
  • Security: CSRF protection and secure communications

8.2 Analytics Cookies (Optional)

With your consent, we use analytics cookies to understand how you use our service:

  • Google Analytics: Tracks page views, feature usage, and user journey to help us improve the service

8.3 Marketing Cookies (Optional)

With your consent, we use marketing cookies for advertising purposes:

  • Google AdSense (Free Tier Only): Displays contextual and personalized ads to free tier users
  • Meta Pixel (Facebook Pixel): Tracks conversions from Facebook/Instagram ads, builds custom audiences for retargeting, and measures ad campaign performance. Meta Pixel sets cookies including _fbp (Facebook browser ID) and _fbc (Facebook click ID) to track your activity across websites.

You can manage your marketing cookie preferences at any time through our Cookie Settings.

You can control cookies through your browser settings or our cookie consent banner. Note that disabling essential cookies may impact functionality. For EU/UK users, we comply with GDPR requirements using Google's Consent Mode v2 and Cookiebot consent management.

For a detailed list of all cookies we use, including their purpose and duration, please visit our Cookie Declaration page.

Manage Cookie Preferences

You can change your cookie preferences at any time by clicking the button below:

9. Mobile Applications

When you use the DoughMetrics mobile app for iOS or Android, we may collect and process the following additional data:

9.1 Device Push Tokens

When you enable push notifications, we store your Expo Push Token in Firestore to deliver low-stock alerts and app updates. You can disable notifications at any time in the app's Settings or your device settings. Disabling notifications removes your push token from our systems.

9.2 Camera and Photo Library

The app may request access to your camera or photo library to let you attach photos to ingredients and packaging items. Photos are uploaded to Firebase Storage and associated with your account. Camera and photo library access is optional — the app functions fully without it.

9.3 Push Notification Preferences

You can opt in or out of push notifications in Settings. Your preference is stored in your user profile and respected immediately.

9.4 Third-Party Services (Mobile-Specific)

In addition to the services listed elsewhere in this policy, the mobile app uses:

  • Firebase Analytics: Usage analytics to improve the app experience. You can opt out in Settings > Privacy & Data.
  • Expo Push Service: Routes push notifications to Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM). Only your push token and notification content are transmitted.
  • Google AdMob: Displays advertisements to free-tier users. AdMob may collect device identifiers for ad personalization. Pro subscribers do not see ads and no ad-related data is collected.
  • Sentry: Crash reporting to help us fix bugs. Crash logs may include device model, OS version, and stack traces. No personally identifiable information is intentionally collected.

9.5 Data Export and Deletion

You can request a full export of your data or delete your account in Settings. Account deletion removes all associated data from our systems, including push tokens, uploaded photos, and stored preferences.

10. Data Retention

We retain your personal information as follows:

  • Account Data: Retained while your account is active
  • Deleted Accounts: Personal information deleted within 90 days of account deletion
  • Transaction Records: Retained for 7 years for tax and legal compliance
  • Communications: Retained for 3 years for support purposes
  • Analytics: Aggregated, anonymized data may be retained indefinitely

You may request deletion of your account and data at any time by contacting info@twisted-confections.com.

11. Children's Privacy (COPPA Compliance)

DoughMetrics is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. Our Terms of Service require users to be at least 13 years old.

If you believe a child under 13 has provided us with personal information, please contact us immediately at info@twisted-confections.com, and we will take steps to delete such information.

12. International Data Transfers

We serve users in the United States, Canada, United Kingdom, European Union, and other countries. Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For EU/UK Users: We rely on Google's data processing agreements and Standard Contractual Clauses (SCCs) for data transfers outside the EU/UK. Google complies with GDPR requirements.

For Canadian Users: We comply with PIPEDA (Personal Information Protection and Electronic Documents Act) requirements for cross-border data transfers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Effective Date" at the top of this policy
  • Post the updated policy on this page
  • Notify you via email if changes materially affect your rights

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Twisted Confections LLC

Signal Mountain, Tennessee

Email: info@twisted-confections.com

For privacy rights requests, include "Privacy Rights Request" in the subject line and specify which rights you wish to exercise.

Return to Home