GAIL's Bakery Logo

Privacy Policy

Last Updated: 11 August 2025

This Privacy Policy describes how I, Tristen Bayley ("I," "me," "my"), collect, use, and protect your personal information when you use the Bakery Growth Planner application (the "Service").

1. Data Controller

I, Tristen Bayley, am the data controller responsible for your personal information.

2. Information I Collect

I collect and process the following types of personal information:

  • Account Information: When you register for an account, I collect your email address and a securely hashed version of your password.
  • User Profile Information: I collect your name and bakery location to personalise your experience within the application.
  • Growth Plan Data: I collect all the information you voluntarily enter into your 30-60-90 day growth plans. This includes goals, sprint details, weekly check-in data, and reflections.
  • Technical Data: I may collect technical information such as your IP address and browser type through the use of essential cookies and server logs.

3. How I Use Your Information

I use your personal information for the following purposes:

  • To Provide and Manage the Service.
  • To Personalise Your Experience.
  • To Enable Sharing.
  • To Improve the Service.

4. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), my legal basis for processing your personal information is Legitimate Interests. I have a legitimate interest in providing and maintaining this Service to help you with your professional development and business planning. I have balanced this against your rights and freedoms and have concluded that your interests do not override this legitimate interest.

5. Data Sharing and Third Parties

I use a limited number of trusted third-party service providers to help me operate the Service. These are:

  • Google Firebase: I use Firebase for backend services, including secure user authentication and database hosting. Your data is stored on Firebase's secure servers in transit and at rest.
  • Netlify: The application is hosted on Netlify, which also provides the serverless functions used for secure API key handling.
  • Google Fonts & Bootstrap Icons: These services are used to provide the fonts and icons you see in the application. They may receive your IP address in the course of providing their services.

I will not sell, rent, or share your personal information with any other third parties without your explicit consent, unless required by law.

6. Data Security

I am committed to protecting your personal information and have implemented appropriate technical and organisational security measures. These measures include:

  • Encryption: Data is encrypted in transit using HTTPS and at rest on the database servers.
  • Secure API Key Handling: I use secure serverless functions to manage the application's API keys, preventing them from being exposed to the public.
  • Content Security Policy (CSP): I have a CSP in place to help prevent cross-site scripting (XSS) and other injection attacks.
  • Secure Password Resets: The password reset functionality is designed to prevent user enumeration by providing a generic response regardless of whether an email address exists in the system.

7. Data Retention

I will only retain your personal information for as long as your account is active or as is necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. You may delete your account and associated data at any time.

8. Your Data Protection Rights

Under data protection law, you have the following rights:

  • Your right of access - You have the right to ask me for copies of your personal information.
  • Your right to rectification - You have the right to ask me to rectify personal information you think is inaccurate or incomplete.
  • Your right to erasure - You have the right to ask me to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask me to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that I transfer the personal information you gave me to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you.

9. Cookies

This Service uses a single cookie (`gails_cookie_consent`) to remember your choice on the cookie consent banner. This is an essential cookie for the functionality of the site and does not track you. No other cookies are used.

10. Changes to This Privacy Policy

I may update this privacy policy from time to time. I will notify you of any changes by posting the new privacy policy on this page and updating the "Last Updated" date.

11. How to Contact Me

If you have any questions about this privacy policy or wish to exercise your rights, please contact me at tristen_bayley@gailsbread.co.uk.

You also have the right to complain to the Information Commissioner's Office (ICO) if you are unhappy with how I have used your data.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline number: 0303 123 1113. ICO website: