The fine print, in plain English.

You can sign in with email and password or with your Google account. Passwords are never stored in plain text and are never visible to us — authentication is handled by our backend provider using industry-standard hashing.

From your account page you can update your name and contact details, change your password, sign out, or delete your account entirely.

We only collect what's needed to take and fulfill your cookie order:

• Account info: name, email address, and (optionally) a phone number.
• Order info: which cookies you ordered, quantity, pickup date, and order notes.
• Subscription info: your weekly cookie selections and pause/cancel status, if you use a subscription.
• Reviews: the star rating and comment you choose to leave, shown next to your profile display name.
• Technical info: basic logs (IP address, browser, page visited) to keep the site secure and working.
• Payment info: entered directly with our payment processor. We never see your full card number.

We use your information only to run the bakery and the site:

• Bake and hand you the cookies you ordered.
• Send transactional emails (order confirmation, pickup reminders, password resets).
• Send a short review request a few days after pickup — opt out any time.
• Show you your own order history and subscription on your account page.
• Keep the site secure, prevent abuse, and meet basic tax/accounting requirements.

We do not sell your personal information, and we do not share it with advertisers.

Transactional emails (account and order related) are always sent because they're required to actually deliver your cookies. They include sign-up confirmation, password reset, order confirmation, pickup reminder, and a one-time review request.

Marketing emails (new flavors, seasonal specials) are opt-in only. You can unsubscribe from any marketing email using the link in the footer of the email, or from your account page.

Only customers who have actually ordered a specific cookie can leave a review for it. Reviews show:

• Your star rating (1–5).
• Your written comment.
• The display name on your profile (never your email address or account ID).

You can edit or delete your review at any time from the cookie's page while signed in.

Customer data is stored in our managed backend with row-level security, so each signed-in customer can only read and write their own orders, subscriptions, profile, and reviews. Admin actions are restricted to staff accounts.

All connections to our site use HTTPS. Sensitive operations (placing an order, changing your account) require you to be signed in. Webhook and scheduled endpoints are signature- or key-protected.

We rely on a small number of trusted providers to operate the bakery online. They process your data only to provide their service to us:

• Hosting & backend — database, authentication, file storage, and serverless functions.
• Email delivery — sends the transactional and (opt-in) marketing emails described above.
• Payment processing — handles card details directly; we receive only confirmation that an order was paid.
• Analytics (optional) — basic aggregate usage stats, only if you accept analytics cookies.

Yes, we have to talk about the other kind of cookies. We use a few small browser cookies to keep the site working and to understand how it's used. We split them into three groups:

• Essential — always on. Keeps you signed in, remembers your cart, and protects checkout.
• Analytics — optional. Helps us see which cookies are most loved and where the site is confusing.
• Marketing — optional. Lets us measure whether our occasional emails or links bring people back.

You can change your mind any time:

You can, at any time:

• See the information on your account from your account page.
• Correct your name, email, or contact details from your account page.
• Download a copy of your orders and reviews by emailing us.
• Delete your account and personal information (see below).
• Unsubscribe from marketing emails using the link in any email.
• Withdraw cookie consent from the cookie preferences button above.

If you live somewhere with specific privacy laws (e.g. GDPR in the EU/UK, CCPA in California), you have those rights too — just ask us and we'll help.

• Account & profile: until you ask us to delete it.
• Orders & receipts: kept as long as required for tax and accounting purposes, then deleted or anonymized.
• Reviews: kept while your account exists; deleted with your account unless you ask us to keep them anonymously.
• Security & access logs: short-term, only as long as needed to keep the site safe.

Burke Mountain Cookie Company is intended for adults placing cookie orders. We don't knowingly collect personal information from children under 13. If you believe a child has created an account, please email us and we'll remove it.

We may update this page as the bakery grows or as the site changes. When we make a meaningful change we'll update the "last updated" date at the top, and — for big changes — let signed-in customers know by email.

You can request that we delete your account and personal information by emailing hello@burkemountaincookies.com. We'll confirm and complete the deletion within 30 days. We may keep order records as required for tax and accounting, with personal details removed.

If you believe you've found a security or privacy issue, please email hello@burkemountaincookies.com with details and steps to reproduce. We'll respond as quickly as we can and won't pursue researchers acting in good faith.

For anything else, visit our How it works page or get in touch at hello@burkemountaincookies.com. We're real humans on a real mountain and we read every email.