True Loaf

Privacy

True Loaf is a small artisan home bakery. This statement explains what personal data we collect when you place an order, why we need it, who we share it with, and how long we keep it. We deliberately collect only the minimum needed to prepare and hand over your order.

What we collect

When you place an order, we collect:

  • Your name — to identify your order at pickup.
  • Your email address — to send you an order confirmation.
  • Your phone number — to contact you about your order and pickup.
  • Your chosen pickup day — to schedule your order.
  • Your order contents (items, quantities, and prices) — to prepare and price it.
  • Your language preference — to communicate with you in the right language.

We do not collect or store:

  • Card or bank details — you enter these directly on Mollie's secure payment page; they never reach our servers. We only store an opaque payment ID.
  • Marketing or tracking profiles.

Why we're allowed to use it

We use your name, email, phone, and order details to fulfil the order you placed with us. Under the GDPR this is the legal basis of "performance of a contract" (Article 6(1)(b)), so no separate consent is needed to place an order.

Who we share it with

We share your data only with the service providers that help us run the bakery, and only as far as they need it:

  • Mollie (payments) — processes your payment. You enter your card or bank details directly on Mollie's secure page.
  • Northflank (hosting) — stores our order database, encrypted at rest.
  • Vercel (website) — runs this site and passes your order through to our system.
  • Telegram (staff alerts) — receives a new-order notification containing only the order reference, items, total, and pickup day. It does not receive your name or phone number.
  • Resend (email) — sends your order confirmation after payment. It receives your email address and order details so the message can be delivered. It does not receive your name or phone number.

How long we keep it

  • Your contact details (name, email, and phone) are automatically deleted about 90 days after your order.
  • The order's financial record (amount, items, reference, and dates) is kept longer, as required by Dutch tax law.

Your rights

You can ask us to access, correct, or delete your personal data, or to receive a copy of it. To make a request, email us at [email protected]. Your contact details are also removed automatically at the 90-day mark described above.

How we protect your data

  • All data sent to and from this site is encrypted with HTTPS/TLS.
  • Stored data is encrypted at rest by our hosting provider.
  • Card and payment data is handled entirely by Mollie, a PCI-compliant provider, and never reaches our systems.
  • Access to customer details is restricted to staff through secure, authenticated, non-public tools.
  • Order references are random and non-guessable, so orders cannot be looked up by guessing.

Cookies & tracking

This website does not use tracking scripts or analytics. The only cookie we set is a small preference cookie (PARAGLIDE_LOCALE) that remembers your chosen language between visits. It contains only a language code (e.g. "en" or "ru") and is set when you use the language switcher.

Hosting

This website is hosted on Vercel. When you visit, Vercel may automatically collect technical information such as your IP address, browser type, and access times in server logs. This data is processed by Vercel to operate and secure the service.

Contact

If you have questions about this privacy statement, you can reach us through the details on our contact page.

KVK 99984768 · Last updated June 2026