Privacy Policy

Who we are

MakeBright is a demand-forecasting service for bakeries, cafés, and fresh-food producers, operated by a sole trader based in Norway. We are the controller for the personal data described here. You can reach us at hello@makebright.app; full legal controller details are available on request.

What we collect

• Account data — your name, email, and password (stored only as a secure hash). If you sign in with Google, we receive your name and email from Google.
• Operational data you enter — your products, daily sales, waste, schedules, and café settings. This is mostly business data, used to generate your forecasts.
• Technical data — error diagnostics and aggregate, non-identifying usage and performance metrics.

Inviting your team

If you invite colleagues to your café, we process the email address you enter to send them an invitation and, if they join, to manage their access. Please make sure anyone you invite is happy to be added.

How we use it, and our legal basis

• To run the service — generate forecasts, show your plan, manage your account: performance of our contract with you (GDPR Art. 6(1)(b)).
• To keep the service secure, reliable, and working — error monitoring and performance: our legitimate interests (Art. 6(1)(f)).
• To send service emails you need — account, password, team invites, and the activation message when your café reaches active mode: part of providing the service.
• Any future optional emails, such as weekly summaries or tips, would be sent only with your consent (Art. 6(1)(a)), which you could withdraw at any time.

Cookies

We use only two first-party cookies, neither of which tracks you: a strictly necessary sign-in session cookie so you stay logged in (kept for the length of your session), and a preference cookie that remembers whether your sidebar is open or closed (kept for up to 7 days). We set no cookies before you sign in, use no advertising or cross-site tracking cookies, and our analytics are cookieless. Because the only cookies we use are strictly necessary or a minor preference set after you log in, MakeBright does not show a cookie consent banner.

Service providers

We rely on a few trusted providers that process data on our instructions to run MakeBright:

• Neon — database hosting.
• Vercel — application hosting and cookieless analytics.
• Amazon SES (AWS) — sending the emails described above; processed in the EU (Stockholm region).
• Sentry — error and performance monitoring. It captures technical error diagnostics; it does not record your screen or session. If you send feedback through the in-app feedback button, your message and any screenshot you choose to attach are sent to Sentry.
• Google— only if you choose “Continue with Google” to sign in.

Where a provider processes data outside the EEA, that transfer relies on appropriate safeguards such as the EU Standard Contractual Clauses.

How long we keep it

We keep your account and data for as long as your account exists. If you delete your account, we delete your personal data. Diagnostic and log data held by our providers is kept for their standard periods — typically up to around 90 days for error data and 30 days for server logs.

Your rights

Under the GDPR you have the right to access, correct, delete, export, restrict, or object to the processing of your personal data, and to withdraw consent. You can export all of your data and delete your account at any time from Settings in the app. To exercise any other right, email hello@makebright.app.

Complaints

If you have a concern we can't resolve, you can complain to the Norwegian Data Protection Authority, Datatilsynet, or to the data protection authority in your own country.

Changes

MakeBright is in free beta, so the service and this policy may change as it develops. We'll post any update here and revise the date above.