Privacy
What we know about you.
We collect the minimum needed to make Conductor work across your devices.
What we collect when you sign in
If you choose to sign in (Sign in with Apple, Continue with Google, or magic-link email), we receive:
- Email address. The one you typed, or — if you use Sign in with Apple and choose to hide it — Apple's private relay address. We use it to authenticate you and, rarely, to contact you about the account.
- Display name (optional). Only if you provide one, or if your OAuth provider chooses to include it. We never require it.
- OAuth provider info. A stable user ID from Apple or Google so we can recognize you on return visits. We never see your password, your device ID, or any other account data those providers hold.
You can use Conductor without signing in. Without an account, your data stays on your device and never reaches our backend.
What we collect about your bakes
When you're signed in, the following sync to your account so you have them on every device:
- Saved combos and presets you've added or edited
- Cook history (items, temps, times, the schedule we calculated, the feedback you gave it)
- Favorites
- Oven settings (convection / conventional, altitude, preheat preference)
This is stored at our backend, which runs on Supabase (a managed Postgres database). Each row is tagged with your user ID and protected by row-level security — you can only read or write your own rows, and we never look at the contents in the course of normal operation.
What we don't collect
We don't ask for and don't receive any of the following from Conductor:
- Location, contacts, photos, microphone, camera, or any other device sensor
- Payment card numbers — Apple, Google, and (on web) our payment processor handle these end-to-end
- Browsing history outside Conductor
- Advertising IDs or cross-app tracking identifiers
- Third-party analytics, marketing pixels, or behavioral profiling SDKs
Sharing
- We do not sell or rent your data. Ever.
- We use Supabase as our backend (Postgres database with row-level security; you can only see your own rows). Their privacy policy applies to data in transit and at rest.
- We use Apple and Google for sign-in. When you choose one of those, the provider authenticates you and returns a token to us — we never see your password.
- Hosting is fronted by Cloudflare; standard CDN sub-processor relationships apply.
- Free users on the mobile app see a single AdMob banner — the only ad surface in Conductor. It can serve non-personalized ads if you decline App Tracking Transparency. Pro users see no ads. The web tool serves no ads at all.
Your rights
You can permanently delete your Conductor account, and everything attached to it, at any time:
- In the app: Settings → Account → Delete account. Removal is immediate.
- By email: [email protected]. We'll process within 14 days.
If you're in the EEA, UK, or California, you also have the right to access, correct, export, or restrict processing of your data. Email us and we'll handle it — there's no special form.
Server logs
Our web host keeps standard request metadata (IP address, user-agent, requested path) for roughly 30 days for security and operational purposes. These logs are not used for marketing and are not linked to your Conductor account.
Cookies
Conductor sets no advertising or analytics cookies. The web tool uses your browser's localStorage for preferences, Pro status, and the active-bake state. If you sign in, Supabase sets a session token (also in localStorage) so we can keep you signed in.
Children
Conductor is a general-audience product. We don't knowingly collect information from anyone under 13 (US) or 16 (EEA). If you believe a child has signed up, email us and we'll remove the account.
Changes
If this policy changes, we'll update the date below and call out material changes in-app.