Privacy Policy

Fireborn Pizza (“we”) collects the minimum information we need to take your order, deliver your pizza, and let you log in again next time. We don’t sell your data, share it with advertisers, or use it for tracking across other apps and websites.

Questions or requests? Email terry@firebornpizza.com.

• Account information: email address (required to sign in), name (required to deliver an order).
• Contact & delivery information: phone number and delivery address — used to fulfill orders and to reach you if there’s a delivery issue.
• Order history: what you bought, when, and where we delivered it. Used to show you your own past orders and to run our business.
• Payment information: handled by Stripe. We don’t store full card numbers on our servers. Stripe returns us a token + the last four digits + brand so we can charge the saved card again with your permission (for example, subscription deliveries).
• Loyalty submissions: if you upload a photo or video to earn loyalty points, we store the file and a record of the submission. By uploading you grant Fireborn the right to repost on our marketing channels.
• Device push tokens: if you allow push notifications, we store an opaque token tied to your account so we can notify you about deliveries, subscription reminders, and loyalty rewards. You can revoke this anytime in iOS Settings.
• Catering inquiries: if you book a catering event, we store the name, email, phone, location, headcount, date, and details you submitted.

• No advertising identifiers, no cross-app tracking, no fingerprinting.
• No location tracking in the background.
• No contacts, calendar, microphone, or motion data from your device.
• Camera and photo library access is only used when you explicitly tap “Upload photo” in the loyalty program. We don’t scan your library.

• Fulfilling your orders — your name, phone, address, and order history are used to bake and deliver your pizza.
• Account management — your email is used to sign you in via magic link, Apple, or Google.
• Notifications — order confirmations, delivery date reminders, loyalty point credits, subscription cutoff warnings. You can opt out of push or email at any time.
• Loyalty program — to track points you’ve earned and rewards you’ve redeemed.
• Customer support — to answer questions about your orders.

We share data only with service providers we need to run Fireborn:

• Stripe — payment processing. Stripe is PCI-DSS certified and handles all card data directly.
• Supabase — our database and authentication provider (where your account and orders are stored).
• Resend — for sending transactional email (order confirmations, sign-in links).
• Expo — for delivering push notifications to your device.
• Google Maps Platform — only when you use the address autocomplete on a checkout form. Google receives the characters you type into that field.
• Vercel — hosts the firebornpizza.com website and the API backend.

We don’t sell or rent your information to anyone. We don’t share data with ad networks or analytics platforms.

Account, order, and subscription records are kept indefinitely so you have a permanent history of your purchases. You can ask us to delete your account at any time by emailing terry@firebornpizza.com. We’ll delete your auth account, push tokens, loyalty balance, and contact information within 30 days. Order records may be retained where required by tax or accounting law (typically seven years), but they’ll be detached from your account.

• Access — request a copy of everything we have on file for you.
• Correction — fix anything that’s wrong. Most of it is editable directly in the app or website.
• Deletion — ask us to delete your account.
• Opt-out of notifications — push and email both have unsubscribe paths.
• California / GDPR / state-specific rights — if your jurisdiction grants additional rights, we honor them. Contact us to exercise them.

Fireborn Pizza isn’t directed at children under 13 and we don’t knowingly collect their information. If you believe a child has signed up, contact us and we’ll delete the account.

We use HTTPS for everything, RLS-enforced row security on the database, signed URLs for any shared documents (like invoices), and bcrypt or platform-managed credentials for passwords. No system is perfectly secure — if you suspect a breach, email us immediately.

We’ll update this page when we change how we collect or use data. The “Last updated” date at the top will reflect the most recent revision.

Terry Vorel · Fireborn Pizza
terry@firebornpizza.com
(631) 697-8930