Last updated: April 1, 2026

Privacy Policy

This Privacy Policy explains how Flapjack Johnnys Cooking, a service of FLAPJACK MEDIA, LLC ("we", "us", "our"), collects, uses, shares, and safeguards information when you visit our website, create an account, subscribe to a membership, place a store order, or otherwise interact with us. We have written this policy in plain English so you can actually read it. If anything is unclear, please reach out and we will explain.

1. What we collect

We try to collect as little personal information as we need to run the service. The categories below cover everything we touch.

Account information

When you register an account we collect your name, email address, and a hashed copy of the password you choose. We never store passwords in plain text. If you update your profile we keep the information you submit (display name, dietary preferences, mailing address for store orders).

Payment information

All card payments are processed by Stripe, a PCI-DSS Level 1 certified payment provider. When you enter card details on our checkout, those details are sent directly from your browser to Stripe and never touch our servers. We receive a tokenized reference, the last four digits of the card, the card brand, and the billing ZIP code so we can show your saved payment method on the account page and so we can charge renewal fees on the schedule you agreed to.

IP address and device information

Our web server logs the IP address, user-agent string, browser language, and timestamp of each request for security monitoring and to prevent abuse. Approximate geolocation derived from IP (city level only) is used to comply with regional consent rules and to show prices in the right currency where applicable.

Usage analytics

We record which pages you view, which recipes you save or print, search terms you enter on our site, and which links you click. This is aggregated to help us understand which content is useful and which we should improve. Usage analytics are tied to a randomly generated session identifier, not to your real name.

Communications

If you email us, fill out a contact form, or reply to a support ticket, we keep the message and any attachments so we have a record of the conversation.

2. How we use it

  • Deliver the service. We use account information to log you in, gate premium recipes, fulfill store orders, and run your membership.
  • Process payments. Payment data is used to charge subscriptions and store orders, issue refunds, and detect fraud.
  • Improve the product. Usage analytics tell us which recipes are popular, which pages are confusing, and where the test kitchen should focus next.
  • Send transactional email. We send order confirmations, shipping notifications, payment receipts, password reset emails, trial-ending reminders, and account security alerts. These messages are required to operate the service and you cannot opt out of them while you remain a customer.
  • Send marketing email (optional). If you tick the newsletter box at signup we send a weekly recipe digest. Every marketing email contains a one-click unsubscribe link.
  • Comply with the law. We retain billing records for the period required by tax authorities and respond to lawful requests from courts and regulators.

3. Microsoft Advertising UET

We run paid advertising campaigns on Bing and other Microsoft Advertising surfaces. To measure whether those ads work we have placed the Microsoft Universal Event Tracking (UET) tag on our pages. The UET tag drops a cookie when you arrive from a Microsoft ad and reports back to Microsoft whether you completed an action on our site (for example, signing up for a free trial).

The UET tag may collect your IP address, the page URL you visited, the action you performed, an anonymous user identifier, and approximate location. We do not send your name, email address, password, or payment details to Microsoft.

You can review and adjust the personalized advertising settings tied to your Microsoft account at https://account.microsoft.com/privacy. To opt out of interest-based advertising more broadly across participating ad networks, visit the Digital Advertising Alliance opt-out page at https://optout.aboutads.info. Both pages let you manage your preferences without contacting us first.

4. Cookies summary

We use a small number of cookies and similar technologies. The headline categories are:

  • Essential cookies. Keep you logged in, hold the contents of your shopping cart, and remember your cookie consent choice. The site does not function without these.
  • Analytics cookies. Aggregate data about which pages are visited so we can improve the site.
  • Advertising cookies. Used by the Microsoft UET tag described above to measure the performance of our paid campaigns.

For full details, including a category-by-category table and instructions for controlling cookies in every major browser, see our Cookie Policy.

5. Data retention

  • Usage analytics data is retained in identifiable form for 12 months, after which it is aggregated or deleted.
  • Account data is retained for as long as your account is active. After you close your account we keep core billing records for 7 years to satisfy tax and accounting laws, and then delete them.
  • Server access logs are kept for 30 days for security investigations.
  • Support email threads are kept for 24 months in case you reopen the issue.

You can ask us to delete data sooner where the law allows; see your rights below.

6. How we share information

We do not sell personal information for money. We share data only with vendors who help us run the service, and only the information they need to do their job. Current processors include Stripe (payments), our transactional email provider, our cloud hosting provider, and Microsoft Advertising (advertising measurement, as described above). We require each processor to honor the same protections you have under this policy.

We will disclose information when required by a valid subpoena, court order, or other legal process, and to defend our rights or the safety of our users.

7. Your CCPA rights (California residents)

If you live in California, the California Consumer Privacy Act (as amended by the CPRA) gives you the following rights:

  • Right to know. Request a copy of the categories and specific pieces of personal information we have collected about you in the past 12 months.
  • Right to delete. Request deletion of personal information we have collected, subject to limited exceptions like billing records we must keep for tax law.
  • Right to correct. Ask us to fix inaccurate personal information.
  • Right to opt out of sale or sharing. We do not sell personal information for money. Some advertising activity (such as the Microsoft UET tag) may qualify as "sharing" for cross-context behavioral advertising under the CPRA. You can opt out by adjusting your cookie preferences on our site or by emailing us.
  • Right to non-discrimination. We will not deny you service, charge you a different price, or give you a worse experience for exercising any of these rights.

To exercise these rights email info@flapjackjohnnys.com from the email address on file. We will verify your identity and respond within 45 days.

8. Your GDPR rights (EU and UK residents)

If you are in the European Economic Area, the United Kingdom, or Switzerland you have these rights under the General Data Protection Regulation:

  • Right of access -- to obtain a copy of the personal data we hold about you.
  • Right to rectification -- to have inaccurate or incomplete data corrected.
  • Right to erasure -- to have your data deleted where one of the legal grounds applies.
  • Right to restriction of processing -- to pause our processing while a question is resolved.
  • Right to data portability -- to receive your data in a structured, commonly used, machine-readable format.
  • Right to object -- to object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent -- where we rely on consent, you can withdraw it at any time without affecting the lawfulness of past processing.
  • Right to lodge a complaint -- with your local data protection authority if you believe we have mishandled your data.

Our legal bases for processing are: performance of the contract (delivering the membership and store), consent (for marketing email and non-essential cookies), and legitimate interests (security monitoring, product improvement, and fraud prevention).

9. Children

Our service is intended for adult home cooks. We do not knowingly collect personal information from children under 13 in the United States or under 16 in the EEA. We do not target our marketing to children. If you believe a child has created an account, contact us and we will delete the account and any associated data immediately.

10. Security

We protect data in transit with TLS 1.2 or higher, store passwords using salted hashes, and limit administrative access to a small number of trained team members. No system is perfectly secure, but we work hard to follow modern security practice and we promptly notify affected users if a breach occurs as required by law.

11. International transfers

Our servers are based in the United States. If you access the service from outside the U.S. your information will be transferred to and processed in the U.S. Where required by law we rely on Standard Contractual Clauses or equivalent safeguards for international transfers.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. If we make a material change that affects how we use your data, we will notify active members by email at least 30 days before the change takes effect.

13. Contact

To exercise any privacy right, ask a question, or raise a concern, contact us:

  • Email: info@flapjackjohnnys.com
  • Postal mail: FLAPJACK MEDIA, LLC, 3219 THOMASVILLE ROAD, APT 2D, TALLAHASSEE, FL 32308
  • State of incorporation: Florida

We aim to acknowledge privacy emails within one business day and to resolve verified requests within the time limits set by the law that applies to you.