Privacy Policy

Privacy Policy

Last updated: January 2025

1. Data Controller

SEEAT.app LTD. is the data controller for personal data collected through seeat.app. Contact: service@seeat.app

2. Data We Collect

  • Account data: Email address, display name, profile picture (via Google OAuth), country, gender (optional)
  • Location data: Approximate geographic coordinates used only for restaurant search queries — not stored persistently
  • Usage data: GA4 events (anonymised IP addresses), page views, feature interactions
  • Restaurant data: Google Place IDs, seat counts, seat update history
  • Payment data: Paddle transaction IDs — no card numbers or financial details are stored on our systems
  • Push notification endpoints: Web Push subscription endpoints, public keys
  • Reservation data: Guest name, phone (optional), guest count, date/time

3. How We Use Your Data

  • Providing and improving the Service
  • Processing restaurant registrations and reservations
  • Sending push notifications you have opted into
  • Fraud prevention and security
  • Aggregate analytics (GA4)
  • Compliance with legal obligations

4. Data Sharing

We share data only with the following third parties:

  • Google Places API: Geographic coordinates and search queries for restaurant discovery
  • Paddle.com Market Limited: Payment processing (acts as Merchant of Record)
  • Supabase: Database and authentication infrastructure (hosted on AWS)
  • Google Analytics 4: Anonymised usage analytics

We do not sell personal data to third parties.

5. Cookies and Tracking

  • Supabase session cookie: Required for authentication — functional
  • NEXT_LOCALE cookie: Remembers your language preference — functional
  • GA4 cookies: Analytics tracking — requires consent where mandated by law

6. Data Retention

  • Points transactions: 7 years (financial record requirements)
  • Seat reports / audit log: 2 years
  • Reservations: 2 years after the reservation date
  • Push subscriptions: deleted when account is deleted or user unsubscribes
  • Account data: retained until account deletion request

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict processing. To exercise these rights, email service@seeat.app.

EU/EEA residents may lodge a complaint with their local supervisory authority.

8. Security

We implement industry-standard security measures including TLS encryption in transit, row-level security in our database, and HMAC-verified webhook endpoints. No method of transmission over the internet is 100% secure.

9. Children

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13.

10. Changes to This Policy

We may update this Privacy Policy at any time. Continued use after the "Last updated" date constitutes acceptance of the changes.

11. Contact

Data privacy inquiries: service@seeat.app