1. Who we are
Seatly is a wedding planning service. Business details will be updated when the legal entity is formed.
Contact: privacy@useseatly.com
2. What data we collect
- –Account data: name, email, password hash
- –Wedding data: wedding name, date, venue, guest list, table layouts, seating plans
- –Guest data: names, emails, phone numbers, dietary needs, RSVP status
- –Payment data: processed entirely by Stripe — we store only your plan status and Stripe customer ID
- –Uploads: photos uploaded via the memories feature are stored in your own Google Drive — we store only the folder ID and a reference link, not the photos themselves
- –Technical: session cookies, IP addresses (for security), browser type
3. How we use it
- –To provide the service: guest management, seating, exports
- –To send RSVP confirmations to your guests
- –To process payments via Stripe
- –To send account-related emails (verification, password reset)
We do not sell your data. Ever.
5. Data retention & deletion
- –Your account and wedding data is retained while your account is active
- –When you request account deletion, your personal data (name, email, password) is anonymised immediately. The account is then permanently purged within 30 days. The 30-day window exists solely to allow accidental-deletion recovery — you may contact us to cancel it.
- –After deletion we retain a one-way hash (SHA-256) of your email address for up to 7 years. This hash cannot be reversed to reveal your email. It is used solely to prevent fraud (e.g. re-registering to bypass a purchased plan), which is a legitimate interest under GDPR Article 6(1)(f). No other personal data is retained.
- –Purchase history (amount, plan, anonymised user reference) is retained for 7 years for tax and accounting obligations (GDPR Article 6(1)(c)).
- –Stripe payment records are retained per Stripe's own legal requirements (typically 7 years).
6. Your rights (GDPR)
You have the right to: access your data, correct it, delete it, restrict processing, and export it.
- –Delete account: Account → Settings → Data & Privacy → Delete account
- –Data export: Account → Settings → Data & Privacy → Request export
- –Immediate erasure: Email privacy@useseatly.com — we will process within 30 days
Note: We may retain a hashed email and anonymised purchase reference after erasure on legitimate interest grounds (fraud prevention). This does not constitute personal data after hashing and cannot be used to identify you.
8. Security
Data is encrypted in transit (TLS). Passwords are hashed with PBKDF2-SHA256. We do not have access to your Stripe payment details.
9. Children
Seatly is not intended for users under 16.
10. Changes
We'll notify users of material changes by email or in-app notice.