This is a draft pending legal review. It reflects how Seatful works today and is written to be accurate and plain. Bracketed items marked like [this] are placeholders we will complete before launch.
The short version. You can use Seatful without giving us much at all, and your events stay on your device by default. If you create an account to back up and sync, or publish an RSVP or share page, the data needed for that feature is stored on our backend so it can work across your devices and reach your guests. We do not sell or share your personal information, we do not run advertising, and we do not track you across other apps or websites. You can delete your account and your data at any time.
Who we are
Seatful is provided by Handler Labs LLC ("Seatful", "we", "us", "our"). This policy covers the Seatful iOS app and the seatful.app website and web app, including the guest-facing RSVP, share, and seat-finder pages. You can reach us any time at support@seatful.app. Our postal address is 5510 NW 38th Terrace, Coconut Creek, FL 33073, United States.
If you are in the European Economic Area, the United Kingdom, or Switzerland, our representatives are listed under International users below.
Our role: when we are a processor, and when we are a controller
Most of what you put into Seatful is a guest list and a seating plan that belong to you. For that guest information, you are the controller and we act as your processor: we store and process it on your instructions, to provide the Service to you, and you are responsible for having a lawful basis to collect and use it. We describe your responsibilities in our Terms of Use.
For a few things we act as the controller ourselves: your account (your email), the small amount of data our website needs to run, payments you make to us on the web, and the responses a guest types into a Seatful-hosted RSVP form.
What we handle, and why
Your events and guest lists
Your events, tables, seating, and guest lists are created on your device. A guest entry can include a name, any contact details you choose to add, meal choices, dietary or allergy notes, plus-ones, party groupings, and your table layout and seating. If you do not sign in, this stays on your device and is not sent to us, except when you use a publishing feature described below. If you add a venue photo or floor-plan image as a tracing background, that image is stored only on your device and is never uploaded, exported, or published.
Backup and sync (when you sign in)
If you create an account and turn on backup and sync, your event documents, including the guest information above, are stored on our backend so you can reach them on your other devices and on the web. This is how the same event appears on your phone and at seatful.app. Legal basis: performance of our contract with you.
Your account
To create an account we collect your email address and use it to sign you in with a one-time code or link, and to send you essential service messages. We do not use it for marketing without your consent. Legal basis: performance of our contract with you, and our legitimate interest in securing accounts.
RSVP pages (you choose to publish)
When you publish an event's RSVP page, Seatful stores your guest list and your form settings (such as meal options, a plus-one policy, a deadline, and a welcome message) on our backend so your guests can respond from a link. A guest who opens their link may submit their RSVP status, and optionally a meal choice, dietary or allergy notes, and a plus-one name. For these direct guest submissions we act as a controller alongside you, and the guest-facing page links to this policy. This information is stored on our backend and synced back to your device.
Shared charts and the seat finder (you choose to publish)
If you publish a client share link or a guest seat-finder page, Seatful publishes a read-only view of guest names and their tables to a private link. The seat finder works like the printed seating board at an event entrance: anyone with the link can look up guest names and table numbers, but it never shows contact details, meal choices, dietary notes, or RSVP responses. If you publish your event with a floor plan, the seat-finder page can also show a simple map of the room (table shapes, table numbers, and zone labels); the map never contains guest names or RSVP details. You can revoke or remove these pages at any time.
Payments
Seatful offers a one-time Event Pass and a Pro subscription. On the iOS app these are sold through Apple, who process your payment; we never see your card details, and Apple shares limited purchase and subscription status with the app so it can unlock what you bought. On the web, these are sold through Stripe, who process your payment as our payment provider; we receive confirmation of your purchase and your subscription status, and a customer record, but not your full card number. Legal basis: performance of our contract with you, and compliance with our legal obligations (such as tax and accounting).
Support messages
If you email support@seatful.app, we receive your email address and whatever you write, so we can help you. Legal basis: our legitimate interest in supporting you and keeping records of support requests.
Website technical data
Like any website, our hosting provider processes basic technical request data, such as your IP address, to deliver and secure the site. Legal basis: our legitimate interest in operating a secure, reliable website. See Cookies and local storage.
Sensitive information (dietary and allergy notes)
Dietary and allergy notes can reveal information about a person's health or beliefs, which many laws treat as sensitive or special-category data. We do not ask for it; you or your guest choose to add it so a caterer can plan. If you enter this kind of information about your guests, you are responsible for having the appropriate consent or other lawful basis, as set out in our Terms of Use. On guest-facing RSVP forms, the dietary field is optional. We apply extra care to this information and do not use it for any purpose other than providing the Service.
Who we share data with (our sub-processors)
We do not sell your personal information, and we do not share it for advertising. We use a small number of service providers to operate Seatful, and they may process your data only on our instructions:
- Supabase (database and authentication), United States: stores your account and your synced and published event data.
- Cloudflare (hosting, content delivery, and privacy-first web analytics), United States and global edge: serves this website and the guest-facing pages, provides security, and measures aggregate, cookieless traffic.
- Stripe (payments on the web): processes web purchases and subscriptions.
- Apple (payments and distribution on iOS): processes App Store purchases and distributes the app.
Access to our database is locked down: only Seatful's own server functions can read or write the data, each published event is protected by a private owner token held on your device, and all traffic uses HTTPS.
Where your data is processed (international transfers)
Seatful is operated from the United States, and our providers above store and process data in the United States. If you are outside the United States, your information will be transferred there. Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on the EU-US, UK extension, and Swiss-US Data Privacy Framework where our provider is certified, and on the European Commission's Standard Contractual Clauses (with the UK Addendum or Swiss amendments as applicable) as a safeguard otherwise. You can ask us for more detail at support@seatful.app. [Transfer mechanism per provider to be confirmed with counsel.]
Analytics and usage data
The seatful.app website uses Cloudflare Web Analytics, a privacy-first measurement tool. It counts aggregate traffic, such as page views, the pages visited, referrers, and the country a visit comes from, along with page performance. It does this without cookies, without cross-site tracking, and without collecting personal data or building a profile of you. We use it only to understand how the site performs, and there is no advertising.
The Seatful iOS app does not send analytics off your device. Inside the app we record a few privacy-free product signals on your device (for example, that a paywall was shown), and a single one-tap question about whether you are planning your own event or plan events for others. Those signals stay on your device and contain none of your event contents.
Cookies and local storage
Our marketing pages use no advertising or tracking cookies. The web app keeps you signed in using local storage in your browser, and uses only essential cookies for session and security. Because these are strictly necessary to provide a service you asked for, we do not show a consent banner. Full detail is on our Cookies and local storage page.
How long we keep data
- On-device data stays until you delete it or remove the app.
- Account and synced data stays while your account is active. When you delete your account, we delete your account and the event documents you own, then remove them from our active systems within [30] days, except where we must keep limited records longer (see billing).
- Published RSVP and shared data stays until you remove it from the web or delete the event.
- Billing records (purchase and invoice data) are kept as long as required by tax and accounting law.
- Support messages are kept only as long as needed to resolve your issue and for our records.
Your choices and rights
You control your data directly: edit or delete events and guests in the app, remove any published RSVP or shared data from the web, and delete your entire account and its data from within the app (Account, then Delete account) or by emailing us. Depending on where you live, you also have rights to access, correct, delete, port, restrict, or object to the processing of your personal information, and to withdraw consent. To make a request, email support@seatful.app. We will respond within the time the law allows (for example, within one month under the GDPR). We do not sell or share personal information, and we do not use automated decision-making that produces legal or similarly significant effects.
Region-specific information
European Economic Area, United Kingdom, and Switzerland
The legal bases for our processing are described above. You have the rights listed above and the right to lodge a complaint with your local supervisory authority (for example, the Data Protection Commission in Ireland, the CNIL in France, the AEPD in Spain, the relevant authority in Germany, the Information Commissioner's Office in the UK, or the FDPIC in Switzerland). Our EU representative under Article 27 GDPR is [EU representative name and EEA address]. Our UK representative is [UK representative name and address]. [Swiss representative to be confirmed.]
California
In the past 12 months we have collected the categories of personal information described above (identifiers such as email and name, customer records such as contact details and purchases, and other information you enter, including guest details). We collect it for the business purposes described above, from you and from your use of the Service, and disclose it only to the service providers listed above. We have not sold or shared (for cross-context behavioral advertising) personal information, and we do not. You have the right to know, access, delete, and correct your personal information, and to limit the use of sensitive personal information; we do not use sensitive information except to provide the Service. You may use an authorized agent, and we will not discriminate against you for exercising your rights. To exercise them, email support@seatful.app.
Canada
We handle personal information in line with PIPEDA, and, for Quebec residents, Law 25. Your data is stored and processed in the United States by the providers listed above, under contractual safeguards. You may access or correct your information, and ask about our practices, by contacting our privacy officer at support@seatful.app. Our privacy officer is Brandon Rodrigues. A French-language version of this policy is available for Quebec users.
Australia and New Zealand
We handle personal information in line with the Australian Privacy Principles and the New Zealand Privacy Act 2020. As described above, we disclose personal information to overseas service providers in the United States. You may access or correct your information, or make a complaint, by contacting us; we will also notify you and the relevant regulator of an eligible data breach as required.
Japan
We handle personal information in line with the Act on the Protection of Personal Information (APPI). Our purpose of use is to provide and operate the Service as described above. Because we store data in the United States, we will obtain your consent to the cross-border transfer where required, and provide information about the destination. You may request disclosure, correction, or cessation of use of your personal information by contacting us. A Japanese-language version of this policy is available.
Children
Seatful is intended for adults planning events, and is not directed to children. We do not knowingly collect personal information directly from a child. If you enter information about a guest who is a minor (for example, a child's name and meal on a guest list), you are responsible for doing so lawfully, including any parental consent required where you live. If you believe a child has provided us personal information directly, contact us and we will delete it.
Security
We protect data with HTTPS, database access locked to our server functions, a private per-event owner token, and access controls on our systems. No method of storage or transmission is perfectly secure, but we design to expose as little as possible.
Changes to this policy
If we make material changes, we will update the date at the top of this page and, where appropriate, note it in the app.
Contact
Handler Labs LLC, 5510 NW 38th Terrace, Coconut Creek, FL 33073, United States, support@seatful.app. See also our Terms of Use and Legal notice.