Skip to main content
Back to EventSeating

Privacy Policy

Last updated: May 2025

1. Who We Are

EventSeating (“we”, “us”, “our”) is an event seating and guest management platform operated by Daanish Ali. Our website is eventseating.events. For privacy-related enquiries contact us at privacy@eventseating.events.

2. Information We Collect

We collect the following categories of personal data:

  • Account data: name, email address, and hashed password when you register.
  • Billing data: payment information is processed by Stripe; we store only your Stripe customer ID and subscription status.
  • Event & guest data: names, email addresses, phone numbers, dietary restrictions, and seating assignments you enter for your events.
  • Usage data: server logs including IP addresses and timestamps, used solely for security monitoring and service operation.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases (Article 6 UK/EU GDPR):

  • Contract performance (Art. 6(1)(b)): to create and manage your account, process payments, and deliver the EventSeating service.
  • Legitimate interests (Art. 6(1)(f)): to operate and improve the platform, detect fraud, and ensure security. Our interests are balanced against your rights and do not override them.
  • Legal obligation (Art. 6(1)(c)): where we are required by law to retain certain records (e.g. financial records for tax compliance).
  • Consent (Art. 6(1)(a)): for any optional communications you explicitly opt in to.

4. How We Use Your Information

  • Providing and improving the EventSeating platform.
  • Sending event invitation and day-of emails on your behalf to your guests.
  • Processing subscription payments via Stripe.
  • Detecting and preventing fraud, abuse, and security incidents.
  • Complying with legal obligations.

5. Data Sharing

We do not sell your personal data. We share data only with the following categories of third-party service providers who process it on our behalf under appropriate data processing agreements:

  • Supabase: database hosting (PostgreSQL).
  • Vercel: application hosting and serverless infrastructure.
  • Resend: transactional email delivery.
  • Stripe: payment processing (PCI DSS Level 1 certified).
  • Twilio: optional SMS notifications.

We may also disclose data where required by law or to protect the rights, safety, or property of EventSeating or others.

6. International Data Transfers

Your data is stored on servers located in the United States. If you are located in the EEA or UK, this constitutes an international transfer. We rely on the adequacy decisions and standard contractual clauses provided by our sub-processors (Supabase, Vercel, Resend) to ensure appropriate safeguards are in place.

7. Data Retention

We retain your account and event data for as long as your account is active. You may delete your account at any time from Settings → Delete Account, which permanently removes all your data within 30 days. We may retain anonymised usage statistics and legally required financial records for up to 7 years.

8. Your Rights (GDPR / UK GDPR)

If you are in the EEA or UK, you have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion of your personal data (“right to be forgotten”).
  • Restriction: ask us to limit how we use your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email privacy@eventseating.events. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know: request disclosure of the categories and specific pieces of personal information we collect, use, and share.
  • Right to Delete: request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: request correction of inaccurate personal information.
  • Right to Opt-Out of Sale: we do not sell or share your personal information for cross-context behavioural advertising.
  • Right to Non-Discrimination: we will not discriminate against you for exercising your rights.

To submit a CCPA request, email privacy@eventseating.events with “CCPA Request” in the subject line.

10. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, HTTP security headers (HSTS, CSP, X-Frame-Options), rate limiting on authentication endpoints, and access controls. No system is completely secure; in the event of a breach affecting your rights we will notify you as required by law.

11. Cookies

We use a single session cookie to keep you logged in. We do not use third-party tracking cookies or advertising cookies. No cookie consent banner is required because we use only strictly necessary cookies.

12. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email to registered users. Continued use of EventSeating after the effective date constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions, data access requests, or to exercise your rights, contact us at privacy@eventseating.events.

Terms of Service