Privacy Policy
This Privacy Policy explains how Alexey Ivanov, an individual operating Seatisfy as a sole proprietor based in Georgia (“Seatisfy”, “we”, “us”, or “our”), handles personal data in connection with the Seatisfy wedding seating planner at seatisfy.app and its sync service (the “Service”).
The short version: Seatisfy is private by default. The plans you create live in your own browser and are not sent to us unless you choose to Share them. We do not use analytics, advertising, or tracking cookies, and we self-host our fonts, so simply using the planner does not send your data anywhere. When you Share a plan, it is uploaded to our server so collaborators can edit it; you can delete it again by revoking the link.
1. Our role
Because of how the Service is built, our role under data-protection law depends on what you do:
- For plans you keep on your own device (the default), we do not receive, store, or process the personal data in them at all. You alone determine and control that data.
- For plans you choose to Share, we process the data on your behalf and on your instructions — we act as a processor, and you remain the controller of the guest data in the plan.
- For limited technical information generated by simply connecting to the Service (such as your IP address, handled by our hosting provider), we act as a controller.
2. What data we handle, and when
(a) Data you enter in the planner. You can record information about your event and your guests — for example: guest names and contact details (email, phone, postal address); household, relationship, and seating information; whether a guest is a child or infant; meal choices; and any dietary needs (which may reveal religious practice or health information such as allergies), accessibility needs, notes, or custom fields you add; plus your event name, date, couple names, tables, and any floor-plan image you upload. By default, all of this is stored only in your browser and is never transmitted to us.
(b) Data you choose to share. When you Share a plan, the entire plan — including all of the information in (a) — is uploaded to our sync server and stored there so that anyone with the link (and the password, if set) can view and edit it. The same applies to read-only guest seat-lookup links.
(c) Connection data. Like any website, when your browser connects to us our hosting provider (Cloudflare) automatically processes standard technical information such as your IP address, browser/user-agent, the requested address (which, for a shared plan, includes its link identifier), timestamps, and approximate location derived from your IP. We do not add any application-level analytics, telemetry, or tracking on top of this.
(d) AI assistant data. If you use the optional AI assistant, the messages and plan details you submit are sent through our server to a third-party AI provider (OpenAI) to generate a response, an anti-abuse check (Cloudflare Turnstile) may run, and a random, non-identifying identifier is stored in your browser to apply rate limits. If you do not use the assistant, none of this occurs.
3. You are the controller of your guests’ data
The personal data you enter is about other people — your guests. As between you and us, you decide what to collect and why, so you are the data controller for it, and you are responsible for handling it lawfully. That includes having a lawful basis to process it, giving your guests any information the law requires, and responding to their requests about their own data.
Where you Share a plan, we process that data only as a processor acting on your instructions: we process it only to provide the sharing and sync functionality you have requested; we apply the security measures described below; we will assist you, so far as is technically feasible, in responding to data-subject requests; and we delete the server copy when you revoke the link. We do not use shared-plan data for our own purposes.
Purely personal or household activity (such as planning your own wedding) may fall outside some data-protection obligations for you as an individual, but this does not change our commitments above.
4. Sensitive information and children
The Service does not require sensitive information, but it lets you record details — such as dietary or accessibility needs — that may reveal health or religious information. You decide whether to enter such details and are responsible for having an appropriate lawful basis to do so.
The Service is intended for adults planning an event and is not directed to children. We do not knowingly collect personal data directly from children. The planner does let you record that a guest is a child or infant; that information is data you enter about your guests, for which you are responsible, and it is treated like any other plan data (stored locally, or on our server only if you Share it).
5. How we use data and our legal bases
We use the limited data we handle only to operate and secure the Service:
- to provide the sharing and real-time collaboration you request (for shared plans), and to provide the AI assistant if you use it — this is to perform the service you asked for, and/or based on our and your legitimate interest in a working feature;
- to keep the Service available, prevent abuse, and protect its security (for connection data) — based on our legitimate interests.
We do not sell or rent personal data, we do not use it for advertising or cross-context behavioral profiling, and we do not use it to build profiles of you.
6. Who we share data with (sub-processors)
We do not sell or trade personal data. We rely on a small number of service providers:
- Cloudflare, Inc. — hosts the website and operates the sync server (Workers and Durable Objects) that stores and relays shared plans. This is our core infrastructure provider.
- OpenAI — receives the content you submit to the AI assistant (if you use it) in order to generate responses.
- Cloudflare Turnstile — runs an automated, privacy-respecting abuse check when the AI assistant is used.
Aside from these, we do not use analytics vendors, advertising networks, tracking pixels, or other third-party recipients. If we add a new sub-processor or a new feature that shares data, we will update this Policy and, where required, give notice before it takes effect.
7. International transfers
Our providers operate globally, so data you Share, and connection data, may be processed in countries outside where you live, including the United States. Where required, transfers are protected by appropriate safeguards such as the standard contractual clauses offered by our providers. If you need your data to remain within a particular region, do not use the Share or AI features, or contact us first.
8. Retention and deletion
Plans on your device are kept in your browser until you delete them. You can delete all locally-stored Seatisfy data at any time from the Settings page (“Delete all my data”), by starting a new plan, or by clearing your browser’s site data.
Shared plans are stored on our server until you revoke the link. Revoking permanently and immediately deletes the server-side copy of the plan and its password, disconnects everyone, and makes the link permanently unusable. We do not keep backups of your content.
Revoking deletes our copy, but it cannot erase copies that other participants’ devices may have already cached, or any backup files that were exported. If you want a copy of a plan before revoking, export a backup first.
Connection data is processed and retained by our hosting provider under its own policies and retention schedules, which we do not control. AI rate-limit counters are transient and reset on a rolling basis.
9. Security
We use reasonable technical measures appropriate to the Service: connections use HTTPS/encrypted transport; locally-stored data is isolated to your browser; and a share-link password, if you set one, is stored on our server only as a one-way cryptographic hash (computed with a fixed application-wide prefix) — we never store, and cannot recover, the password itself. Because the hash is not individually salted or key-stretched, choose a strong, unique password for any link you protect.
Please understand the limits of this design. Access to a shared plan is controlled by an unguessable link and an optional password — it is not end-to-end encrypted, and anyone who obtains the link (and password, if set) can access the plan. Treat share links like credentials, share them carefully, and revoke them when you are done. Note also that, for technical reasons, a share-link password may pass through our hosting provider’s request logs in transit, even though we only ever store its hash.
10. Cookies and local storage
We do not use HTTP cookies, tracking pixels, fingerprinting, or analytics. The Service does use your browser’s storage strictly to provide the functionality you have requested, which under e-privacy rules does not require a consent banner. Specifically:
- IndexedDB stores your plan locally so it persists and works offline.
- When you open a shared plan, a local cache of that plan is created on your device so it loads quickly and works offline; it is removed when you leave the shared session or clear your browser data.
- Session storage temporarily holds a share-link password (for the current tab only) so you do not have to re-enter it; it is cleared when the tab closes.
- Local storage holds small functional flags — a record that you accepted these documents, and, only if you use the AI assistant, a random, non-identifying identifier used to apply rate limits. Neither is used to track you.
- A local cache stores the app itself (code, fonts, icons) for offline use — never your plan data.
Our fonts are self-hosted, so loading the Service does not send a request to any font or analytics provider.
11. Your rights
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to the processing of your personal data, to data portability, and to lodge a complaint with a data-protection authority. Because of the Service’s design, you can exercise most of these yourself: your data is in your own browser; “Delete all my data” in Settings erases it; the backup export gives you a portable copy; and revoking a shared link deletes our copy.
For requests about data that guests have asked about: where you entered that data, you are the controller and the request should go to you. We cannot act on requests about data we never receive (plans kept on your device) or that we hold only on your instruction (shared plans). For the limited data we control, or to ask us anything about this Policy, contact us using the details below; we aim to respond within one month.
We do not sell or rent personal data, and we do not use it for advertising or cross-context behavioral profiling. If a privacy law that applies to you (for example, certain U.S. state laws) gives you a right to opt out of the “sale” or “sharing” of personal information, there is nothing to opt out of, because we do not do it.
12. Changes to this Policy
We may update this Policy from time to time. The “Last updated” date above reflects the current version. For material changes affecting how we process shared-plan data, we will take reasonable steps to give notice — for example, an in-app notice — before they take effect.
13. Contact
You can reach the operator, Alexey Ivanov, about privacy at [email protected].