Privacy Policy
Last updated: July 1, 2026
Seatedly ("we", "us") provides a wedding seating planner at seatedly.app. This policy explains what information we collect, how we use it, and the choices you have.
Information we collect
- Account information: your email address and a securely hashed password. We never store your password in plain text — it is hashed with PBKDF2-SHA256 using a unique random salt per account.
- Guest and event data: the guest names, family side, RSVP status, notes, and table assignments you add to plan your event. This data belongs to you; we store it only to power the seating planner.
- Billing information: if you upgrade to Pro, our payment processor Stripe collects your card details directly on its own secure checkout page. We never see or store your card number — we only keep your Stripe customer and subscription IDs so we can check your plan status.
- Cookies: a session cookie that keeps you signed in and a preference cookie that remembers your language. See "Cookies" below for details.
- Usage analytics: on our public marketing pages we use PostHog (hosted in the EU) to understand which pages and buttons are used. We may also enable Cloudflare Web Analytics in the future. Analytics are aggregated and are not used to identify individual guests.
How we use your information
- To operate your account, events, and seating plans.
- To process payments and manage your subscription via Stripe.
- To keep you signed in and remember your preferences.
- To improve the product based on aggregate usage patterns.
We do not sell your data, and we do not use guest data (names, notes, RSVP status) for advertising.
Cookies
- wedding_session — keeps you signed in. Expires after 7 days, or when you sign out. HttpOnly and secure; cannot be read by page scripts.
- seatedly_lang — remembers your preferred language (English or Turkish). Expires after 1 year.
Both cookies are essential to the app's operation and are not used for advertising or cross-site tracking.
Who we share data with
- Stripe, Inc. — payment processing. Card data goes directly to Stripe and never touches our servers.
- Cloudflare, Inc. — hosting, database, and content delivery for the app.
- PostHog — usage analytics on our public marketing pages only.
We do not sell or rent your personal information to third parties.
Your rights and control
- Export: download your guest list as a CSV file at any time, directly from the app.
- Delete an event: deleting an event permanently removes all of its guests and tables.
- Delete your account: email us at support@seatedly.app and we will delete your account and all associated data within 30 days.
- Access and correction: you can view and update your guest and event data directly in the app at any time.
Data retention
We keep your account and guest data for as long as your account is active. Session tokens expire automatically after 7 days of inactivity. If you delete an event or your account, the associated data is removed as described above.
Security
Passwords are hashed with PBKDF2-SHA256 (100,000 iterations) and a unique salt per account — we never store plain-text passwords. Session cookies are HttpOnly, marked Secure, and restricted with SameSite=Lax. Session tokens are verified using constant-time comparison to guard against timing attacks.
Children
Seatedly is not directed at children under 16, and we do not knowingly collect personal information from them.
Changes to this policy
If we make material changes to this policy, we will update the date at the top of this page.
Contact us
Questions about this policy? Email us at support@seatedly.app.