Privacy Policy

This Privacy Policy describes how SeatSidekick ("we," "us," or "our") collects, uses, and shares information when you use seatsidekick.com (the "Service"). SeatSidekick operates from the United States.

By using the Service, you agree to the practices described in this policy. If you do not agree, do not use the Service.

1. Information We Collect

Information you provide directly

• Email address, when you create an account, sign in, or set up alerts.
• Watchlist and alert preferences, including which matches you follow, alert thresholds (e.g., price targets), and notification preferences.
• Supporter email, if you purchase the Early Bird Alerts unlock through Buy Me A Coffee. We receive the email address you used at checkout from Buy Me A Coffee in order to associate the unlock with your account.

Information collected automatically

• Authentication and session data (managed by Supabase), including session tokens stored as cookies.
• Server logs (managed by Vercel), including IP address, user agent, request paths, and timestamps. These are retained by Vercel per their data retention policies and used for security, debugging, and abuse prevention.
• Aggregate analytics (via Vercel Analytics), including page views, referrers, country-level location, device type, and browser. Vercel Analytics is privacy-focused, does not use cookies, and does not track users across sites.

Information we do not collect

• We do not collect your name, phone number, address, or payment card details.
• We do not collect biometric information.
• We do not collect information from social media accounts.
• We do not knowingly collect information from children under 13.

2. How We Use Information

We use the information we collect to:

• Operate the Service and provide the features you request, including delivering price and availability alerts.
• Authenticate your account and prevent unauthorized access.
• Apply paid features to your account when you complete a purchase through Buy Me A Coffee.
• Communicate with you about your account, alerts, and material changes to the Service.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

We do not sell your personal information. We do not use your information for advertising or remarketing.

3. How We Share Information

We share information only with the following service providers, each acting as a sub-processor on our behalf:

• Supabase (database, authentication). Privacy policy.
• Vercel (hosting, edge functions, server logs, analytics). Privacy policy.
• Resend (transactional email delivery). Privacy policy.
• Buy Me A Coffee (payment processing for paid unlocks). Privacy policy.

We may also disclose information if required by law, subpoena, or court order, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We do not share your information with advertisers or data brokers.

4. Cookies and Tracking

We use a small number of cookies, all first-party and necessary for the Service to function:

• Authentication cookies set by Supabase to keep you signed in.
• Functional cookies (if any) used to remember UI preferences within a session.

We do not use advertising cookies, third-party tracking pixels, or remarketing tags. Vercel Analytics is cookieless.

We do not currently respond to "Do Not Track" browser signals because there is no industry consensus on how to interpret them. Because we do not engage in cross-site tracking, this has no practical effect on your privacy.

5. Data Retention

• Account data (email, watchlist, alert rules) is retained for as long as your account is active. You may delete your account at any time by emailing hello@seatsidekick.com.
• Alert delivery records (metadata only: rule, timestamp, status) are retained for up to 12 months for debugging and abuse prevention.
• Server logsare retained per Vercel's standard retention.
• Payment records received from Buy Me A Coffee are retained as required for tax and accounting purposes.

When you delete your account, we delete or anonymize your personal information within 30 days, except where retention is required by law.

6. Your Rights

If you are in California (CCPA / CPRA)

You have the right to:

• Know what personal information we collect, use, and share about you.
• Access the specific pieces of personal information we hold about you.
• Delete your personal information, subject to legal exceptions.
• Correct inaccurate personal information.
• Opt out of "sales" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA.
• Limit use of sensitive personal information. We do not collect sensitive personal information.
• Non-discrimination for exercising these rights.

To exercise any of these rights, email hello@seatsidekick.com from the address associated with your account. We will respond within 45 days.

If you are in the EU, UK, or EEA (GDPR / UK GDPR)

You have the right to:

• Access your personal data.
• Rectify inaccurate data.
• Eraseyour data ("right to be forgotten").
• Restrict or object to processing.
• Data portability: receive your data in a machine-readable format.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with your local data protection authority.

Legal basis for processing. We process your data on the following bases:

• Contract: to provide the Service you have signed up for.
• Legitimate interests: to operate, secure, and improve the Service, and to prevent fraud and abuse.
• Consent: where you have opted in (e.g., to receive alert emails).
• Legal obligation: where required by law.

International transfers. Our service providers may process data in the United States. Where applicable, transfers are made under Standard Contractual Clauses or equivalent mechanisms maintained by those providers.

To exercise any of these rights, email hello@seatsidekick.com.

7. Children

The Service is intended for adults. We do not knowingly collect personal information from children under 13 (or under 16 in the EU/UK). If you believe a child has provided us with information, contact hello@seatsidekick.com and we will delete it.

8. Security

We use industry-standard measures to protect your information, including encrypted connections (TLS), encrypted storage at rest through our database provider, and access controls. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

If we discover a data breach affecting your personal information, we will notify you and applicable authorities as required by law.

9. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, notify you by email. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

10. Contact

For any questions about this Privacy Policy or to exercise your rights, contact:

hello@seatsidekick.com