Who is responsible for the data?
Simple Seat Finder is the controller for account, billing, website-security and support information. For a guest list uploaded by an organiser, the organiser normally decides why and how the information is used and is the controller; Simple Seat Finder acts as its processor.
Information we use
- Account email, workspace membership and sign-in records.
- Event details, guest names, tables, RSVP status, tags and notes.
- Optional dietary information entered by the organiser.
- Subscription and purchase identifiers from Stripe, but not card details.
- Hashed search and connection information used to prevent abuse.
- Messages you send to support.
Organisers should upload only information needed to run their event and should avoid sensitive notes. Dietary information can reveal health or religious information, so organisers must have an appropriate lawful basis and give guests suitable privacy information before uploading it.
Why we use it
We use account and event information to provide the service and perform our contract, to secure and improve the service where we have a legitimate interest, and to keep billing or compliance records where the law requires it. We do not sell personal information or use guest lists for advertising.
Public guest lookup
A guest must enter their exact invitation name. The service does not offer a public guest directory. Search queries and connection identifiers are stored only as one-way hashes for rate limiting and are automatically removed after 24 hours.
Who processes information for us?
Our core providers are Supabase (database and authentication, hosted in London), Railway (web hosting), Stripe (payments) and Resend (transactional email). Providers may use approved sub-processors. Where information is transferred internationally, the relevant provider safeguards and data processing terms apply.
How long we keep it
- Active event data remains while the organiser needs the event.
- Archived events and their guest data are automatically deleted after 90 days.
- Hashed guest-search security logs are deleted after 24 hours.
- Expired team invitations are deleted 30 days after expiry.
- Account data is deleted when an eligible customer deletes their account.
- Stripe and legally required transaction records may be retained for the applicable statutory period.
Your rights
Depending on the circumstances, you may ask for access, correction, deletion, restriction, objection or a portable copy. Guests should normally contact their event organiser first because the organiser controls the guest list. You can also emailinfo@simpleseatfinder.com. You may complain to the UK Information Commissioner’s Office atico.org.uk.
Cookies and local storage
We do not use advertising or behavioural analytics cookies. The app uses strictly necessary browser storage for sign-in, workspace selection, security limits and the intentional demo. No consent banner is used because non-essential tracking is not enabled.
Security and incidents
We use encrypted connections, tenant access rules, restricted server functions, exact-name lookup, rate limiting and account-deletion controls. If an incident creates a reportable risk, we will follow applicable breach notification duties and assist organisers with their own obligations.