Privacy Policy
Effective date: March 27, 2026
1. Introduction
This Privacy Policy explains how Parklife, Inc. ("Company", "we", "us", or "our") collects, uses, shares, and protects personal data when you use the SeatSquirrel platform ("Service") at seatsquirrel.com and related services.
2. Data We Collect
2a. Account holders (organizers and team members)
- Identity: Name, email address, encrypted password (for email/password sign-up), profile image.
- Authentication credentials: Tokens from Google or Microsoft when you sign in via those services.
- Organization data: Organization name, logo, member roles, and domain access settings.
- Layout and event data: Venue layouts, event configurations, pricing, and booking data you create.
- Activity logs: Actions you take within the Service (e.g., creating layouts, inviting members).
- Device and network: IP address, user agent, and session information.
2b. Registrants and guests (no account required)
- Identity: Name and email address as provided during the booking flow.
- Booking data: Seat selections, pricing category, and reservation details.
- Device and network: IP address collected via the session or API request.
2c. Self-hosted telemetry
Self-hosted deployments of SeatSquirrel may send anonymous usage statistics (e.g., feature usage counts, deployment type) to our servers. This data contains no personal information and is used solely to improve the product. Telemetry can be disabled by setting window.SeatSquirrelConfig.telemetry = false.
2d. Automated collection
- Error tracking: We use Sentry to capture error reports, which may include stack traces, request URLs, and browser metadata.
- Cookies: Session-based authentication cookies (see Section 7).
- Consent records: When you accept our Terms of Service or Privacy Policy, we record the acceptance timestamp, document version, and your IP address.
3. Data Controller and Processor Roles
Applicable data protection laws (including the GDPR) distinguish between data controllers (who determine the purposes and means of processing) and data processors (who process data on behalf of a controller).
- Account holder data: Parklife is the data controller for the personal data of account holders (organizers and team members) collected through the Service.
- Registrant and guest data: When an organizer uses SeatSquirrel to create events and collect registrant or attendee personal data (names, emails, booking details), the organizer is the data controller for that data. Parklife processes it on the organizer's behalf as a data processor. Organizers are responsible for maintaining their own privacy notices informing registrants how their data is processed.
- Self-hosted deployments: When you deploy the self-hosted version, you are the data controller for all personal data processed by the software. See our Terms of Service (Section 7) for details.
Organizers who require a Data Processing Agreement (DPA) can request one at support@seatsquirrel.com.
4. How We Use Your Data
- Service delivery: To operate, maintain, and improve the SeatSquirrel platform.
- Authentication: To verify your identity and manage sessions.
- Communications: To send transactional emails (booking confirmations, invitations, password resets) via our email provider.
- Billing: To process payments and manage subscriptions via Stripe.
- Error monitoring: To detect, diagnose, and fix bugs via Sentry.
- Security: To detect and prevent unauthorized access, fraud, and abuse.
- Legal compliance: To comply with applicable laws, regulations, and legal processes.
5. Third-Party Processors
We share personal data with the following categories of service providers, solely for the purposes described above:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing |
| Resend | Transactional email delivery |
| Vercel | Hosting, CDN, and serverless compute |
| Neon | Database hosting (PostgreSQL) |
| Sentry | Error monitoring and reporting |
| Google / Microsoft | OAuth social sign-in |
We require our third-party processors to protect personal data through appropriate contractual and technical safeguards. However, we are not liable for the independent acts or omissions of third-party providers beyond the scope of our agreements with them. We encourage you to review the privacy policies of any third-party services you interact with through SeatSquirrel.
We do not sell your personal data to third parties. We do not share personal data for advertising purposes.
6. Legal Basis for Processing (GDPR)
For users in the EU/EEA/UK, we process personal data under the following legal bases:
- Contract performance: Processing necessary to provide the Service you requested.
- Legitimate interests: Security, fraud prevention, product improvement, and error monitoring.
- Consent: Where you have given explicit consent (e.g., accepting these terms at sign-up).
- Legal obligation: Where processing is required to comply with applicable law.
7. Cookies and Sessions
SeatSquirrel uses session-based authentication cookies to keep you signed in. These are strictly necessary for the Service to function and do not track you across other websites.
We do not use third-party tracking cookies, advertising cookies, or analytics cookies.
8. Data Retention
- Account data: Retained for as long as your account is active. Upon account closure, personal data is deleted within 30 days, except where retention is required by law.
- Registrant/guest data: Retained for as long as the associated event exists. When an event is deleted, associated registrant data is deleted via cascading deletion.
- Activity logs: Retained for up to 24 months for security and auditing purposes.
- Consent records: Retained for the lifetime of your account plus 3 years for compliance evidence.
- Error reports (Sentry): Automatically expire per Sentry's retention policy (typically 90 days).
- Backups: Deleted data may persist in encrypted backups for up to an additional 30 days after deletion.
9. US Privacy Rights (CCPA / CPA)
If you are a resident of California, Colorado, Connecticut, Virginia, or another US state with applicable privacy legislation, you have the following rights:
- Right to know: You can request a copy of the personal data we hold about you.
- Right to correct: You can request correction of inaccurate personal data.
- Right to delete: You can request deletion of your personal data.
- Right to opt-out of sale: We do not sell personal data, so there is nothing to opt out of.
- Non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, contact us at support@seatsquirrel.com.
10. GDPR Rights (EU/UK Users)
If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation:
- Access: Request a copy of your personal data.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Restriction: Request restriction of processing in certain circumstances.
You also have the right to lodge a complaint with your local data protection supervisory authority.
To exercise these rights, contact us at support@seatsquirrel.com.
11. Children's Privacy
The Service is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child under 16 has provided us with personal data, please contact us at support@seatsquirrel.com.
12. International Data Transfers
Your data is stored and processed in the United States. If you are located outside the US, your data will be transferred to the US for processing. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards for international data transfers where required by applicable law.
13. Data Security
We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encrypted database connections, secure authentication practices, and regular security reviews. However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security and are not liable for unauthorized access, disclosure, or loss of data that occurs despite our reasonable security measures. You acknowledge that the transmission of data over the internet carries inherent risks.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.
15. Contact
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
Parklife, Inc.
4283 Express Lane, Suite 146-972
Sarasota, FL 34249, USA
Email: support@seatsquirrel.com