Privacy Policy

1. Information We Collect

We collect information that you provide directly, information collected automatically when you use the Platform, and information from third-party sources. The categories of personal information we collect include:

1.1 Information You Provide Directly

1.2 Information Collected Automatically

When you access or use the Platform, we automatically collect certain information, including:

• Device Information: Device type, operating system, browser type, screen resolution, and unique device identifiers.
• Usage Data: Pages visited, features used, click patterns, session duration, and referring URLs.
• Log Data: IP address, access times, server logs, and error reports.
• Location Data: Approximate geographic location derived from your IP address.
• Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 4).

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Google OAuth: Name, email address, and profile picture when you sign in with Google.
• Calendar Services: Calendar event data when you link Google Calendar or Microsoft Outlook.
• Payment Processors: Transaction status and payment confirmation from Stripe.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

• Provide and Maintain the Platform: To operate, maintain, and improve the Platform and its features.
• Process Transactions: To process payments, manage subscriptions, and facilitate transactions between merchants and clients.
• Communicate with You: To send transactional emails (booking confirmations, reminders, receipts), respond to inquiries, and provide customer support.
• Marketing: To send promotional communications about new features, special offers, or other information we think you may find interesting (with your consent where required).
• Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and improve the Platform.
• Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Calendar Synchronization: To sync appointments with your linked calendar accounts (Google Calendar, Outlook).

We process your personal information based on the following legal bases: (a) your consent; (b) performance of a contract with you; (c) compliance with a legal obligation; and (d) our legitimate business interests, provided those interests do not override your fundamental rights and freedoms.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

We require all third-party service providers to respect the security of your personal information and to treat it in accordance with applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your activity on the Platform. Cookies are small data files stored on your device that help us improve the Platform and your experience.

4.1 Types of Cookies We Use

4.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of the Platform. You can also manage your cookie preferences through our cookie consent banner displayed when you first visit the Platform.

4.3 Do Not Track

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. We currently do not respond to DNT signals. However, you can opt out of certain tracking as described in this section and through our cookie consent mechanism.

5. Data Security

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction, in compliance with the New York SHIELD Act (N.Y. Gen. Bus. Law § 899-bb). Our security measures include:

• Administrative Safeguards: Designated security personnel, employee training, risk assessments, and vendor management procedures.
• Technical Safeguards: Encryption of data in transit (TLS/SSL) and at rest, secure authentication mechanisms, access controls, intrusion detection, and regular security testing.
• Physical Safeguards: Our infrastructure is hosted on secure cloud platforms with SOC 2 Type II certified data centers.

Payment card data is processed exclusively by Stripe, which is certified as a PCI-DSS Level 1 Service Provider. SuiteSeat does not store, process, or transmit payment card numbers on our servers.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Our general retention periods are:

• Account Data: Retained for the duration of your account plus 30 days after deletion request.
• Transaction Records: Retained for seven (7) years as required by tax and financial regulations.
• Communication Records: Retained for three (3) years after the last interaction.
• Analytics Data: Retained in aggregated, de-identified form indefinitely.
• Server Logs: Retained for ninety (90) days.

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies and applicable law.

7. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. These rights may include:

• Right to Access: Request a copy of the personal information we hold about you.
• Right to Correction: Request that we correct inaccurate or incomplete personal information.
• Right to Deletion: Request that we delete your personal information, subject to certain exceptions.
• Right to Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
• Right to Opt Out: Opt out of the sale or sharing of your personal information (we do not sell personal information).
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within forty-five (45) days, as required by applicable law. We may need to verify your identity before processing your request.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting the information, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information. We do not sell or share your personal information as defined by the CCPA/CPRA.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to what is necessary for the services.

To submit a request, contact us at [email protected] or use the "Do Not Sell or Share My Personal Information" link in the footer of our website. You may also designate an authorized agent to submit a request on your behalf.

In the preceding twelve (12) months, we have collected the following categories of personal information: identifiers, commercial information, internet activity, geolocation data, and professional information. We have not sold any personal information in the preceding twelve (12) months.

9. New York Residents

If you are a resident of New York State, your personal information is protected under the New York SHIELD Act (Stop Hacks and Improve Electronic Data Security Act). Under this law:

• We maintain reasonable safeguards to protect the security, confidentiality, and integrity of your private information, including administrative, technical, and physical safeguards as described in Section 5.
• In the event of a data breach involving your private information, we will notify you and the New York State Attorney General in accordance with N.Y. Gen. Bus. Law § 899-aa, as described in Section 13.
• "Private information" under the SHIELD Act includes your name in combination with Social Security number, driver's license number, account number with security code, biometric information, or username/email with password.

Additionally, under New York General Business Law § 349, we are committed to fair and transparent business practices and will not engage in deceptive acts or practices in the conduct of any business, trade, or commerce in the state of New York.

10. Children's Privacy

The Platform is not directed to children under the age of thirteen (13), and we do not knowingly collect personal information from children under 13, in compliance with the Children's Online Privacy Protection Act ("COPPA"). If we become aware that we have collected personal information from a child under 13, we will take steps to promptly delete such information. If you believe that a child under 13 has provided us with personal information, please contact us at [email protected].

Users must be at least eighteen (18) years of age to create an account on the Platform. Individuals between the ages of 13 and 17 may only use the Platform's public booking features with the consent and supervision of a parent or legal guardian.

11. Third-Party Services

The Platform integrates with and may contain links to third-party websites and services. This Privacy Policy does not apply to third-party services, and we are not responsible for the privacy practices of those services. We encourage you to review the privacy policies of any third-party services you access through the Platform:

• Stripe: stripe.com/privacy
• Google: policies.google.com/privacy
• Microsoft: privacy.microsoft.com
• Resend: resend.com/legal/privacy-policy

12. International Data Transfers

The Platform is operated from the United States. If you access the Platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated. The data protection laws of the United States may differ from those of your jurisdiction. By using the Platform, you consent to the transfer of your information to the United States.

13. Data Breach Notification

In the event of a data breach involving your personal information, we will comply with all applicable breach notification laws, including:

• New York: Notification to affected individuals and the New York State Attorney General, the Department of State Division of Consumer Protection, and the State Police as required by N.Y. Gen. Bus. Law § 899-aa, without unreasonable delay.
• California: Notification to affected California residents as required by Cal. Civ. Code § 1798.82.
• Federal: Compliance with FTC guidelines and any applicable federal breach notification requirements.

Notification will include the nature of the breach, the types of information involved, the steps we are taking to address the breach, and recommendations for affected individuals to protect themselves.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Privacy Policy on this page and update the "Last Updated" date. If we make material changes, we will provide prominent notice, such as by sending you an email notification or displaying a notice on the Platform. Your continued use of the Platform after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: