Cookie Policy
Last updated: April 29, 2026
This Cookie Policy describes how SeatLock Inc. ("SeatLock," "we," "us," "our") uses cookies, local storage, session storage, and similar technologies when you access our websites, applications, and related services (collectively, the "Service"). It supplements our Privacy Policy, which explains how we process personal information more broadly. If a term is used here and defined in the Privacy Policy, that definition applies.
1. Scope
This policy applies to visitors and users of SeatLock-operated web properties (including marketing pages, campaign pages, creator and fan dashboards, and authentication flows) where this policy is linked or made available. It covers technologies read or written in your browser or device in connection with those properties.
Some features rely on third-party services (for example payment processing) that may use their own cookies or storage. Where those providers act on our behalf, we describe their role below; their own policies govern additional detail.
2. What Are Cookies and Similar Technologies?
Cookies are small text files placed on your device when you visit a website. They are often categorized as first-party (set by SeatLock or the site you are visiting) or third-party (set by another domain, such as a payment or analytics provider).
Session cookies expire when you close your browser; persistent cookies remain for a period defined by the party that sets them or until you delete them.
We also use local storage and session storagein your browser—mechanisms similar to cookies that let us save small amounts of data on your device. In this policy, when we say "cookies" we include these technologies unless we say otherwise.
Pixels, tags, and SDKs may be loaded as part of analytics or error reporting scripts; they can work together with cookies or storage to recognize your browser over time. We only load non-essential scripts after you consent as described in Section 7.
3. Why We Use These Technologies
We use cookies and similar technologies to:
- Provide core functionality (sign-in, security, checkout, and fraud prevention)
- Remember your cookie choices and certain interface preferences
- Measure product usage and improve the Service when you opt in to analytics
- Diagnose errors and stability issues when you opt in to error reporting (including limited session replay)
We separate strictly necessary uses (required for the Service to operate) from optional uses that require your consent via our cookie banner where applicable law requires consent before non-essential tracking.
4. Categories of Technologies
4.1 Strictly necessary
These technologies are needed for the Service to function, for security, or to comply with obligations (for example processing payments you initiate). They are used based on our legitimate interest in operating a secure service and, where relevant, performing a contract with you. You cannot opt out of these through our cookie banner without losing functionality.
- Authentication and session management. Our authentication and database provider (Supabase) may set cookies or use browser storage so you can remain signed in, refresh sessions safely, and access protected areas. Cookie names and lifetimes are determined by Supabase and your project configuration.
- Payments.When you use Stripe Checkout, Stripe.js, or related flows, Stripe may set cookies or use storage required for fraud prevention, risk assessment, and payment session continuity. See Stripe's cookie documentation for current names and purposes.
- Security, performance, and delivery. Our hosting and infrastructure providers may set cookies or process connection data as part of delivering the site (for example load balancing, DDoS protection, or TLS). Server-side logs may include IP address and request metadata as described in our Privacy Policy.
- Cookie consent record. We store your banner choices in local storage so we do not repeatedly ask for the same selections. This is necessary to respect your preferences.
4.2 Interface and preference storage (first-party)
We save certain UI state in your browser to improve usability. These are first-party, not used for cross-site advertising, and are not shared with analytics vendors unless you separately opt in to analytics.
| Storage key | Technology | Purpose | Duration |
|---|---|---|---|
seatlock_cookie_consent | localStorage | JSON record of your choices for analytics and error tracking (banner) | Until you clear site data for SeatLock |
seatlock-manager-sidebar-collapsed | localStorage | Remembers expanded or collapsed manager dashboard sidebar | Persistent until cleared |
seatlock-studio-sidebar-collapsed | localStorage | Remembers expanded or collapsed Creator Studio sidebar | Persistent until cleared |
seatlock_manager_nouns_card_dismissed | localStorage | Remembers dismissal of an optional dashboard tip card | Persistent until cleared |
seatlock-sound-enabled | localStorage | Stores whether UI sound feedback is enabled (respects reduced-motion) | Persistent until cleared |
seatlock-explore-scroll | sessionStorage | Temporarily saves scroll position on the Explore page when navigating away and back in the same tab | Until the browser tab is closed |
4.3 Analytics (optional — PostHog)
If you accept analyticsin our cookie banner (or enable it under "Manage"), we initialize PostHog on the client. PostHog helps us understand how the Service is used—for example page views, navigation, campaign and checkout funnels, and feature engagement.
- PostHog may set cookies and/or use local storage (for example to distinguish browsers and sessions) as described in PostHog's privacy materials.
- We configure PostHog with manual pageview capture for compatibility with our application framework; events may include URL, campaign identifiers from the page context, and properties we attach in code (such as campaign id, slug, or profile id where relevant).
- For signed-in areas, we may call
identifywith a stable user id and, where applicable, email so analytics can be tied to an account in PostHog—only when analytics is enabled. - Some events (for example confirmation of a completed deposit) may be sent from our servers to PostHog via API. Those server requests do not rely on cookies in your browser but may include identifiers derived from your use of the Service as described in the Privacy Policy.
Default PostHog ingestion may use endpoints such as us.i.posthog.com or a host configured in our deployment. We do not load PostHog on the client until you have made a choice and opted in to analytics.
4.4 Error monitoring and session replay (optional — Sentry)
If you accept error tracking in our cookie banner, we load Sentry on the client to collect error reports, performance traces (sampled), and—where configured—Session Replay. Replay may capture a recording of interactions and DOM state on pages where the SDK is active, which can include on-screen text you see while using the Service. We configure sampling (including replay rates) in our Sentry project settings.
Sentry may use cookies or similar identifiers as described in Sentry's privacy policy. Server-side and edge error reporting may also run for reliability; that processing is governed by our agreements with Sentry and our Privacy Policy.
We do not load the Sentry browser SDK for this purpose until you have opted in to error tracking.
5. Third-Party Providers (Summary)
The following categories of partners may set or read data on your device when you use the Service, subject to the limits above and your consent choices:
| Provider | Role | Typical data / tech | More information |
|---|---|---|---|
| Stripe | Payments, fraud prevention, optional identity verification | Cookies and similar technologies during checkout | Stripe cookie policy |
| Supabase | Authentication, database, realtime features | Session and auth cookies / storage | Supabase privacy |
| PostHog | Product analytics (opt-in) | Cookies, local storage, network requests to PostHog | PostHog privacy |
| Sentry | Error reporting, replay (opt-in on client) | Cookies or identifiers, replay payloads | Sentry privacy |
| Hosting / CDN | Delivery and security of our application | Operational cookies or headers as needed | See Privacy Policy (service providers) |
We do not use third-party advertising cookies to sell your personal information for cross-context behavioral advertising. Transactional email (for example via Resend) does not require marketing cookies on our site for delivery.
6. How You Can Control Cookies and Storage
Cookie banner. On your first visit (or after you clear site data), we show a banner. You can Accept all non-essential options, Reject non-essential, or open Manage to toggle Analytics and Error tracking independently. Your choice is stored locally and a cookie-consent-changed event updates the page so PostHog or Sentry initialize only when allowed.
Browser settings. Most browsers let you block or delete cookies and clear local storage and session storage. If you block strictly necessary cookies, parts of the Service (sign-in, checkout) may not work.
Resetting consent.To see the banner again, clear stored data for our site in your browser (sometimes called "site settings" or "clear browsing data" for a specific origin).
PostHog and Sentry directly. Those vendors may offer additional opt-out or account-level controls; see their policies linked above.
7. Legal Bases and Regional Notice
EEA, UK, and similar jurisdictions. Where the GDPR or UK GDPR applies, we rely on (i) performance of a contract and legitimate interests for strictly necessary technologies; (ii) consent for PostHog analytics and Sentry error tracking/replay on the client, where required. You may withdraw consent at any time by adjusting preferences as described in Section 6; withdrawal does not affect processing before withdrawal.
United States (California and other states). We do not "sell" or "share" personal information for cross-context behavioral advertising through cookies as defined in the CCPA/CPRA. To submit an opt-out or learn more, see our Do Not Sell or Share My Personal Information notice. Additional details about California rights appear in our Privacy Policy.
For any privacy rights requests (access, deletion, etc.), please follow the process in our Privacy Policy.
8. International Transfers
SeatLock is based in the United States. Data collected through cookies and similar technologies may be processed in the U.S. or other countries where we or our subprocessors operate. We implement appropriate safeguards as described in our Privacy Policy where transfers are subject to cross-border rules.
9. Retention
Retention depends on the technology: session cookies expire when you close the browser; persistent cookies and local storage remain until they expire, are overwritten, or you delete them. Analytics and error data held by PostHog or Sentry is retained according to our configuration and their platforms. Financial and operational records tied to payments may be retained longer as required by law, independent of cookie lifetimes.
10. Security
We use reasonable technical and organizational measures to protect the Service. No method of transmission over the Internet is completely secure; you should also protect your device and account credentials.
11. Do Not Track
Some browsers transmit "Do Not Track" signals. There is no consistent industry standard for how to respond. We currently do not respond to all such signals; we rely on our cookie banner and browser controls for optional tracking.
Global Privacy Control (GPC). Distinct from DNT, we DO honor the GPC signal: if your browser sends GPC and you have not yet made a consent choice, we treat it as an opt-out and do not load optional analytics or error tracking. See our Do Not Sell or Share My Personal Information notice for details.
12. Children
The Service is not directed to children under 13, and we do not knowingly use cookies to collect personal information from children under 13 in a manner prohibited by applicable law.
13. Changes to This Policy
We may update this Cookie Policy to reflect changes in law, our practices, or our vendors. We will revise the "Last updated" date for material changes and, where appropriate, provide additional notice (for example a banner or email). Continued use of the Service after changes become effective constitutes acceptance of the updated policy where permitted by law.
14. Contact
Questions about this Cookie Policy or our use of cookies and similar technologies: