Privacy Policy

1. Who We Are

SeatLock Inc. operates a pre-booking demand platform for live events.

For privacy-related inquiries, contact: support@seatlock.app

2. Information We Collect

We collect information you provide directly and information generated by your use of the Service. Below are the specific categories.

A. Deposit and Checkout Data (Fans)

When you place a deposit, we collect the following to process your payment and fulfil campaign obligations:

• First name and last name
• Email address
• Phone number
• ZIP code
• Campaign, city, or option selected
• Deposit amount
• Stripe payment intent ID (we do not store full card numbers)
• Optional survey responses (e.g. "How did you hear about this?" and any campaign-specific extra questions)
• Communication opt-ins: whether you opted in to hear from the Campaign Creator and/or SeatLock

B. Attribution and Referral Data

When you arrive at a campaign page, we automatically capture:

• UTM parameters (utm_source, utm_medium, utm_campaign) from the link you clicked
• HTTP referrer URL
• Referral codes (e.g. from a friend's share link)

This data is tied to your deposit record and used to understand how fans discover campaigns. It is not sold to third parties.

C. Fan Account

If you create a fan account (email + magic link), we store:

• Email address
• In-app notification preferences (deposit confirmations, refund alerts, early access, campaign updates)
• In-app notification history
• Links between your account and your deposits (so you can view them in one place)

D. Creator Subscriptions

If you opt in at checkout to hear from a Campaign Creator, we store a subscription record containing your email, name (if provided), and the creator you subscribed to. This allows the creator to contact you about future events. You can unsubscribe at any time from your fan settings or via the unsubscribe link in any email we send on a creator's behalf.

E. Early Access Engagement

When a campaign closes and early access emails are sent, we track:

• Whether you clicked the presale link, and when
• How many times you clicked

This data is shared with the Campaign Creator in aggregate and per-recipient form so they can follow up with fans who have not yet claimed their presale access. We do not share this data with any other party.

F. Fan Waitlist

If you sign up for the SeatLock fan waitlist, we collect: first name, last name, email, phone number, city, artist name, and genre preferences. This data is used to contact you when relevant campaigns launch.

G. Campaign Creator Accounts

If you create a Campaign Creator account, we collect: email, name, company name, website, and profile details including verticals and social links.

H. Identity Verification (Campaign-Specific)

Some campaigns require identity verification via Stripe Identity. In those cases, Stripe collects your government-issued ID document and a selfie (facial photograph) to verify your identity. SeatLock stores only the verification status (e.g. "verified") and a Stripe session identifier. SeatLock does not receive or store copies of your ID document or facial image — these are processed and retained solely by Stripe under Stripe's Privacy Policy.

Illinois Biometric Information Privacy Act (BIPA) Notice. If you are an Illinois resident, you are providing written consent — by proceeding with identity verification — to the collection and use of your biometric identifiers (facial geometry derived from your selfie) by Stripe, Inc. for the sole purpose of verifying your identity. Stripe will not sell, lease, trade, or profit from your biometric data. Biometric data is retained only as long as necessary to complete verification and is destroyed in accordance with Stripe's biometric data retention schedule. You may contact us at support@seatlock.app with questions about this collection.

I. Analytics and Product Events

We collect product usage data to understand how the Service is used and improve it over time:

• PostHog — session analytics (pages visited, features used, device and browser info). PostHog is only loaded after you accept analytics cookies via our cookie banner.
• Aggregate campaign page views — we count the number of times a campaign page is loaded (no PII linked to this count).
• Internal platform events — structured events such as deposit created, deposit refunded, early-access link clicked, and fan account created. These are logged with a user identifier where available and used for product analytics, operations, and long-term data strategy. PII within these logs is subject to the same retention and deletion rights as other data.

J. Technical Data

We may collect server log data including IP addresses, browser type, device information, pages visited, request timestamps, and error traces. We use Sentry for error monitoring, which is only loaded after you accept the error tracking cookie.

K. Cookies

We use cookies and similar technologies in three categories: Essential (required for the Service to function), Analytics (PostHog, consent-gated), and Error Tracking (Sentry, consent-gated, including sampled session replay when enabled). You can manage your preferences via the cookie banner shown on first visit. See our Cookie Policy for a full inventory of first-party storage keys, vendor summary, regional notices, and controls.

3. How We Use Information

Required for the Service

• Process deposits, payment intents, and refunds
• Prevent fraud and enforce our policies
• Comply with legal, tax, and accounting obligations
• Respond to support requests

Shared with Campaign Creators (when applicable)

When a city or option is selected and a campaign closes, we share depositor information with the relevant Campaign Creator so they can coordinate presale access and event communication. The data shared includes: email address, first name, last name, phone number, deposit amount, city or option selected, and whether you opted in to creator communications. Campaign Creators are required by our Terms to use this data only for the purpose of the event and not for unrelated marketing.

If you opted in to creator subscriptions, the creator may also contact you about future events.

Marketing and Communications (opt-in only)

• Sending you SeatLock updates if you opted in at checkout
• Sending creator-specific communications if you opted in to a creator subscription
• Fan waitlist notifications when relevant campaigns are available

Product Analytics and Improvement

• Understanding how campaigns perform and how fans use the platform
• Improving features and the fan experience
• Internal data strategy: long-term, purpose-tagged event data is retained to build better tools for artists and fans over time

Aggregated Demand Analytics (Creator-facing)

We maintain aggregated, non-personally-identifiable analytics to help Campaign Creators understand their audience and how their campaigns compare to the broader market. This includes:

• Fan profiles: we maintain an internal aggregate profile per fan email that summarizes deposit counts, spend, and campaign history across SeatLock. This profile is used to power the campaign analytics shown to creators and is never shared in identifiable form.
• Demographic breakdowns: optional demographic data you provide at checkout (age range, gender) — only collected when you consent via the “Share my data” option — may be included in aggregate reports shown to the relevant Campaign Creator. These reports are only shown when at least 20 depositors have responded, and individual buckets below 5 respondents are suppressed. The creator sees counts and percentages, not individual records.
• Referral graph: if you share a campaign link that leads to another fan depositing, a referral edge is recorded between your deposit and theirs within that campaign. The creator can see how many deposits were driven by referral and who their top referrers are (by name or email, consistent with your deposit data already shared with them).
• Market benchmarks: aggregated, campaign-level statistics (median deposits, average revenue, city demand) from closed campaigns are used to produce anonymized benchmark reports. Benchmark data represents at least 5 campaigns and does not contain personal information. Campaigns are only included in benchmarks when the majority of depositors have opted in to data sharing.

4. Sharing of Information

We may share information:

(a) With Campaign Creators as described in Section 3, when a campaign closes and early access or presale communication is needed;

(b) With service providers we use to operate the Service, including Stripe (payments and identity verification), Supabase (database and authentication), Resend (transactional email), PostHog (analytics, consent-gated), Sentry (error monitoring, consent-gated), and hosting providers;

(c) If required by applicable law, regulation, or valid legal process;

(d) In connection with a merger, acquisition, financing, or sale of all or a portion of our assets, where your information may be transferred as a business asset.

We do not sell personal information for third-party marketing purposes.

5. California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to:

• Request disclosure of categories of personal information collected
• Request deletion of personal information (subject to legal exceptions)
• Request correction of inaccurate personal information
• Opt out of the sale or sharing of personal information (SeatLock does not sell personal information)

To submit an opt-out of sale or sharing, or to read more about how we treat the CCPA/CPRA "sale" and "sharing" definitions, see our dedicated Do Not Sell or Share My Personal Information notice. We honor the Global Privacy Control (GPC) browser signal as a valid opt-out.

To exercise other rights, contact us at support@seatlock.app.

We will not discriminate against you for exercising your privacy rights.

6. Data Retention

We retain different categories of data for different periods based on their purpose:

• Deposit and payment records — retained for as long as legally required for financial, tax, and refund purposes (typically 7 years), even after account deletion. Campaign and deposit data is anonymized rather than deleted when a user deletes their account.
• Fan account and notification preferences — retained until you delete your account.
• Creator subscriptions — retained until you unsubscribe or delete your account.
• Early access tracking — retained for the duration of the campaign lifecycle; older records may be purged periodically.
• Fan waitlist — retained until you request removal or the waitlist is closed.
• Analytics and internal platform events — retained long-term in aggregated or pseudonymous form for product and business analytics. Raw PII within event logs is subject to deletion requests.
• Server logs and technical data — retained for up to 90 days for security and debugging purposes.

Deletion requests: Fan accounts can be deleted from fan settings. Campaign Creators can delete their account from the dashboard Settings page. To request deletion of any data not covered by self-service tools, contact us at support@seatlock.app. We will respond within 30 days, subject to applicable legal exceptions.

7. Security

We implement reasonable administrative, technical, and physical safeguards to protect your data. However, no system is completely secure.

8. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

9. International Users

If you access the Service from outside the United States, your information may be transferred to and processed in the United States.

10. Changes

We may update this Privacy Policy from time to time. The "Last updated" date will reflect material changes.