Skip to content
SeatLock

Privacy Policy

Last updated: March 31, 2026

This Privacy Policy describes how SeatLock Inc. collects, uses, and protects your information when you use the Service.

1. Who We Are

SeatLock Inc. operates a pre-booking demand platform for live events.

For privacy-related inquiries, contact: misha@seatlock.app

2. Information We Collect

We collect information you provide directly and information generated by your use of the Service. Below are the specific categories.

A. Deposit and Checkout Data (Fans)

When you place a deposit, we collect the following to process your payment and fulfil campaign obligations:

  • First name and last name
  • Email address
  • Phone number
  • ZIP code
  • Campaign, city, or option selected
  • Deposit amount
  • Stripe payment intent ID (we do not store full card numbers)
  • Optional survey responses (e.g. "How did you hear about this?" and any campaign-specific extra questions)
  • Communication opt-ins: whether you opted in to hear from the Campaign Creator and/or SeatLock

B. Attribution and Referral Data

When you arrive at a campaign page, we automatically capture:

  • UTM parameters (utm_source, utm_medium, utm_campaign) from the link you clicked
  • HTTP referrer URL
  • Referral codes (e.g. from a friend's share link)

This data is tied to your deposit record and used to understand how fans discover campaigns. It is not sold to third parties.

C. Fan Account

If you create a fan account (email + magic link), we store:

  • Email address
  • In-app notification preferences (deposit confirmations, refund alerts, early access, campaign updates)
  • In-app notification history
  • Links between your account and your deposits (so you can view them in one place)

D. Creator Subscriptions

If you opt in at checkout to hear from a Campaign Creator, we store a subscription record containing your email, name (if provided), and the creator you subscribed to. This allows the creator to contact you about future events. You can unsubscribe at any time from your fan settings or via the unsubscribe link in any email we send on a creator's behalf.

E. Early Access Engagement

When a campaign closes and early access emails are sent, we track:

  • Whether you clicked the presale link, and when
  • How many times you clicked

This data is shared with the Campaign Creator in aggregate and per-recipient form so they can follow up with fans who have not yet claimed their presale access. We do not share this data with any other party.

F. Fan Waitlist

If you sign up for the SeatLock fan waitlist, we collect: first name, last name, email, phone number, city, artist name, and genre preferences. This data is used to contact you when relevant campaigns launch.

G. Campaign Creator Accounts

If you create a Campaign Creator account, we collect: email, name, company name, website, and profile details including verticals and social links.

H. Identity Verification (Campaign-Specific)

Some campaigns require identity verification via Stripe Identity. In those cases, Stripe collects and verifies your ID document directly. SeatLock stores only the verification status (e.g. "verified") and a Stripe session identifier. SeatLock does not receive or store copies of your ID document.

I. Analytics and Product Events

We collect product usage data to understand how the Service is used and improve it over time:

  • PostHog — session analytics (pages visited, features used, device and browser info). PostHog is only loaded after you accept analytics cookies via our cookie banner.
  • Aggregate campaign page views — we count the number of times a campaign page is loaded (no PII linked to this count).
  • Internal platform events — structured events such as deposit created, deposit refunded, early-access link clicked, and fan account created. These are logged with a user identifier where available and used for product analytics, operations, and long-term data strategy. PII within these logs is subject to the same retention and deletion rights as other data.

J. Technical Data

We may collect server log data including IP addresses, browser type, device information, pages visited, request timestamps, and error traces. We use Sentry for error monitoring, which is only loaded after you accept the error tracking cookie.

K. Cookies

We use cookies and similar technologies in three categories: Essential (required for the Service to function), Analytics (PostHog, consent-gated), and Error Tracking (Sentry, consent-gated, including sampled session replay when enabled). You can manage your preferences via the cookie banner shown on first visit. See our Cookie Policy for a full inventory of first-party storage keys, vendor summary, regional notices, and controls.

3. How We Use Information

Required for the Service

  • Process deposits, payment intents, and refunds
  • Prevent fraud and enforce our policies
  • Comply with legal, tax, and accounting obligations
  • Respond to support requests

Shared with Campaign Creators (when applicable)

When a city or option is selected and a campaign closes, we share depositor information with the relevant Campaign Creator so they can coordinate presale access and event communication. The data shared includes: email address, first name, last name, phone number, deposit amount, city or option selected, and whether you opted in to creator communications. Campaign Creators are required by our Terms to use this data only for the purpose of the event and not for unrelated marketing.

If you opted in to creator subscriptions, the creator may also contact you about future events.

Marketing and Communications (opt-in only)

  • Sending you SeatLock updates if you opted in at checkout
  • Sending creator-specific communications if you opted in to a creator subscription
  • Fan waitlist notifications when relevant campaigns are available

Product Analytics and Improvement

  • Understanding how campaigns perform and how fans use the platform
  • Improving features and the fan experience
  • Internal data strategy: long-term, purpose-tagged event data is retained to build better tools for artists and fans over time

4. Sharing of Information

We may share information:

(a) With Campaign Creators as described in Section 3, when a campaign closes and early access or presale communication is needed;

(b) With service providers we use to operate the Service, including Stripe (payments and identity verification), Supabase (database and authentication), Resend (transactional email), PostHog (analytics, consent-gated), Sentry (error monitoring, consent-gated), and hosting providers;

(c) If required by applicable law, regulation, or valid legal process;

(d) In connection with a merger, acquisition, financing, or sale of all or a portion of our assets, where your information may be transferred as a business asset.

We do not sell personal information for third-party marketing purposes.

5. California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to:

  • Request disclosure of categories of personal information collected
  • Request deletion of personal information (subject to legal exceptions)
  • Request correction of inaccurate personal information
  • Opt out of the sale or sharing of personal information (SeatLock does not sell personal information)

To exercise these rights, contact us at misha@seatlock.app.

We will not discriminate against you for exercising your privacy rights.

6. Data Retention

We retain different categories of data for different periods based on their purpose:

  • Deposit and payment records — retained for as long as legally required for financial, tax, and refund purposes (typically 7 years), even after account deletion. Campaign and deposit data is anonymized rather than deleted when a user deletes their account.
  • Fan account and notification preferences — retained until you delete your account.
  • Creator subscriptions — retained until you unsubscribe or delete your account.
  • Early access tracking — retained for the duration of the campaign lifecycle; older records may be purged periodically.
  • Fan waitlist — retained until you request removal or the waitlist is closed.
  • Analytics and internal platform events — retained long-term in aggregated or pseudonymous form for product and business analytics. Raw PII within event logs is subject to deletion requests.
  • Server logs and technical data — retained for up to 90 days for security and debugging purposes.

Deletion requests: Fan accounts can be deleted from fan settings. Campaign Creators can delete their account from the dashboard Settings page. To request deletion of any data not covered by self-service tools, contact us at misha@seatlock.app. We will respond within 30 days, subject to applicable legal exceptions.

7. Security

We implement reasonable administrative, technical, and physical safeguards to protect your data. However, no system is completely secure.

8. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

9. International Users

If you access the Service from outside the United States, your information may be transferred to and processed in the United States.

10. Changes

We may update this Privacy Policy from time to time. The "Last updated" date will reflect material changes.

← Back to SeatLock · Terms and Conditions · Cookie Policy