Privacy Policy

Effective Date: March 9, 2026

SeatWatch ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our automated restaurant reservation booking platform ("Service").

1. Information We Collect

Account Information

When you create an account, our authentication provider Clerk collects and manages the following information:

  • Name
  • Email address
  • Authentication credentials (managed by Clerk)

Resy Credentials

To enable automated booking, you provide your Resy account login credentials. These credentials are:

  • Encrypted using AES-256-GCM encryption with a unique initialization vector (IV) per record
  • Stored in our database in encrypted form only -- they are never stored in plaintext
  • Decrypted exclusively at the time of booking execution, held in worker memory only for the duration of the booking attempt

Payment Information

All payment processing is handled by Stripe. We do not store your credit card numbers, CVV, or other sensitive payment details on our servers. We retain only a Stripe customer identifier to manage your subscription.

Usage Data

We collect information about how you use the Service, including:

  • Reservation requests (restaurant, date, party size, time preferences)
  • Booking history and outcomes
  • Feature usage and interaction patterns

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service operation: Managing your account, processing requests, and maintaining the platform
  • Booking execution: Monitoring Resy for availability and executing reservation bookings on your behalf
  • Notifications: Sending email notifications about booking status via Resend, and optional SMS notifications for eligible plans
  • Billing: Processing subscription payments and managing your plan through Stripe
  • Improvement: Analyzing usage patterns to improve Service reliability and features

3. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Database: Your account data is stored in a PostgreSQL database with access controls and encryption at rest for sensitive credentials
  • Job queues: Redis is used for background job processing (monitoring and booking tasks). Job data is transient and automatically purged after completion.
  • Credential encryption: Resy credentials are encrypted with AES-256-GCM using a server-side encryption key derived via PBKDF2. Each record has a unique IV.
  • Transit security: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.

4. Third-Party Services

We integrate with the following third-party services to operate the platform. Each service receives only the minimum data necessary for its function:

  • Clerk -- Authentication and user management. Processes your name, email, and login sessions.
  • Stripe -- Payment processing. Handles subscription billing and payment method storage.
  • Resy -- Restaurant reservation platform. Receives your credentials (decrypted at time of use) to check availability and execute bookings.
  • Resend -- Email delivery service. Receives your email address to send booking notifications and account updates.
  • Railway -- Cloud hosting provider. Hosts our application infrastructure, database, and Redis instances.

5. Data Retention

  • Active accounts: Your data is retained for as long as your account remains active and is necessary to provide the Service.
  • Deleted accounts: Upon account deletion, all your personal data is removed from our systems, including encrypted Resy credentials, reservation history, and account information. Stripe customer data is also cancelled and removed.
  • Backup retention: Database backups containing your data may persist for up to 30 days after account deletion before being automatically purged.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: You can view your account information, reservation history, and connected accounts through the dashboard at any time.
  • Correction: You can update your account information through your account settings or by contacting us.
  • Deletion: You can request deletion of your account and all associated data by contacting us or through your account settings.
  • Data export: You can request a copy of your personal data in a machine-readable format by contacting us.

7. Cookies and Tracking

We use cookies strictly for essential service functionality:

  • Session cookies: Clerk uses session cookies to maintain your authenticated state across page visits. These are essential for the Service to function.
  • No advertising trackers: We do not use any third-party advertising cookies, tracking pixels, or analytics services that profile your behavior across other websites.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the "Effective Date" at the top of this page.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at privacy@seat.watch.