Privacy Policy
Effective Date: July 7, 2026
SeatWatch ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our automated restaurant reservation booking platform ("Service").
1. Information We Collect
Account Information
When you create an account, our authentication provider Clerk collects and manages the following information:
- Name
- Email address
- Authentication credentials (managed by Clerk)
Resy Credentials
To enable automated booking, you provide your Resy account login credentials. These credentials are:
- Encrypted using AES-256-GCM encryption with a unique initialization vector (IV) per record
- Stored in our database in encrypted form only -- they are never stored in plaintext
- Decrypted exclusively at the time of booking execution, held in worker memory only for the duration of the booking attempt
Payment Information
All payment processing is handled by Stripe. We do not store your credit card numbers, CVV, or other sensitive payment details on our servers. We retain only a Stripe customer identifier to manage your subscription.
Usage Data
We collect information about how you use the Service, including:
- Reservation requests (restaurant, date, party size, time preferences)
- Booking history and outcomes
- Feature usage and interaction patterns
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service operation: Managing your account, processing requests, and maintaining the platform
- Booking execution: Monitoring Resy for availability and executing reservation bookings on your behalf
- Notifications: Sending email notifications about booking status via Resend, and optional SMS notifications for eligible plans
- Billing: Processing subscription payments and managing your plan through Stripe
- Improvement: Analyzing usage patterns to improve Service reliability and features
3. SMS / Text Messaging Program
SeatWatch offers an optional SMS text-messaging feature (the "SMS Program") for eligible subscribers. This section describes how the SMS Program handles your mobile number and your messaging consent.
Consent and Opt-In
We send text messages only to users who have explicitly opted in. To opt in, you enter your mobile number in the SeatWatch web app, verify ownership by entering a one-time code we text to that number, and check an explicit SMS-consent box. No text message is ever sent to a number that has not completed this verification-and-consent flow.
Types of Messages
SMS Program messages are transactional and tied to reservation requests you initiate -- for example, confirmation prompts, clarifying questions, and booking status updates. We do not send marketing or promotional text messages.
Message Frequency, Rates, and Opt-Out
- Frequency: Message frequency varies based on your reservation activity.
- Rates: Message and data rates may apply, depending on your mobile carrier and plan.
- Opt-out and help: Reply STOP to any message to opt out at any time; you will receive a confirmation and no further texts. Reply HELP for assistance, or contact us at support@seat.watch.
No Sharing of Mobile Information
We do not sell, rent, or share your mobile phone number or SMS consent with third parties or affiliates for their own marketing or promotional purposes. Your mobile opt-in information is used solely to operate the SeatWatch SMS Program, and is shared only with our SMS delivery provider, Twilio, acting as our service provider to deliver the messages you have requested.
4. Data Storage and Security
We implement industry-standard security measures to protect your data:
- Database: Your account data is stored in a PostgreSQL database with access controls and encryption at rest for sensitive credentials
- Job queues: Redis is used for background job processing (monitoring and booking tasks). Job data is transient and automatically purged after completion.
- Credential encryption: Resy credentials are encrypted with AES-256-GCM using a server-side encryption key derived via PBKDF2. Each record has a unique IV.
- Transit security: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
5. Third-Party Services
We integrate with the following third-party services to operate the platform. Each service receives only the minimum data necessary for its function:
- Clerk -- Authentication and user management. Processes your name, email, and login sessions.
- Stripe -- Payment processing. Handles subscription billing and payment method storage.
- Resy -- Restaurant reservation platform. Receives your credentials (decrypted at time of use) to check availability and execute bookings.
- Resend -- Email delivery service. Receives your email address to send booking notifications and account updates.
- Twilio -- SMS delivery and phone verification. Receives your mobile number to send the one-time verification code and, if you opt in, your reservation-related text messages. Used solely to deliver the messages you request; not used for its own marketing.
- Railway -- Cloud hosting provider. Hosts our application infrastructure, database, and Redis instances.
- PostHog -- Product analytics and session recording. Receives your account identifier, email address, and subscription plan, the pages you visit and actions you take in the app, session recordings of your app usage, and the text of reservation requests you send us by SMS.
- Sentry -- Error monitoring and diagnostics. Receives diagnostic data about errors and crashes, including your account identifier and IP address, and session recordings of app usage captured when an error occurs.
6. Data Retention
- Active accounts: Your data is retained for as long as your account remains active and is necessary to provide the Service.
- Deleted accounts: Upon account deletion, all your personal data is removed from our systems, including encrypted Resy credentials, reservation history, and account information. Stripe customer data is also cancelled and removed.
- Backup retention: Database backups containing your data may persist for up to 30 days after account deletion before being automatically purged.
7. Your Rights
You have the following rights regarding your personal data:
- Access: You can view your account information, reservation history, and connected accounts through the dashboard at any time.
- Correction: You can update your account information through your account settings or by contacting us.
- Deletion: You can request deletion of your account and all associated data by contacting us or through your account settings.
- Data export: You can request a copy of your personal data in a machine-readable format by contacting us.
8. Cookies and Tracking
We use cookies to keep you signed in and to measure how the Service is used. We do not use them for advertising:
- Session cookies: Clerk uses session cookies to maintain your authenticated state across page visits. These are essential for the Service to function.
- Product analytics and session recording: We use PostHog to understand how the Service is used -- which pages you visit, which actions you take, and how your sessions proceed. This includes session recordings of your visits, which replay what you did in the app. This activity is linked to your account. These analytics are first-party: the data is collected through our own domain and used only to improve SeatWatch. PostHog processes it as our service provider (see Section 5).
- No advertising trackers: We do not use any third-party advertising cookies or advertising trackers. We do not track you across other websites, and we do not sell or share your data with advertisers.
9. Children's Privacy
The Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the "Effective Date" at the top of this page.
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
11. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at privacy@seat.watch.