Privacy

What we collect

We collect and store the following kinds of data, each with its own retention and legal basis:

• Account — Your sign-in identity is managed by Lotl Auth, our authentication service (auth.lotlsoft.com). Lotl Auth stores your email, your name if you provided one, and a hash of your password (argon2id). Sign-in issues a short-lived JWT access token (15 minutes) and a refresh token (30 days). Email verification and password resets go through transactional email (Resend).Stored on our server. Kept until you delete it. Legal basis: contract (needed to run the service). Removable when you delete your account. Shared with: Lotl Auth, Resend.
• Event data — The events you create: name, kind (wedding / brunch / etc), event date, free-text description. Event metadata is shared across collaborators you invite to the same event.Stored on our server. Kept until you delete it. Legal basis: contract (needed to run the service). Removable when you delete your account.
• Guest data — The people you add to your event: display names, optional household / friend group, RSVP state, dietary tags, accessibility tags, free-text notes you attach. Guests are entries you manage on behalf of your event — they aren't signed-in users themselves. Treat the notes field with care; assume the people you write about could read it one day.Stored on our server. Kept until you delete it. Guest entries are kept while the event exists. Deleting the event removes the guest list. Individual guests can be deleted at any time. Legal basis: contract (needed to run the service). Removable when you delete your account.
• Seating arrangements — Your chart artefacts: tables, seat assignments, pinned guests, constraints (must-near / must-apart / must-on-table), groups, and the auto-arrange solver state. Stored against the event so you can re-open it.Stored on our server. Kept until you delete it. Legal basis: contract (needed to run the service). Removable when you delete your account.
• Collaborators and invitations — Who you invited to plan with you, the role you gave them (editor / viewer), and the invitation tokens. Collaborators see the same event data you do.Stored on our server. Kept until you delete it. Legal basis: contract (needed to run the service). Removable when you delete your account. Shared with: Resend.
• Payments — Payments are handled by Lotl Pay, our payment service (pay.lotlsoft.com), which proxies to Stripe (and Ko-fi for donations). Lotl Pay stores payment records (amount, currency, status, Stripe / Ko-fi transaction id, your user id and email), subscription state, and product metadata. Card numbers go directly to Stripe Checkout and never reach our servers. Project-specific: SeatWeaver uses Lotl Pay for one-shot event-tier purchases and the annual plan. Purchase records are kept for tax and dispute resolution even after account deletion.Stored on our server. Kept permanently. Purchase records are kept for tax and dispute-resolution reasons even after account deletion. Legal basis: contract (needed to run the service). Not individually deletable. Shared with: Stripe.
• Usage telemetry — Anonymous usage events, performance gauges, and error reports are sent to Lotl Observe, our observability service (observe.lotlsoft.com). Lotl Observe stores error messages, stack traces, request URLs, user-agent strings, telemetry events, and per-event metadata. It does not store the contents of your application data. We process this under legitimate interests: Lotl Observe is in-house, no third-party analytics or session replay is involved, and identifiers are pseudonymous. Account deletion removes your associated telemetry. Project-specific: telemetry doesn't include your guest names or seat assignments.Stored by a third-party processor. Held briefly during the request and discarded. Crash and performance data are kept for 90 days; product-interaction analytics for 30 days. Legal basis: legitimate interests. Removable when you delete your account. Shared with: Lotl Observe.

What we don't collect

We deliberately don't collect or store any of these:

• Card numbers (Stripe Checkout handles them; they never touch our servers)
• Behavioural fingerprinting, session replay, or third-party tracking pixels
• Any data about your guests beyond what you type into SeatWeaver yourself

Cookies

We don't use cookies for tracking. We use localStorage to keep you signed in and remember UI preferences (theme, last-opened chart).

Third parties

These external services receive some of your data:

• DigitalOcean — server hosting for the SeatWeaver service
• Resend — collaborator invitation email
• Stripe — payment processing for event-tier and annual plans

Where your data is stored

SeatWeaver runs on DigitalOcean's Sydney region; your event and guest data stays in Australia. Stripe processes payments in their region. Resend delivers collaborator-invitation emails through Amazon SES infrastructure.

Children's data

SeatWeaver is intended for adults planning events. The guest list you create may include minors (eg. children invited to a wedding) — that's data you control. We don't knowingly collect personal data directly from anyone under 16, and SeatWeaver isn't marketed to children.

If something goes wrong

If we ever discover a data breach affecting your account or events, we'll email you within 72 hours and tell you what was accessed and what we're doing about it. Owners and editors of any affected event are notified together.

Your rights

You can export every event you own (Settings → Export, or per-event JSON / CSV downloads) and delete your account from Settings. Deletion cascades through events, people, groups, constraints, charts, tables, seat assignments, collaborations, and feedback. Purchase records are retained for tax and dispute reasons. Co-editors on events you own can keep working on cloned copies you've explicitly transferred; orphaned events are removed.

Contact

Questions about privacy? Email privacy@lotlsoft.com.

Last updated: 2026-05-27 · Version 2026.05.10.