Privacy Policy.

This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use the Service, and tells you about your privacy rights and how the law protects you.

We use your Personal Data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account a unique account created for you to access the Service or parts of the Service.
Affiliate an entity that controls, is controlled by, or is under common control with a party.
Application SeatWise — the website, mobile-web experience, and email service provided by the Company.
Business for purposes of CCPA/CPRA, the Company as the legal entity that collects Consumers' personal information.
CCPA / CPRA the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020.
Company (referred to as “the Company”, “We”, “Us”, or “Our” in this Policy) refers to SeatWise, [Mailing address — update before launch]. For purposes of the GDPR, the Company is the Data Controller.
Consumer for purposes of the CCPA/CPRA, a natural person who is a California resident.
Cookies small files placed on your device by a website, containing the details of your browsing history on that website among many uses.
Country Delaware, United States.
Data Controller for purposes of the GDPR, the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Device any device that can access the Service such as a computer, a cellphone, or a digital tablet.
Do Not Track (DNT) a concept promoted by US regulatory authorities for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.
GDPR the EU General Data Protection Regulation.
Personal Data any information that relates to an identified or identifiable individual.
Service refers to the Application and the Website.
Service Provider any natural or legal person who processes data on behalf of the Company. For purposes of GDPR, Service Providers are considered Data Processors.
Usage Data data collected automatically, generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website SeatWise, accessible from https://getseatwise.com.
You the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to:

Email address
First and last name (optional, when provided)
Travel preferences (height, sleep style, frequency of travel, home airports, primary airlines) — only if you choose to fill out the deep profile
Tracked flight information (airline, flight number, date, optional seat assignment, optional companions you invite)
Usage Data (described below)

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as your device's Internet Protocol (IP) address, browser type and version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When you access the Service via a mobile device, we may also collect the type of device, mobile device unique ID, operating system, browser, and similar diagnostic data.

Flight and Aircraft Data

When you save or look up a flight, we send the flight number and date to FlightAware (AeroAPI) to retrieve schedule information, aircraft type, and cabin seat counts. We do not send your name, email, or any other identifying information to FlightAware. The aircraft and seat-map content displayed in the Service is derived from our own research, AeroAPI data, and (in some cases) user-submitted reports.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to authenticate users, remember preferences, and attribute referral signups. We use the following categories of Cookies:

Necessary / Essential Cookies (Session). Authentication and CSRF protection. Required for the Service to function. Set by SeatWise via Supabase.
Functionality Cookies (Persistent). Remember your sign-in state and the referral code you arrived with (sw_ref, 30-day expiry).
Performance / Analytics Cookies (Persistent). Used by Vercel Analytics (privacy-friendly, first-party) to understand traffic patterns and improve the Service. We do not use third-party advertising or behavioral tracking cookies.

You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. If you do not accept Cookies, you may not be able to use parts of our Service that require sign-in.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide and maintain the Service — including monitoring usage, rendering seat maps, delivering alerts, and operating the AI seat advisor.
To manage your Account — registering and authenticating you as a user, granting access to tier-appropriate features.
For the performance of a contract — fulfilling subscription and one-time purchase agreements you enter through the Service.
To contact you — by email regarding changes to your tracked flights, alerts, security notices, and product updates. You can opt out of non-transactional emails via the unsubscribe link in any of those emails.
To run the referral program— attributing new signups to a referrer's code and crediting Pro time to both sides when the referee qualifies.
To manage your requests — responding to inquiries, exercising your data rights, and providing customer support.
For business transfers — evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, in which Personal Data held by us is among the assets transferred.
For other purposes — data analysis, identifying usage trends, determining the effectiveness of promotional campaigns, and evaluating and improving the Service.

We may share your personal information in the following situations:

With Service Providers.See the list below under “Detailed Information on the Processing of Your Personal Data.”
For business transfers. In connection with any merger, sale of Company assets, financing, or acquisition of all or a portion of our business.
With Affiliates. Subject to this Privacy Policy and equivalent confidentiality obligations.
With other users. If you invite a companion to share a tracked flight, we share with that person the flight identifier you tracked and the name you supplied (if any). We do not share your email with the companion.
With your consent. For any other purpose with your consent.

Retention of Your Personal Data

The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, retention of payment receipts for tax purposes), resolve disputes, and enforce our legal agreements and policies.

Server logs and Usage Data are generally retained for up to 90 days unless they are part of an active security investigation. Account data is retained for as long as your account is active; on deletion we remove your profile, preferences, tracked trips, and referral records within 30 days, subject to retention required by law.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. This may include transfers to and processing on servers located outside of your state, province, country, or other governmental jurisdiction. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Policy.

Delete Your Personal Data

You have the right to delete or request that we assist in deleting the Personal Data we have collected about you. You can update, amend, or delete your information at any time by signing in to your account and visiting the account settings section. You may also email hello@getseatwise.com from the address associated with your account.

We may need to retain certain information when we have a legal obligation or lawful basis to do so (for example, records relating to a completed payment).

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose your Personal Data in the good-faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect and defend the rights or property of the Company, (c) prevent or investigate possible wrongdoing in connection with the Service, (d) protect the personal safety of users of the Service or the public, or (e) protect against legal liability.

Security of Your Personal Data

The security of your Personal Data is important to us, but no method of transmission over the Internet, or method of electronic storage, is 100% secure. We use industry- standard practices: TLS for all traffic, encrypted databases at rest, hashed and rotated credentials, and role-based access. We cannot guarantee absolute security.

Detailed Information on the Processing of Your Personal Data

The Service Providers we use may have access to your Personal Data. These third-party vendors collect, store, use, process, and transfer information about your activity on our Service in accordance with their Privacy Policies.

Authentication and Database

Supabase

We use Supabase for user authentication, session management, and our application database. Sign-in is passwordless via one-time email codes. Their Privacy Policy is available at supabase.com/privacy.

Hosting and Analytics

Vercel

The Service is hosted on Vercel. Server logs (including IP addresses and request paths) are processed by Vercel for operational purposes. Privacy Policy: vercel.com/legal/privacy-policy.

Email

Resend

We use Resend (Resend, Inc.) to deliver transactional and product emails. We send Resend the recipient's email address and the email content. Privacy Policy: resend.com/legal/privacy-policy.

Payments

Stripe

All paid subscriptions and one-time purchases are processed by Stripe. SeatWise does not store, see, or have access to your card details — that information is provided directly to Stripe. Their PCI-DSS compliance and Privacy Policy are available at stripe.com/privacy.

Flight Data

FlightAware (AeroAPI)

We use FlightAware's AeroAPI to retrieve aircraft and schedule information for tracked flights. We send the flight number and date you ask about; we do not send any personally identifiable information about you. Privacy Policy: flightaware.com/about/privacy.

AI Seat Advisor

Anthropic

The AI seat advisor (Pro feature) is powered by Anthropic's Claude. Conversations you submit are sent to Anthropic to generate responses. We do not include your email or other identifying information in those requests. Privacy Policy: anthropic.com/legal/privacy.

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

Consent. You have given consent for processing Personal Data for one or more specific purposes.
Performance of a contract. Provision of Personal Data is necessary for the performance of an agreement with you.
Legal obligations. Processing is necessary for compliance with a legal obligation to which the Company is subject.
Vital interests. Processing is necessary to protect your vital interests or those of another natural person.
Public interests. Processing relates to a task carried out in the public interest.
Legitimate interests. Processing is necessary for the purposes of the legitimate interests pursued by the Company.

Your Rights under the GDPR

If you are within the EU/EEA or UK, you have the right to:

Request access to your Personal Data — including a copy of the data we hold about you.
Request correction of incomplete or inaccurate information.
Object to processing where we rely on legitimate interests as the legal basis, or where we process your Personal Data for direct marketing.
Request erasure of your Personal Data when there is no good reason for us to continue processing it.
Request portability in a structured, commonly used, machine-readable format.
Withdraw consent at any time where the legal basis is consent.

To exercise any of these rights, email hello@getseatwise.com. You also have the right to complain to a Data Protection Authority in the EEA.

CCPA / CPRA Privacy Notice (California Privacy Rights)

This section supplements the information in our Privacy Policy and applies solely to visitors, users, and others who reside in the State of California.

Categories of Personal Information Collected

The CCPA/CPRA defines categories of personal information. We have collected information falling within the following categories within the past 12 months. “Yes” means we may have collected from this category; “No” means we have not.

Category A — Identifiers (real name, IP address, email address, account name): Yes.
Category B — Personal information categories listed in Cal. Civ. Code § 1798.80(e) (name, address, telephone number — when provided): Yes.
Category C — Protected classification characteristics: No.
Category D — Commercial information (records and history of purchases, subscriptions): Yes.
Category E — Biometric information: No.
Category F — Internet or other similar network activity (interaction with the Service): Yes.
Category G — Geolocation data: No.
Category H — Sensory data: No.
Category I — Professional or employment-related information: No.
Category J — Non-public education information: No.
Category K — Inferences drawn from other personal information (travel preferences inferred from your tracked flights): Yes.
Category L — Sensitive personal information (account login credentials): Yes.

Sources of Personal Information

Directly from you — forms you complete, preferences you set, and purchases you make.
Indirectly from you — observation of your activity on the Service.
Automatically — through Cookies and server logs as you navigate the Service.
From Service Providers — third-party vendors that help us operate the Service.

Sale and Sharing of Personal Information

We do not sell your personal information in the conventional sense. We do not share your personal information for cross-context behavioral advertising. The Service does not use third-party advertising networks.

Your Rights under the CCPA/CPRA

Right to notice of categories of Personal Data being collected and the purposes of use.
Right to access / know what we collect, the sources, the purposes, and the categories of third parties with whom we share.
Right to opt out of the sale or sharing of personal information. (We don't sell or share — this right is automatic.)
Right to correct inaccurate personal information.
Right to limit use of sensitive personal information.
Right to delete your Personal Data, subject to exceptions.
Right not to be discriminated against for exercising your CCPA/CPRA rights.

To exercise any of these rights, email hello@getseatwise.com from the email associated with your account. We respond within 45 days; this may be extended by an additional 45 days if reasonably necessary.

“Do Not Track” Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track signals. Some third-party websites may keep track of your browsing activities; you can adjust your browser to inform websites that you do not want to be tracked.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date at the top. For material changes we will also notify registered users by email at least 30 days in advance.

Contact Us

If you have any questions about this Privacy Policy, you can contact us:

By email: hello@getseatwise.com
By mail: SeatWise, [Mailing address — update before launch]

Last updated May 7, 2026.

View our Terms of Service →