OpenSeats is operated by Yemma Labs for the purpose of helping organizers create private lock-in links, collect real yeses, and coordinate plans after they are locked.

This policy applies to OpenSeats on web, iOS, Android, and related support or update-capture pages.

We describe the personal information we collect by category and example. The exact information depends on how you use OpenSeats, the choices you make, and the features available to you.

Account and profile information: information used to create, authenticate, identify, and personalize your account, such as contact details, sign-in information, profile content, and settings you provide.

Plan information: information used to create, share, join, manage, and complete private lock-in links, such as plan details, organizer instructions, participation responses, notes, timing, location context, and related operational records.

Messages and coordination information: content and metadata needed to support locked chats, plan coordination, safety reports, blocking, moderation, shared memories, and any photos or media you choose to send if those features are enabled.

Contacts information: if you allow contacts access, OpenSeats uses contact data only for matching and invite-related features. Where supported, phone values are hashed before matching. We do not store your address book, and raw contact lists or phone numbers should not be sent to analytics, diagnostics, QA notes, public docs, or unrelated marketing.

Location and weather information: if a plan uses location or weather features, OpenSeats may process location context and forecast information needed to show or coordinate that plan.

Device, notification, and usage information: technical and activity information used for security, delivery, analytics, diagnostics, reliability, notifications, and product improvement, such as app/browser metadata, preferences, events, errors, and referral or campaign context.

Support and update-capture information: information you choose to send through support, feedback, contact, waitlist, or update forms, including messages and troubleshooting details.

We use information to create and manage accounts, create private lock-in links, record in/out answers, process organizer approvals, open locked chat, send transactional email and push notifications, provide support, prevent abuse, debug errors, and improve reliability.

We use analytics to understand whether people can find, create, share, and complete lock-in links. Analytics should not include private message bodies, OAuth codes, access tokens, refresh tokens, passwords, payment card data, or full contact lists.

We may use support and operational records to investigate bugs, safety issues, spam, account access problems, delivery failures, and requests to access, correct, or delete data.

OpenSeats uses Supabase for authentication, database, realtime, storage where enabled, and backend functions; Cloudflare for web hosting, security, and deployment; Expo/EAS for mobile builds and push notification delivery; Resend for email; PostHog and Google Analytics for analytics; Google Search Console for search visibility; and Sentry for error monitoring.

Google and Apple may process information when you use those sign-in methods. Open-Meteo or another weather provider may be used for forecast features. Twilio may be added later if phone codes or SMS reminders are enabled.

We may disclose information when needed to comply with law, protect users, investigate abuse or security issues, complete a business transfer, or enforce these terms. We do not sell personal information.

Private lock-in links are intended for people who have the link, but anyone with the link may be able to open the shared plan surface. Do not put highly sensitive information in a plan title, note, or location.

Joiners do not see the full response list before they are in. Organizers can see names, contact details, answers, notes, and no-reply status needed to manage the plan.

Locked chat and memories are intended for the locked crew and organizer. Access may change if someone drops, is removed, or no longer qualifies for the locked plan.

You can request access, correction, deletion, or help with your account by emailing [email protected] from the email address tied to your OpenSeats account. Use the subject line "OpenSeats privacy request" so it is routed correctly.

Depending on where you live, you may have additional rights to know, access, correct, delete, port, or limit certain uses of personal information. We will respond to privacy requests as required by applicable law.

You can decline contacts, location, push notifications, or marketing/update messages where those controls are available. Transactional messages may still be sent when needed for account access, security, or plan coordination.

We keep information for as long as needed to operate OpenSeats, provide support, maintain security, understand product usage, comply with legal obligations, and preserve records that involve more than one person.

Account deletion requests may delete, anonymize, or detach profile data. Some plan, message, safety, audit, or operational records may be retained in limited form when needed for security, abuse prevention, legal compliance, dispute handling, or the rights of other users.

We use reasonable technical and organizational safeguards, including provider-managed authentication, row-level access controls, encrypted transport, access-limited operational tools, and production credential controls.

No internet service can guarantee perfect security. Please do not send passwords, one-time codes, payment card numbers, or sensitive documents through OpenSeats support email.

OpenSeats is not intended for children under 13. If you believe a child under 13 provided personal information, contact [email protected] so we can review and remove it where required.

We may update this policy as OpenSeats changes. The updated date shows when the current version took effect.

Questions or privacy requests should be sent to [email protected].