Legal
Privacy Policy
Last updated: 6 July 2026
What we hold, why we hold it, and how to get it corrected or deleted. Plain English on purpose.
1. Who's responsible for your data
SEA SEA DM LTD (company number 17230391, registered in England and Wales) runs seasea.io and is the data controller for the personal data described here. We're a small company - questions go straight to the founder at hello@seasea.io.
2. What we collect
Business owners: your account details (name, email, password - stored hashed by our auth provider), everything you put on your page (business details, phone and WhatsApp numbers, photos, videos, documents, prices, opening hours, location or coverage area), your billing details when paid plans start (handled by Stripe - we never see your card number), and usage records such as when you signed up, confirmed your email and accepted the terms.
Members (customer accounts): your email, optional first name, the businesses you follow, and any reviews you leave. Businesses you follow see follower counts, never your email.
Visitors to business pages: we count page views with their source (QR poster, shared link, direct) so owners can see what's working. This analytics is aggregate - the page owner sees numbers, not identities.
Booking requests: when a visitor sends a booking request, we collect the name, phone number and message they chose to give and pass them to the business. We hold that request on the business's behalf so the owner can follow it up; the business is responsible for what it does with those details afterwards. Want a request you sent removed? Email us and it's deleted.
Service records: standard technical logs (for security and debugging), audit records of account actions, AI usage counts, and error reports. If we've contacted your business as a sales prospect, we hold the business contact details we found publicly (name, business, public email/phone/social) - you can ask us to delete them at any time.
3. Why we use it (lawful bases)
To run the service you signed up for - your account, your page, bookings, reviews, AI features (contract).
To keep the service safe, debug problems, prevent abuse and understand how the product is used (legitimate interests).
To send you service emails - confirmations, receipts, booking notifications, your weekly coach email (contract / legitimate interests). Marketing email is separate and only ever with your opt-in consent, which you can withdraw any time.
To meet legal obligations - tax and billing records, responding to lawful requests (legal obligation).
Cookies and analytics that remember you run only with your consent - see the Cookie Policy.
4. Who helps us run seasea (sub-processors)
These services process data for us, under their own security and data-processing terms:
Supabase - database, authentication and file storage (hosted in London, eu-west-2).
Vercel - website hosting and serverless infrastructure.
Stripe - payments and subscriptions (they handle card details; we never store them).
Brevo - transactional email (confirmations, notifications, the weekly coach).
Cloudflare - DNS and network protection in front of the site.
PostHog - product analytics (cookieless unless you accept cookies).
Sentry - error monitoring, so we find out when something breaks.
Microsoft Clarity - session analytics, loaded only after you accept cookies.
Anthropic - powers the AI writing help and weekly coach. Your page content and stats are sent to generate your drafts; Anthropic doesn't use this data to train its models.
Google Maps and Places - looking up addresses and towns for location fields.
We don't sell personal data, and we don't share it with anyone else except where the law requires.
5. Where your data lives
Our main database and storage are in London (Supabase, eu-west-2). Some providers above process data in the US or elsewhere; where they do, transfers are covered by UK-approved safeguards such as the UK Extension to the EU-US Data Privacy Framework or standard contractual clauses.
6. How long we keep it
Your account data and page content: for as long as you have an account. Close it and we delete your content and personal data promptly, keeping only what the law makes us keep (billing and tax records, kept for the statutory period) and short-lived backups that expire on their own schedule.
Booking requests: kept so the owner can follow up, deleted on request by the person who sent them.
Analytics: page-view records are kept in aggregate form for reporting; technical logs expire on short rolling windows.
7. Your rights
You have the rights UK GDPR gives you: to see a copy of your data (subject access), to correct it, to delete it, to restrict or object to processing, and to take your data elsewhere (portability). Consent-based things (marketing, cookies) you can withdraw at any time.
To use any of these, email hello@seasea.io - no forms, no hoops. We'll answer within a month.
If you're not happy with how we've handled your data, you can complain to the Information Commissioner's Office (ico.org.uk) - though we'd appreciate the chance to fix it first.
8. Changes and contact
If we change this policy in a way that matters, we'll tell you by email or in your dashboard. The date at the top is always current. Anything unclear, or any request about your data: hello@seasea.io.
See also the Terms of Service and the Cookie Policy. If you're a member, the short member privacy explainercovers your account specifically; if you're visiting a business page, about this page is the quick version.