Privacy Policy

• We collect the information you give us to run your account and your seating charts, plus limited technical and analytics data.
• Some of the data you upload is about other people (your wedding guests). You are responsible for having a proper basis to give us that data, and we process it on your behalf.
• We use a small set of trusted third-party providers (“subprocessors”) to run the Service. They are listed in Section 7.
• We do not sell your personal information in the everyday sense of the word. See the CCPA/CPRA section for the specific legal meaning of “sell” and “share.”
• Depending on where you live, you may have rights to access, correct, or delete your data. See Sections 11 and 12.

The data controller responsible for your personal information is Danny Aziz (doing business as Placecard), located at 100 Maspeth Avenue, Brooklyn, New York 11211, USA. You can reach us at [email protected].

For the guest data you upload about third parties, you act as the controller of that data and Placecard acts as your processor (see Section 6).

3.1 Account data

When you create an account we collect your email address and authentication credentials. Authentication is handled through Supabase Auth.

3.2 Payment data

Placecard uses a freemium model with a one-time purchase per wedding (no subscription). Payments are processed by Stripe.

• We do not store your full card number or card security details. Those are collected and processed directly by Stripe.
• We store a record of your purchase, including a Stripe customer/payment identifier, the amount, the date, and which wedding/workspace was unlocked.

3.3 Guest data you upload (third-party personal data)

To build a seating chart, you upload information about your wedding guests. This may include:

• Guest names
• Guest email addresses
• Meal and dietary preferences, which may include allergy or other health-related information
• RSVP status
• Table assignments and seating arrangements
• Plus-ones and related guest details

This data is about other people, not about you. We process it solely to provide the seating-chart features you ask for. Your responsibilities for this data are described in Section 6.

3.4 Shared seating charts

If you create a share link for a seating chart, anyone who has that link can view the chart and the guest information shown on it. Share links are intended for distribution to your wedding party or vendors. Anyone with the link may view the chart, so treat links as semi-public and only share them with people you trust.

3.5 Usage and analytics data

When you use the Service we automatically collect technical and usage information such as device and browser type, IP address, pages and features used, and interaction events. We collect this through:

• PostHog — product analytics
• Meta Pixel / Conversions API — advertising and conversion tracking
• Google — advertising and conversion tracking

See Section 9 for details on cookies and tracking.

3.6 Communications

If you contact us, we keep a record of that correspondence. We send transactional email (such as account, receipt, and share-related messages) through Loops.

We use the information above to:

• Create and manage your account and authenticate you;
• Provide the core seating-chart features (uploading guests, arranging tables, CSV import, PDF export, share links);
• Process your one-time purchase and provide receipts and support;
• Send transactional and service-related messages;
• Measure and improve the Service through product analytics;
• Market the Service and measure advertising effectiveness;
• Maintain security, prevent fraud and abuse, and debug problems;
• Comply with legal obligations and enforce our terms.

Where the EU/UK General Data Protection Regulation (GDPR) applies, we rely on the following legal bases:

For guest data you upload (where Placecard is a processor), you are responsible for establishing the legal basis as controller. Where that data includes special-category information such as allergy or health details, you are responsible for ensuring you have an appropriate condition for processing it (for example, the guest's explicit consent). See Section 6.

When you upload information about your guests:

• You decide what data to collect and upload. You are the controller of that data; Placecard is your processor and acts only on your instructions to provide the Service.
• You confirm that you have a lawful basis to provide that data to us and to have us process it on your behalf — for example, that you have collected it appropriately and, where required, have the guests' consent.
• For sensitive data such as dietary, allergy, or health-related preferences, you are responsible for ensuring you may lawfully collect and share it.
• We will process guest data only to provide the Service, will not use it for our own marketing, and will help you respond to guest requests (such as deletion) where the data is under your control.
• If a guest contacts us directly about their data, we will generally refer them to you as the controller, and assist you in responding.

We use the following providers to operate the Service. Each processes only the data needed for its function, under contractual confidentiality and data-protection obligations.

We may update this list as our providers change. Material changes will be reflected in this Policy.

We share personal information only:

• With the subprocessors listed above, to operate the Service;
• When you choose to share a seating chart via a share link (anyone with the link can view it);
• To comply with law, legal process, or a lawful government request;
• To protect the rights, property, or safety of Placecard, our users, or others, and to prevent fraud or abuse;
• In connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this Policy or notify you of any change.

We do not sell your personal information for money. See Section 12 for the specific CCPA/CPRA meanings of “sell” and “share.”

We and our providers use cookies and similar technologies to run the Service, remember your preferences, measure usage, and support advertising. These include:

• Essential cookies for login and core functionality;
• Analytics cookies via PostHog;
• Advertising/conversion technologies via the Meta Pixel / Conversions API and Google.

Advertising and non-essential analytics technologies are used based on your consent where required by law. You can manage non-essential cookies through our cookie controls (where available) and through your browser settings. Disabling some cookies may affect how the Service works.

We keep personal information for as long as needed to provide the Service and for the purposes described in this Policy:

• Account data — kept while your account is active.
• Guest and seating-chart data — kept while your account or workspace exists, or until you delete it. You can delete guests, charts, or your account at any time.
• Purchase records — retained as needed for accounting, tax, and legal obligations.
• Analytics data — retained per our providers' standard retention periods.

When you delete data or close your account, we will delete or de-identify it within a reasonable period, except where we must retain it for legal, accounting, or security reasons.

We use reasonable technical and organizational measures to protect personal information, including encryption in transit, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for managing who you share seating-chart links with.

Placecard is operated primarily from the State of New York, United States, and our providers may process data in the United States and other countries. If you access the Service from outside the United States, your information may be transferred to and processed in countries whose data-protection laws differ from your own.

Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum where relevant), or another lawful transfer mechanism.

If the GDPR applies to you, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Erase your data (“right to be forgotten”);
• Restrict or object to certain processing;
• Data portability — receive your data in a portable format;
• Withdraw consent at any time, where processing is based on consent;
• Lodge a complaint with your local data-protection authority.

To exercise these rights, contact [email protected]. For guest data where Placecard is a processor, we will direct or assist requests through the relevant controller (the user who uploaded the data).

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose;
• Access a copy of your personal information;
• Delete your personal information, subject to exceptions;
• Correct inaccurate personal information;
• Opt out of any “sale” or “sharing” of personal information and of targeted advertising;
• Limit the use of sensitive personal information;
• Non-discrimination for exercising your rights.

We do not sell personal information for money. However, the use of advertising technologies such as the Meta Pixel and Google tracking may be considered a “sale” or “share” of personal information under the CCPA/CPRA. You can opt out of these technologies through our cookie controls (where available) and standard browser opt-out signals such as Global Privacy Control (GPC).

To exercise your California rights, contact [email protected]. You may use an authorized agent, and we will verify your identity before responding.

The Service is not directed to children. We do not knowingly collect personal information from children under 16 (or under 13 in the United States, consistent with COPPA). If you believe a child has provided us personal information, contact us at [email protected] and we will delete it. As a user uploading guest data, you should not upload data about children except as permitted by law and with an appropriate basis.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you by email or in the Service. Your continued use of the Service after changes take effect means you accept the updated Policy.

If you have questions, requests, or complaints about this Policy or your data:

• Entity: Danny Aziz (doing business as Placecard)
• Email: [email protected]
• Postal address: 100 Maspeth Avenue, Brooklyn, New York 11211, USA

See also our Terms of Service.