Last updated: January 28, 2025

Privacy Policy

1. Introduction and Who We Are

This Privacy Policy explains how Tremble Oy (Finnish business id: 3235618-3) ("we", "us", or "our"), collects, uses, and protects your personal data when you use our website seatingchartmaker.app (the "Website") and seating chart creation service (the "Service"). We are committed to protecting your privacy and handling your data in an open and transparent manner. We act as the data controller for personal data collected directly from you, and as a data processor for any third-party personal data you input into the Service.

2. Age Restrictions

The Service is not intended for users under the age of 16. By using the Service, you confirm that you are at least 16 years old. If we discover or have reason to suspect that a user is under 16, we will terminate their account and delete their data.

3. Personal Data We Collect

3.1 Data You Provide Directly

  • Email address for account creation and transactional communication
  • If you log in via a third party (e.g., Google login), we might receive your name and link to a profile picture from the third party. The standard functionality of the authentication service we use is to save these data if provided.
  • Payment transactions are handled by Paddle.com Market Limited, who acts as the Merchant of Record for all purchases. Paddle collects and processes payment data directly. For information about how Paddle processes your payment data, please refer to Paddle's Privacy Policy.
  • Email address and other data you provide through the contact form (processed via Formspree for communication purposes). Form submissions are also forwarded to our email system.

3.2 Technical Data

The information systems and software procedures used to operate this Website and Service acquire personal data as part of their standard functioning. The transmission of such data is an inherent feature of Internet communication protocols. This data includes:

  • IP addresses
  • Browser type and version
  • Operating system
  • Date and time of access
  • URLs of referring websites

This data may be saved in log files and used for the proper functioning of the Service.

3.3 Your Content

When using our Service, you may input personal data about third parties (such as names) into seating charts. For such data:

  • You are the data controller
  • You are responsible for having the legal basis to process such data
  • You must fulfill all obligations as a data controller under applicable privacy laws
  • You must handle any data subject requests from individuals whose data you have input
  • We act solely as a data processor and process such data according to your instructions and our Terms of Service

4. How We Use Your Personal Data

4.1 Purposes

  • To provide and maintain the Service
  • To process your payments
  • To communicate with you about the Service
  • To ensure the security and proper functioning of the Service

4.2 Legal Basis (GDPR)

We process your personal data based on:

  • Contract performance (providing the Service)
  • Legal obligations (accounting requirements, responding to lawful authorities)
  • Legitimate interests (implementing necessary security measures, maintaining technical functionality, preventing fraud and misuse)

5. Data Storage and International Transfers

We use Google Firebase for hosting, authentication and database services, and Formspree for contact form processing, both located in the United States. Your data is protected during international transfers through appropriate safeguards:

  • Legally approved data transfer mechanisms
  • Technical security measures including encryption

6. Third-Party Service Providers

We use the following service providers:

  • Paddle.com Market Limited acts as our Merchant of Record and handles all payment processing. When you make a purchase, you enter into a direct relationship with Paddle for payment processing. Any payment-related data protection requests should be directed to Paddle.
  • Firebase (hosting, server functionality, authentication and database)
  • Formspree (contact form processing)
  • Sentry (error tracking, configured not to collect PII or use cookies)
  • PostHog (analytics, configured not to collect PII or use cookies)

7. Links to third party websites

Our Website contains links to other websites that are not operated by us and whose privacy practices may differ. The relevant third-parties' privacy policies will govern any submission of your personal data to third-party websites.

8. Cookies and Similar Technologies

We use only essential cookies and similar technologies necessary for the functioning of the Service. These cookies are used to:

  • Maintain your session
  • Remember your authentication status
  • Ensure the security of your account
  • Remember your application settings

We do not use any tracking or marketing cookies.

Your consent is not required for the usage of essential cookies. That is why we don't have a cookie popup or a banner.

9. Data Retention

We retain your personal data for as long as necessary to provide the Service. Specifically:

  • Account data is retained while your account is active
    • Inactive accounts and associated data are deleted after 24 months of inactivity
    • You will receive notification via email 4 weeks before account deletion
    • You can prevent deletion by logging in during the notice period
  • Log files retained for a period of time that depends on the service the log files are related to and that is typical to this kind of service.
  • Contact form submissions:
    • Stored by Formspree for 30 days
    • Submissions forwarded to our email system are retained until you request their deletion

10. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent, if the personal data processing is based on consent

To exercise these rights, contact us.

11. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • HTTPS encryption for all data in transit
  • Encryption of data at rest
  • Regular security assessments
  • Access controls and authentication

12. Changes to This Policy

We may update this Privacy Policy from time to time. Therefore, it is advisable that you check this Privacy Policy regularly.

13. Contact Us

For any questions about this Privacy Policy or our data practices, contact us: Contact form or ppa.rekamtrahcgnitaes@ycavirp.

For EU residents: You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with applicable law.