Privacy Policy

1. Introduction

AM Media & Design, operating as PerfectlySat (“we,” “us,” or “our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website at perfectlysat.com and related services (the “Service”).

By using the Service, you acknowledge the practices described here. If you do not agree, please stop using the Service immediately.

2. Information We Collect

2.1 Account Information

When you create an account we collect:

• Full name — provided during registration or obtained from your third-party sign-in provider
• Email address — used as your login identifier and for account-related communications
• Profile photo URL — obtained automatically if you sign in with a third-party provider; not collected otherwise
• Password — if you register with email/password (stored in hashed form by our authentication provider; we never access your plaintext password)

2.2 Event & Seating Data

When you use the Service you may provide:

• Event details — event name, date, venue name, canvas dimensions, and theme preference
• Table information — table labels, shapes, seat counts, and positions
• Guest information — first name, last name, group, meal preference, RSVP status, notes, seat assignment, and check-in status

2.3 Third-Party Guest Data

The Service lets you store personal data about your event guests — individuals who are not users of the Service and have not directly consented to us. This data is entered by you manually or imported from files and may include names, dietary requirements, and personal notes.

For business customers requiring additional contractual terms for personal-data processing, we offer a Data Processing Addendum (DPA): Data Processing Addendum.

2.4 Payment Information

If you subscribe to a paid plan, your payment details (card number, billing address, etc.) are collected and processed directly by Stripe, our third-party payment processor. We never receive or store your full card details. We only store a payment processor customer ID, subscription ID, status, and billing period end date.

2.5 Automatically Collected Information

We collect minimal technical data necessary to operate the Service:

• Authentication cookies — session tokens to keep you logged in
• Theme preference cookie — stores your UI theme choice
• Browser storage — stores theme preferences, editor preferences, and local draft snapshots in your browser
• Security and request metadata — limited technical information such as IP address, user agent, and request timing used for security, fraud prevention, support, and abuse controls

2.6 Contact & Support Data

If you contact us or submit a form on the Service, we may collect your name, email address, subject line, message contents, and related support or communication records.

2.7 Audit Logs (Planner Plan)

On the Planner plan the Service records an activity log of actions within your events — including who performed the action, the type, and relevant details (e.g., guest names during check-in). These logs are visible only to the event owner and authorized collaborators.

3. How We Use Your Information

• Providing the Service — creating and managing your account, storing events and seating data, processing requests, and delivering core functionality
• Authentication — verifying your identity and maintaining your session
• Payment processing — managing subscriptions and billing through our payment processor
• Communication — responding to inquiries and sending account-related, billing, policy-change, and optional product-update or reminder communications based on your settings
• Security and abuse prevention — detecting misuse, enforcing rate limits, investigating incidents, and maintaining audit trails
• Service improvement — diagnosing technical issues and improving reliability
• Legal compliance — complying with applicable laws and regulations

4. How We Share Your Information

We share personal information only in these circumstances:

4.1 Service Providers

We work with a small number of trusted third-party providers that help us operate the Service:

• Infrastructure and support providers — help us host, secure, monitor, and operate the Service
• Authentication providers — support optional third-party sign-in
• Email and communication providers — deliver account, transactional, invitation, and support emails
• Stripe — processes subscription billing and payment information. See Stripe's Privacy Policy

If you choose to sign in with a third-party provider, that provider shares your name, email, and profile photo with us through their sign-in service.

We may update our third-party providers from time to time. Material changes will be reflected in this policy's “Last updated” date, and we may also notify users by email for significant changes.

4.2 Share Links You Create

When you generate a shareable link, the event name, date, venue, table layout, guest names, and meal preferences become visible to anyone with the URL. This sharing is initiated and controlled by you.

4.3 Collaborators (Planner Plan)

If you invite collaborators, they will have access to all event data including guest information, based on their assigned role (viewer or editor).

4.4 Legal Requirements

We may disclose information if required by law or in good-faith belief that it is necessary to: (a) comply with a legal obligation; (b) protect our rights or property; (c) prevent fraud; or (d) protect user or public safety.

4.5 Business Transfers

In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Storage & Security

5.1 Storage

Your data is stored on managed cloud infrastructure. It may be processed in any country where our infrastructure providers maintain facilities.

5.2 Security Measures

We implement appropriate technical and organizational measures including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Row-level security policies ensuring users can only access their own data
• Industry-standard password hashing
• Cryptographically random tokens for share links
• Non-root deployment environment
• Content Security Policy headers on exported documents

No method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, and you acknowledge that you provide information at your own risk.

6. Data Retention

• Active accounts — data is retained as long as your account is active
• Deleted accounts — account profile data and core event content (such as events, tables, guests, share links, and collaborator access tied to your account) are deleted or de-linked as part of account deletion
• Limited retained records — we may retain limited billing, payment-history, security, support, legal-compliance, and audit records for a limited period or as required by law
• Backups — deleted data may persist in encrypted backups for a limited period, after which it is permanently removed
• Legal obligations — certain records (e.g., financial transactions) may be retained as required by law

7. Your Rights

7.1 For All Users

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and all associated data
• Copies of your data — use available export features and contact us for additional access requests where required by law

7.2 EU/EEA/UK Residents (GDPR)

You additionally have the right to:

• Restrict processing — request that we limit processing of your data
• Object to processing — object to processing for certain purposes
• Withdraw consent — where we rely on consent, withdraw it at any time
• Lodge a complaint — with your local data protection authority

Our legal bases for processing: (a) performance of our contract with you; (b) your consent (for optional features like third-party sign-in); (c) our legitimate interests (security, fraud prevention, service improvement).

7.3 California Residents (CCPA)

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale of personal information — we do not sell your personal information
• Non-discrimination for exercising your privacy rights

8. Cookies & Browser Storage

The Service uses only the following cookies:

We also use browser storage such as local storage for theme preferences, editor preferences, and local draft snapshots. Local draft snapshots are stored in your browser to help with recovery and continuity. We do not use advertising, analytics, or third-party tracking cookies. Disabling cookies in your browser will prevent you from logging in, and restricting browser storage may limit certain convenience features.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. Where such transfers occur, we rely on Standard Contractual Clauses, provider data-protection agreements, and other appropriate safeguards required by applicable law.

10. Children's Privacy

The Service is not intended for account holders under 18. We do not knowingly permit children under 18 to register for accounts directly. Because the Service is used for event planning, adults may choose to enter guest information that relates to minors. If you believe a child has created an account or provided personal information to us directly inappropriately, please contact hello@perfectlysat.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on the Service with an updated “Last updated” date. For significant changes we may also email you. Continued use after changes constitutes acceptance.

12. Contact Us

Questions or concerns about this policy or your data? Reach us at:

EU/EEA residents may also contact their local supervisory authority for data protection inquiries.