Privacy Policy

Last updated: May 3, 2026

1. Information We Collect

• Phone number (SMS alerts only): Encrypted at rest using Fernet AES encryption. Used solely to deliver seat availability notifications.
• Email address (optional, account recovery only): Encrypted at rest using Fernet AES encryption. Used solely to recover your short code if you lose your device or browser data. Never used for marketing or product notifications.
• Push notification subscription: A browser-generated endpoint URL and encryption keys. No personal information is contained in this data.
• Alert preferences: Theatre, showtime, and seat selections you choose to monitor.
• Short code: A 6-character identifier (e.g., SD-7X4K) stored in your browser for cross-device alert access. Expires after 30 days.

2. Information We Do Not Collect

• Names or physical addresses
• AMC, Alamo Drafthouse, or Cinemark account credentials
• Payment or billing information
• Location data
• Cookies or tracking pixels for advertising

3. How We Use Your Information

Your information is used exclusively to:

• Send seat availability notifications via your chosen channel (push or SMS)
• Display your active and past alerts
• Enable cross-device access to your alerts via short codes
• Send account recovery codes by email when you request them

4. Data Sharing

We do not sell your personal information. We share data only with:

• Textbelt: Phone numbers are transmitted to Textbelt solely for SMS delivery.
• Resend: Email addresses are transmitted to Resend solely to deliver recovery codes and recovery confirmation messages.
• Google Cloud Platform: Infrastructure hosting and data storage.

5. Anonymized & Aggregated Data

We may use anonymized and aggregated data (such as which seats are most monitored, peak monitoring times, and demand patterns) for product insights and analytics. This data cannot be used to identify individual users.

6. Data Retention

• Alerts: Automatically deleted after the showtime passes (within 48 hours).
• Phone numbers: Stored only while you have active alerts. Encrypted at rest.
• Email addresses: Stored only while attached to your account. Removable at any time from the My Alerts page. Encrypted at rest.
• Recovery codes: Hashed before storage and expire automatically after 10 minutes.
• Push subscriptions: Stored only while you have active alerts.
• Short codes: Expire after 30 days.

7. Data Security

Phone numbers and email addresses are encrypted using Fernet symmetric encryption before storage. Hashes (HMAC-SHA256) are used for lookups without exposing the original value. All data is stored in Google Cloud Firestore with encryption at rest.

8. Your Rights

You can:

• Cancel any alert at any time from the My Alerts page
• Remove your recovery email at any time from the My Alerts page
• Your data is automatically deleted when alerts expire
• Contact us to request deletion of all your data

9. Children's Privacy

SeatDrop is not directed at children under 13. We do not knowingly collect information from children under 13.

10. Changes

We may update this policy at any time. Changes will be reflected in the "Last updated" date.

11. Contact

Questions about your privacy? Join our Discord community or use the feedback form in the app.