Your data, handled carefully.

SeamBase is operated as a sole-trader business in Scotland. Contact: seambase.contact@gmail.com.

Account data. Email address, hashed password, business name, and a per-account profile we use to identify you in the Service.

Service content. Information you submit while using SeamBase: manufacturers and their contact details, orders (including references, descriptions, quantities, costs, delivery dates, status), messages, file attachments, products, and notes. This is your data; we host it on your behalf.

Billing data. If you subscribe to a paid plan, we store a Stripe customer ID and a record of your subscription status. Stripe (not SeamBase) processes and stores your payment card. We never see your full card number.

Usage and technical data. IP address, user-agent, server logs, and basic request metadata are processed by Vercel and Cloudflare to operate, secure, and troubleshoot the Service.

Cookies. See our Cookies Notice. In short: essential cookies only.

• Performance of a contract— to provide the Service you have signed up for (account creation, authentication, hosting your data, sending status emails to your manufacturers).
• Legitimate interests— to keep the Service secure, prevent abuse and fraud, debug and improve features, and communicate with you about service issues.
• Legal obligation— to keep accounting records, respond to lawful requests, and comply with applicable law.
• Consent— for non-essential cookies or marketing emails, where applicable. You can withdraw consent at any time.

We share personal data only with sub-processors who help us operate the Service, under contract and with appropriate safeguards:

• Supabase— primary database, file storage, and authentication (EU/US regions).
• Vercel— application hosting and edge networking.
• Cloudflare— CDN, DNS, bot mitigation (Turnstile CAPTCHA).
• Resend— transactional email delivery.
• Stripe— payment processing and subscription billing.

We may also disclose data where required by law, court order, or to protect our rights, property, or safety, or those of others.

Some of our sub-processors are located outside the UK, including in the United States. Where personal data is transferred outside the UK we rely on appropriate safeguards such as the UK’s International Data Transfer Addendum to the EU Standard Contractual Clauses, or equivalent mechanisms.

We retain account and Service data for as long as your account is active. On account closure we delete or anonymise personal data within 30 days, except where retention is required by law (for example, tax records typically retained for 6 years). Demo accounts are deleted automatically after 24 hours of inactivity.

You have the right to access, rectify, erase, restrict, or object to processing of your personal data, and the right to data portability. You can exercise most of these rights from inside the Service (settings page) or by emailing seambase.contact@gmail.com.

If you have a complaint about how we handle your data, please contact us first. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

We implement appropriate technical and organisational measures to protect personal data, including TLS in transit, encryption at rest where supported, scoped access keys, row-level security on our database, private file storage with time-limited authenticated download links, per-order tokens for the unauthenticated manufacturer update flow, rate limiting on unauthenticated endpoints, and CAPTCHA protection on signup endpoints. We retain audit logs for service-operations purposes. No system is 100% secure; if you suspect your account has been compromised, or you become aware that an order’s update link has been shared beyond its intended recipient, contact us immediately so we can rotate the link and review activity.

SeamBase is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this policy from time to time. The effective date at the top of this page indicates when it was last updated. For material changes we will give reasonable advance notice by email or in-product.