Legal

Privacy Policy

Effective date: 20 May 2025

Who we are

SeatFill is a product of Idyllic Aurora Ltd, trading as Idyllic Software (company number 12021646), a company registered in England and Wales.

When we say "we", "us", or "SeatFill" in this policy, we mean Idyllic Aurora Ltd. Our contact address for privacy matters is hello@seatfill.io.

What this policy covers

This policy explains how we collect, use, store, and share personal data when you use the SeatFill platform — including the web application, any associated APIs, and this marketing website.

SeatFill is a B2B SaaS platform. We provide our service to clubs (our customers), who in turn use it to manage their members. In data protection terms:

  • Idyllic Aurora Ltd is the data controller for account, billing, and marketing data.
  • Idyllic Aurora Ltd acts as a data processor on behalf of clubs for the personal data of their members.
  • Each club is the data controller for their own members' data.

Data we collect

Club administrators and account holders

  • Name and email address
  • Role and club affiliation
  • Login credentials (passwords are hashed and never stored in plain text)
  • Billing details (processed by our payment provider — we do not store card numbers)
  • Communication history with our support team

Club members (processed on behalf of clubs)

  • Name, email address, and phone number
  • Booking history and cancellations
  • Fuel usage and billing records
  • Incident and near-miss reports
  • Post-trip feedback and ratings
  • Vessel inspection records (where the BoatCheck module is enabled)

Usage and technical data

  • IP addresses and browser/device information
  • Pages visited and features used within the platform
  • Error logs and diagnostic data

How we use your data

We use personal data for the following purposes:

  • Providing the service — operating bookings, fleet management, billing, notifications, and all platform features.
  • Account management — creating and maintaining club and member accounts.
  • Communications — sending booking confirmations, reminders, waitlist alerts, and administrative notifications.
  • Support — responding to queries and resolving issues.
  • Security — detecting fraud, abuse, and protecting the integrity of the platform.
  • Legal obligations — complying with applicable laws and regulations.
  • Service improvement — using aggregated, anonymised analytics to improve platform performance and features.

We do not sell personal data to third parties. We do not use member data for advertising.

Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

  • Contract — processing necessary to deliver the service you or your club has contracted for.
  • Legitimate interests — security monitoring, fraud prevention, and service improvement.
  • Legal obligation — where we are required to process data by law.
  • Consent — for optional communications such as product updates and newsletters.

Data storage and security

Your data is stored on servers within the UK and European Economic Area, operated by Supabase (our database provider) and Vercel (our hosting provider). Both are SOC 2 compliant.

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), encryption at rest, role-based access controls, and regular security reviews.

Data retention

We retain personal data for as long as necessary to provide the service and meet our legal obligations. When a club's subscription ends:

  • Club and member data is retained for 30 days, after which it is permanently deleted.
  • Billing and financial records are retained for 7 years as required by UK law.
  • Clubs may request immediate deletion by contacting us at hello@seatfill.io.

Your rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data in certain circumstances.
  • Restriction — ask us to limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at hello@seatfill.io. We will respond within 30 days.

If you are a club member and wish to exercise your rights, you should contact your club directly, as they are the data controller for your membership data.

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

We use essential cookies to operate the platform — specifically for authentication sessions. We do not use advertising or tracking cookies. No third-party analytics cookies are set on the marketing website without your consent.

Third-party processors

We share data with the following sub-processors, all subject to appropriate data processing agreements:

  • Supabase — database and file storage
  • Vercel — application hosting
  • Resend — transactional email delivery
  • Twilio — SMS notifications

Changes to this policy

We may update this policy from time to time. We will notify club administrators of material changes by email and update the effective date above. Continued use of the platform after changes constitutes acceptance of the updated policy.

Contact

For any privacy-related questions, please contact us at hello@seatfill.io.

Idyllic Aurora Ltd · Trading as Idyllic Software · Company No. 12021646 · Registered in England and Wales