Privacy Policy

Seya Inc. ("Seya", "we") respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. It is designed to comply with the Québec Act respecting the protection of personal information in the private sector (commonly known as "Law 25") and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Privacy officer

Our designated person responsible for the protection of personal information is the Seya Privacy Officer. You can reach them at contact@seyabook.com.

2. Information we collect

• Account information: name, email, phone number, password (hashed), profile photo, and (for Providers) business details, tax ID, registration number, and verification documents.
• Booking information: services booked, dates, prices, notes, deposits, and reviews you write.
• Payment information: handled directly by our payment partner Stripe, Inc. We store only payment-method tokens, the last 4 digits of cards, and transaction metadata — never your full card number or CVV.
• Location information: the city or neighbourhood you search in, and (with your permission) your approximate location to find nearby providers.
• Device & usage data: IP address, browser type, device identifiers, pages visited, and basic analytics events.
• Communications: emails, support messages, and dispute evidence you send through the Platform.

3. How we use your information

• To create and manage your account.
• To facilitate bookings, payments, refunds, and disputes.
• To verify Provider identity, business credentials, and insurance.
• To send transactional emails (booking confirmations, reminders, receipts).
• To send marketing emails — only with your consent, and you can unsubscribe at any time.
• To improve and secure the Platform, prevent fraud, and enforce our Terms.
• To comply with legal obligations.

4. Legal basis (where applicable)

We collect and use your personal information based on: your consent, the necessity of performing the booking contract you enter into, our legitimate interest in operating a safe and useful marketplace, and our legal obligations.

5. Sharing

We share personal information only as needed:

• With Providers you book — they receive your name, contact information, booking details, and any notes you add.
• With Clients who book you (for Providers) — your business details and contact information shown on your profile.
• With service providers that help us run the Platform: Stripe (payments), Supabase / Lovable Cloud (hosting and database), email delivery services, Google Maps / Places (location lookup), and analytics tools. Each is bound by confidentiality and data-protection obligations.
• With authorities when required by law, court order, or to protect rights, safety, or property.
• In a business transfer (merger, acquisition) — your information may be transferred subject to this Policy.

We do not sell your personal information.

6. Cross-border transfers

Some of our service providers store or process data outside Québec or Canada (including in the United States and the European Union). We use contractual and technical safeguards to protect your information when it is transferred outside the province, as required by Law 25.

7. Retention

• Account information: kept while your account is active and for a reasonable period after closure to handle disputes, refunds, accounting, and legal obligations.
• Booking and payment records: kept for at least 7 years to meet tax and accounting obligations.
• Marketing preferences: kept until you withdraw consent.
• Verification documents: kept for the duration of the Provider relationship plus a reasonable period afterwards.

When personal information is no longer needed, we securely delete or anonymize it.

8. Security

We use industry-standard technical and organizational measures, including encryption in transit (HTTPS), encryption at rest for sensitive fields, role-based access control, row-level database security, and regular security reviews. No system is 100% secure, but we work continuously to protect your information.

9. Your rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Withdraw consent at any time (this may limit your ability to use parts of the Platform).
• Request deletion or de-indexing of your personal information.
• Receive a portable copy of your information in a structured, commonly used format.
• Be informed about and object to fully automated decisions that significantly affect you.
• File a complaint with the Commission d’accès à l’information du Québec (CAI) or the Office of the Privacy Commissioner of Canada.

To exercise any of these rights, email contact@seyabook.com. We will respond within 30 days.

10. Children

Seya is not directed to children under 14. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

12. Privacy incidents

If a confidentiality incident presents a risk of serious injury, we will notify affected individuals and the Commission d’accès à l’information without unreasonable delay, as required by Law 25.

13. Changes

We may update this Privacy Policy. Material changes will be communicated by email or through the Platform at least 14 days before they take effect.

14. Contact

Seya Privacy Officer
Email: contact@seyabook.com
Mail: Seya Inc., Montréal, Québec, Canada.