Legal

Privacy Policy

Last updated: March 20, 2026

1. Introduction

This Privacy Policy explains how Seshn (“we,” “us,” or “our”) collects, uses, shares, and protects information when you use our booking API, dashboard, website, documentation, and related services (the “Service”).

This policy applies to three groups:

  • Customers — developers and businesses that integrate our API.
  • End Users — people who book appointments through a Customer's application.
  • Website Visitors — anyone who visits seshn.net.

Key distinction: Seshn is the data controller for Customer account data and website visitor data. For End User booking data, Seshn acts as a data processor on behalf of the Customer, who is the data controller. End Users should review their service provider's privacy policy for details on how their booking data is handled.

2. Information We Collect

From Customers (as controller)

  • Account information: organization name, email address, and role.
  • Payment information: billing address and payment method, processed by Stripe. We do not store credit card numbers.
  • API usage data: API calls, endpoints used, error rates, latency, and rate limit metrics.
  • Communications: support emails and feedback you send us.

From End Users (as processor)

  • Booking details: names, email addresses, phone numbers, appointment types, dates, times, and any custom fields configured by the Customer.
  • We process this data solely on the Customer's behalf and according to their instructions.

From Website Visitors

  • Analytics: page views, referral source, and browser/device information via Vercel Analytics.
  • Contact submissions: information you provide when reaching out to us.

Automatically collected

  • IP addresses, browser type, device information, and operating system.
  • Log data including timestamps and API request metadata (not request bodies).
  • Performance and error data for service reliability.

3. How We Use Information

Customer data (as controller)

  • Provide, maintain, and improve the Service.
  • Process payments and manage subscriptions.
  • Send service notifications such as outage alerts, security updates, and billing notices.
  • Respond to support requests.
  • Detect and prevent fraud, abuse, and security incidents.
  • Generate aggregated, anonymized analytics to improve the platform.

End User data (as processor)

  • Process and transmit booking data solely as instructed by the Customer.
  • Maintain data integrity and availability.

We do not use End User data for our own marketing, profiling, or advertising purposes.

4. Legal Bases for Processing (GDPR)

  • Contract performance: providing the Service to Customers.
  • Legitimate interests: security, fraud prevention, and service improvement.
  • Consent: marketing communications (with opt-out).
  • Legal obligation: tax records and law enforcement requests.
  • Processor instructions: End User data is processed on behalf of the Customer under their instructions.

5. Data Sharing

We share data only with service providers who help us operate the Service:

  • Cloud infrastructure: hosting and database providers.
  • Payment processing: Stripe.
  • Analytics: Vercel Analytics.
  • Error monitoring: Sentry.
  • Email: Resend (for transactional notifications).

We may also disclose data:

  • When required by law, court order, or legal process.
  • To protect our rights, safety, or property.
  • In connection with a merger, acquisition, or sale of assets (with notice to you).

We do not sell personal data. We do not share End User data with third parties for their own marketing purposes.

6. Data Retention

  • Customer accounts: retained while your account is active, plus 30 days after deletion.
  • Booking data: retained according to your configuration; deleted within 30 days of account termination or upon request.
  • Payment records: retained as required by tax and legal obligations (typically 7 years).
  • Usage analytics: retained in anonymized, aggregated form.
  • Website analytics: retained for up to 24 months.

7. Data Security

  • Encryption in transit (TLS 1.2+) and at rest.
  • API keys are hashed before storage.
  • Access controls and least-privilege principles.
  • Regular security assessments.
  • Incident response procedures with breach notification.

No system is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security.

8. International Data Transfers

Data may be processed in the United States. For customers in the EU/EEA/UK, we rely on Standard Contractual Clauses (SCCs) to ensure adequate protection for international data transfers. If you require a Data Processing Addendum, contact us at hello@seshn.net.

9. Your Rights

EU/EEA/UK Residents (GDPR)

You have the right to access, rectify, erase, restrict processing, data portability, and object to processing. You may withdraw consent at any time and lodge a complaint with your supervisory authority.

California Residents (CCPA/CPRA)

You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. You have the right to non-discrimination for exercising your rights.

All Users

  • Access and update your account information via the dashboard.
  • Delete your account and request a data export.
  • Opt out of marketing communications.

End Users: If you booked an appointment through a business that uses Seshn, please contact that business directly to exercise your data rights. They are the data controller for your booking information. We will assist them in fulfilling your request.

10. Cookies and Tracking

We use only essential cookies for session management. We use Vercel Analytics for privacy-friendly website analytics — it does not use cookies or track individuals across sites. We do not use third-party advertising cookies or trackers.

11. Children's Privacy

The Service is not directed at individuals under 18. We do not knowingly collect personal information from children under 13 (COPPA) or under 16 (GDPR). If we learn that we have inadvertently collected such data, we will delete it promptly.

12. Third-Party Services

The Service may link to or integrate with third-party services. We are not responsible for the privacy practices of those services. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or dashboard notification. The “Last updated” date at the top indicates when the policy was most recently revised.

14. Contact

For privacy inquiries, contact us at hello@seshn.net.