← Back

Privacy Policy

Last updated 12 May 2026

Who we are

tablePlan is operated by Bright Sustainability Ltd ("we", "us"). For privacy questions, write to hello@tableplan.app. We are the data controller for the personal data described here.

What we collect

  • Account data — your email and (optionally) a display name.
  • Event data — the events, tables, and guests you add to your plan. Guest names and dietary notes are personal data; you are the controller for guest data you input, and we process it on your instruction.
  • Payment data — handled directly by Stripe. We never see card details. We store an identifier and amount.
  • Technical logs — server logs (request paths, status codes, IPs) retained for up to 30 days for security and debugging.

How we use it

  • To provide the service — show you your seating plan, share it with people you invite, send the venue PDF on request.
  • To send transactional emails — sign-up confirmation, password reset, collaborator invites, payment receipts.
  • To meet legal obligations — payment records are retained for six years under UK accounting law.
We do not sell your data. We do not run ad tracking. We do not profile you.

Processors

We use the following third parties to deliver the service. Each has signed a data processing agreement and is bound to use your data only as we instruct.
  • Supabase (database + auth) — EU (London) region.
  • Stripe (payments) — global.
  • Resend (transactional email) — EU.
  • Vercel (hosting) — global edge network.

Retention

  • Active accounts: indefinitely while you continue to use the service.
  • Deleted accounts: all event content wiped within 30 days. Payment records retained 6 years for tax law, disassociated from your account.
  • Server logs: 30 days.

Your rights (UK GDPR)

  • Access — download a JSON of your data from Account → Download my data.
  • Rectification — edit any account or event detail directly in the app.
  • Erasure — Account → Delete account permanently removes your content.
  • Portability — the JSON export is machine-readable.
  • Complaint — you can complain to the UK Information Commissioner's Office (ico.org.uk).

Cookies

We use only essential cookies needed to keep you signed in. We do not use analytics, advertising, or social-media tracking cookies. When we add analytics in a future version, we will ask for your consent first.

Changes

We may update this policy. Material changes will be announced by email and noted at the top of this page.