SeatFound was designed with security and privacy in mind from the start. Guest data is encrypted, access is controlled, and your information is never shared or sold.
Every protection listed here is active in production — not a roadmap item.
Every guest list is encrypted before it is written to our database — the same encryption standard used by financial institutions and government agencies. Even if someone gained access to the database directly, they would see only scrambled, unreadable data.
Our encryption includes a built-in integrity check. If stored guest data is altered in any way — even a single character — decryption fails and no data is returned. This prevents both unauthorized access and silent data corruption.
Guest names and table assignments are decrypted only at the moment a guest page is requested — and only on our servers. The raw, readable guest list is never written to disk, never cached, and never sent to the browser in an unprotected form.
Creating, editing, or deleting an event requires a verified account. Every write request is authenticated server-side before any action is taken. Unauthenticated requests are rejected immediately — no data is exposed.
Every event is tied to its owner. Before any update or deletion, we verify server-side that the person making the request owns that event. Knowing an event's URL or ID is not enough — unauthorized modifications are blocked outright.
Organizers can require a PIN before guests can search for their seat. PIN verification is handled securely to prevent attacks that try to guess the PIN by measuring how quickly the server responds.
Your dashboard, event editor, and account pages cannot be embedded inside other websites. Security headers prevent a malicious site from loading your account page in a hidden frame to steal your clicks or credentials.
Payments are handled entirely by a PCI-certified payment provider. SeatFound never sees, stores, or touches your card number — it goes directly to the payment processor and never passes through our servers.
Subscription status, payment dates, and plan changes are updated only in response to verified events from our payment provider. No client-side request can modify your billing status — changes must come from a cryptographically verified source.
The encryption key used to protect guest data is stored as a secure server-side secret — never in source code, never in version control, and never accessible from the browser. It exists only within the protected server environment.
Data-modifying requests are only accepted from the SeatFound application itself. Requests originating from other websites or tools are blocked at the network layer before reaching any business logic.
The kiosk mode can operate entirely on-device after the initial page load. Once set up, it requires no live internet connection — reducing exposure to network-based risks and eliminating dependence on venue WiFi reliability.
SeatFound runs on providers that carry independent security certifications — their compliance extends to the infrastructure layer your data runs on.
Any organization that manages attendee data benefits from encrypted, access-controlled seating. Common use cases:
Advisory boards, investigator meetings, and speaker programs often involve confidential attendee lists. Encryption and PIN-protected access ensure only authorized staff can view who is attending.
Client dinners, investor events, and board meetings require discretion. Encrypted guest lists, PIN protection, and white-label branding mean no visible third-party tools and no data exposure.
Firm retreats and client events carry confidentiality obligations. Guest data is encrypted at rest, never sold, and deleted when the event expires — supporting data minimization best practices.
Medical conferences, grand rounds, and CME events involve professional attendees. SeatFound stores only names and table numbers — no medical or health information — and encrypts all guest data.
Official functions, award ceremonies, and departmental events often require controlled access. PIN protection limits the seating lookup to invited guests only.
Executive off-sites, all-hands events, and board dinners benefit from encrypted attendee data, white-label branding, and the ability to clone events across a full calendar year.
What we do — and don't do — with your data.
SeatFound supports the rights of data subjects under GDPR and CCPA, including the right to access, correct, delete, or export your data. Event organizers are the data controllers for their guest lists; SeatFound acts as a data processor. To exercise any rights, email hello@seatfound.com.
We believe in being straightforward about where we are today. No security page should overstate its claims.
If you have a security question, want to report a vulnerability, or need to discuss compliance requirements for your organization, email us at hello@seatfound.com. We respond to all security inquiries within one business day.
For full details on data handling, see our Privacy Policy and Terms of Service.