Data Processing Agreement
This Data Processing Agreement (“DPA”) forms part of the agreement between the customer (the Controller) and Seats at, LLC (“seatsat”, the Processor) for use of the seatsat service. It reflects the parties’ obligations under the GDPR and applicable data protection law for personal data seatsat processes on the customer’s behalf.
1. Definitions
“Controller”, “Processor”, “Data Subject”, “Personal Data”, “Processing”, “Personal Data Breach”, and “Supervisory Authority” have the meanings given in the GDPR. “Company Personal Data” means personal data seatsat processes on the Controller’s behalf in providing the the seatsat reservation, menu and operations service.
2. Processing of personal data
seatsat will process Company Personal Data only on the documented instructions of the Controller (including those in the agreement and this DPA), and will comply with all applicable Data Protection Laws.
3. Processor personnel
seatsat ensures that personnel authorised to process Company Personal Data are bound by confidentiality and access it only on a need-to-know basis.
4. Security
seatsat implements appropriate technical and organisational measures to protect Company Personal Data, appropriate to the risk (see Annex 2).
5. Sub-processing
The Controller authorises seatsat to engage the sub-processors listed in Annex 3. seatsat imposes data-protection obligations on each sub-processor no less protective than this DPA, and gives the Controller notice of changes with an opportunity to object.
6. Data subject rights
seatsat will assist the Controller, by appropriate technical and organisational measures, to respond to data-subject requests, and will not respond to such requests itself except on the Controller’s instructions.
7. Personal data breach
seatsat will notify the Controller without undue delay after becoming aware of a Personal Data Breach affecting Company Personal Data, with sufficient information for the Controller to meet its own obligations.
8. Data protection impact assessments
seatsat will provide reasonable assistance with data protection impact assessments and prior consultations with Supervisory Authorities.
9. Deletion or return
On termination of the services, seatsat will, at the Controller’s choice, delete or return Company Personal Data within 30 business days, unless retention is required by law.
10. Audit
seatsat will make available the information necessary to demonstrate compliance with this DPA and allow for audits, subject to reasonable notice and confidentiality.
11. International transfers
seatsat will not transfer Company Personal Data outside the EEA/UK without an appropriate transfer mechanism (appropriate safeguards recognized under applicable data protection law, including the European Commission's Standard Contractual Clauses and, where applicable, the UK International Data Transfer Addendum).
12. General
Each party will keep the other’s confidential information confidential. Notices are given as set out in the agreement.
13. Governing law
This DPA is governed by the laws of the State of Delaware, and disputes are subject to the courts of shall be subject to the exclusive jurisdiction of the state and federal courts located in Delaware.
Annex 1 — Details of processing
| Subject matter | provision of the seatsat reservation, menu and operations service |
|---|---|
| Duration | the term of the agreement |
| Nature & purpose | hosting, storing and processing reservations, guests and menus on the Controller's behalf |
| Categories of data subjects | the Controller's guests, staff and contacts |
| Categories of personal data | names, contact details (phone, email), reservation details (date, time, party size), and free-text requests or notes |
| Special categories | Not required by the service. However, dietary or allergy notes a guest provides may reveal health information — operators are instructed to collect only what is necessary and not to enter other special-category data. |
Annex 2 — Technical & organisational measures
Encryption in transit (TLS) and at rest; least-privilege access controls; managed, access-controlled hosting and database; a fail-fast configuration contract validated at start-up; signed, signature-verified payment webhooks; and routine backups.
Annex 3 — Approved sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe | Payments & subscription billing | US / EU |
| Vercel | Application hosting, CDN & background jobs | US / EU |
| Resend | Transactional email (booking + account notifications) | United States |
| Optional operator calendar synchronisation (Calendar API) | US / EU | |
| PostHog | Cookieless, anonymous product analytics (no guest data; operator/visitor usage only) | European Union (Frankfurt) |
| Neon (a Databricks company) | Managed Postgres database (data storage) | European Union (Frankfurt) |
Signatures
Controller: Accepted electronically on sign-up (no manual signature). Processor: Seats at, LLC, Accepted electronically on sign-up (no manual signature). Click-through acceptance as part of the Terms accepted at sign-up.