Privacy Policy

What we collect

We collect only what we need to operate the service.

Account data. Email address (required), password hash (never plaintext), account creation timestamp, last login timestamp, email verification status.

Profile data (optional). Display name, time zone, notification channel preferences (push, SMS, email, Discord).

SMS data (only if you opt in). Mobile phone number, opt-in timestamp and IP, opt-in source, opt-out status.

Watch configurations. Restaurant or experience name, date range, party size, meal period, search-window timestamps. This is the data we monitor against.

Billing data (paid plans only).Stripe customer ID, subscription tier, last four digits of your payment card, card brand, billing ZIP, billing history (charge dates and amounts), refund history. Full card numbers, expirations, and CVVs are handled exclusively by Stripe under PCI-DSS Level 1 — we never see them.

Delivery data (if you opt in). Web push subscription endpoint and keys, Discord channel webhook URL (you provide it).

Operational logs. IP address, user-agent, session cookies, alert delivery logs (which alerts sent, which channel, delivery status), watch-evaluation logs.

What we don't collect

We never collect, store, request, or transmit your Disney account credentials, MyDisneyExperience login, or any Disney-account-specific information. Ever.

We do NOT collect: precise device location, your contacts, photos, microphone or camera input, browsing activity across other sites, government IDs, Social Security numbers, racial or ethnic data, religious affiliations, biometric or genetic data, health data, or sexual-orientation data. We do not sell, rent, or trade your personal information to third parties for marketing.

How we use your data

Your email and phone number are used exclusively to deliver availability alerts and account notifications (password resets, billing receipts, service updates). Watch configurations are used to match detected availability against your criteria. Operational logs are used to deliver alerts, prevent fraud, and improve reliability.

SMS messaging and consent

If you opt in to SMS alerts, you provide your mobile phone number and explicit consent to receive text messages from SpotSitter about reservation availability matching your saved watches, plus account-related notifications (verification codes, billing alerts). Message frequency varies with your watch activity — typically 0 to 20 messages per month per watch. Message and data rates may apply.

Reply STOP to any SpotSitter SMS to unsubscribe. Reply HELP for support, or email support@spotsitter.com. You can also disable SMS alerts at any time from your account settings. See our SMS Terms for program details.

We do not share or sell mobile numbers or SMS opt-in data to third parties for marketing, promotional, or any other purposes. Mobile information is shared only with the subprocessor required to deliver the message (Twilio, our SMS gateway), and never for marketing. This restriction applies to phone numbers, opt-in status, and all associated consent data.

Third-party services and sub-processors

We share only the minimum data required for each service to function. Each operates under its own privacy policy.

Stripe — payment processing (US). Receives card details, billing address, email.
Twilio — SMS delivery (US). Receives mobile number and message body.
Resend — transactional email delivery (US). Receives email address and message body.
Supabase — authentication and database storage (US). Holds account data, watches, alert logs.
Vercel — web hosting and edge runtime (US). Processes request headers and IP for service delivery.
Discord — if you provide a Discord webhook, alert payloads are sent to that webhook URL.
Analytics and advertising— only if you opt in. See “Cookies, analytics, and advertising” below.

EU and UK residents may request a copy of our current sub-processor list or our standard Data Processing Addendum (DPA) at any time by emailing privacy@spotsitter.com. We update the sub-processor list when material changes occur and within a reasonable timeframe for any GDPR-required disclosures.

Data retention

Your account data is retained as long as your account is active. Alert history is retained for 90 days, then automatically purged. If you delete your account, all personal data is removed within 30 days, except where retention is required by law (e.g., billing transaction records for tax purposes, typically retained for 7 years per IRS guidance).

Cookies, analytics, and advertising

SpotSitter uses three categories of cookies and similar technologies:

Necessary (always on). A session cookie for Supabase authentication, your A/B variant assignment, and your saved consent preferences. These are required for the site to function and cannot be disabled.

Site health telemetry (always on). Ahrefs Web Analytics gives us aggregate page, referrer, device, and rough-location reporting for SEO and site quality. It does not set cookies, store raw IP addresses, or share your traffic data with competitors.

Product analytics (opt-in). Google Analytics 4 helps us understand how visitors use the site, where they drop off, and which features matter. It is configured to anonymize IP addresses and mask personally identifiable input fields (email, payment). Retention: 14 months.

Advertising (opt-in).We use pixels and server-side conversion APIs from Meta (Facebook/Instagram), TikTok, Reddit, Pinterest, and Microsoft Bing to measure ad performance and reach similar audiences. The only data shared is hashed email and event metadata (page viewed, signed up, subscribed) — never your watch configurations, phone number, or Disney activity.

You control opt-in trackers.EEA, UK, and California visitors are opted out by default. Everywhere else, our consent banner asks before any Google Analytics or advertising cookie fires. You can change your choice at any time via the “Cookie preferences” control in the footer. We automatically honor the Global Privacy Control (GPC) browser signal. California residents can also use the “Do Not Sell or Share My Personal Information” control in the footer to opt out of analytics and advertising.

California residents — your privacy rights

California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories we collect.Identifiers (email, phone, IP), commercial information (subscription history), internet activity (cookieless site-health metrics, plus cookies and analytics events if you have opted in), and inferences (none — we do not build behavioral profiles).

Sale and sharing.We do not sell your personal information. We “share” personal information only with the advertising partners listed above and only with your opt-in consent. You may opt out at any time using the “Do Not Sell or Share My Personal Information” control in our footer or by enabling the Global Privacy Control signal in your browser.

Shine the Light (Civil Code §1798.83). We do not share personal information with third parties for their own direct marketing purposes.

Sensitive personal information. We do not collect sensitive personal information as defined by CPRA.

Your rights. Right to know, right to delete, right to correct, right to opt out of sale or sharing, and right to non-discrimination for exercising any of these rights. Exercise any right by emailing privacy@spotsitter.com.

EEA, UK, and Swiss residents

If you are in the European Economic Area, United Kingdom, or Switzerland, the data controller for your personal information is SpotSitter, reachable at privacy@spotsitter.com.

Legal bases for processing. We process your data on these bases: performance of our contract with you (account creation, watch execution, alert delivery); your consent (SMS alerts, optional analytics and advertising cookies); our legitimate interests (service security, fraud prevention, product improvement, balanced against your rights); and legal obligation (tax, accounting, law-enforcement requests).

Your rights. Subject to applicable law, you have the right to: access your personal data; correct inaccurate data; request erasure; restrict or object to processing; receive your data in a portable format; withdraw consent at any time (without affecting prior lawful processing); and lodge a complaint with your local supervisory authority (ICO in the UK; the relevant DPA in your EU member state). To exercise any of these, email privacy@spotsitter.com— we respond within 30 days.

International transfers.Our service is operated from the United States. When we transfer your personal data outside the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards. Our subprocessors have committed to SCCs or equivalent transfer mechanisms; contact us for the current list and copies of the safeguards in place.

Statutory right of withdrawal. EU, UK, and Swiss consumers have a statutory right to withdraw from a paid subscription within 14 days of purchase, with a full refund, without giving any reason. To exercise this right, email support@spotsitter.com with the subject “Withdrawal — [account email]” within 14 days. This statutory right is in addition to the refund window described in our Refund Policy.

Security and breach notification

We use industry-standard technical and organizational measures to protect your personal information, including encryption in transit (TLS) and at rest, scoped access controls, and audit logging. No security measure is perfect, and we cannot guarantee absolute security.

If a data breach affecting your personal information occurs, we will notify you and applicable regulators in accordance with applicable law, typically within 30 days of discovery (or sooner if required by law), via the email on file and any other channel required by law.

Children's privacy

SpotSitter is intended for use by adults age 18 or older. We do not knowingly collect personal information from children under 13, and the service is not directed to children under 13. If you are a parent or guardian and believe your child under 13 has provided us personal information, please contact us at privacy@spotsitter.com and we will delete the information from our records.

For minors age 13 to 17 in jurisdictions where applicable (including California residents under 18), additional rights may apply, including the right to request removal of information you have posted.

Your rights and how to exercise them

You can access or delete your data at any time via your account settings: Export (Account → Privacy → Export my data; we deliver a JSON file with your account data, watches, and alert history within 30 days), Delete (Account → Privacy → Delete my account; account is soft-deleted immediately and hard-deleted within 30 days), and Correct (Account → Profile lets you update email, phone, name, and notification preferences directly).

You may also submit any data-subject request by emailing privacy@spotsitter.comwith the subject “Privacy request — [your account email].” We verify the requester's identity by sending a confirmation link to the email address on the account (or, for SMS-only requests, a verification code to the verified phone number). We respond within 30 days; if the request is complex we may extend by up to 60 days with notice. There is no fee for the first request in any 12-month period; we may charge a reasonable fee for excessive or repetitive requests, as permitted by law. We will not retaliate against you for exercising any privacy right.

Changes

We'll email you about material changes to this policy at least 14 days before they take effect. The latest version is always available at this URL.

Contact

Privacy questions? Email privacy@spotsitter.com.