Privacy Policy
Effective date: May 6, 2026 Version: 1.0
1. Who we are
This privacy policy applies to the Seezonee platform and the website at www.seezonee.com.
The data controller is 17893833 Canada Inc., a federal Canadian corporation (Canada Business Corporations Act) operating under the name Seezonee ("Seezonee", "we", "us", "our"). The legal entity is the numbered company; "Seezonee" is the operating name.
- Privacy contact: privacy@seezonee.com
- Mailing address: 212 Hunters Bay Drive, Huntsville, ON P1H 1N2, Canada
- Federal corporation number: 1789383-3
2. Scope
This policy covers the personal information that Seezonee collects, uses, and discloses through:
- The Seezonee web application
- The www.seezonee.com marketing website
- WhatsApp and SMS messages sent through the Seezonee platform
This policy does not cover:
- Messages a business manager or staff member sends through their own personal accounts off-platform
- Third-party service providers' own privacy practices (Meta, Twilio, Supabase, Vercel, and others — see "Sub-processors" below)
- Any pre-existing privacy practices of the seasonal businesses that use Seezonee
3. Our roles under PIPEDA
Seezonee plays two distinct roles depending on the data:
- Seezonee acts as a data processor for staff names, phone numbers, message content, opt-in records, and pulse responses. The seasonal business that uses Seezonee is the data controller for its staff data; Seezonee processes that data only on the business's instructions.
- Seezonee acts as a data controller for account-holder email, business registration info, and billing data. We control this data directly because the business manager is our customer.
This distinction matters: requests from staff members about their personal information are usually handled by the seasonal business that employs them. We will assist the business in responding.
4. Information we collect
4.1 Information you provide directly (account-holder data)
When a business manager creates a Seezonee account, we collect:
- Email address — required for sign-in
- Full name and job title — optional, for display in the platform
- Business legal name, business registration number, mailing address, and authorized representative — required to provision your WhatsApp Business Account through our partner Twilio
4.2 Information you upload about your staff (staff-roster data)
When a business manager imports a staff roster, we collect:
- Name
- Mobile phone number in international (E.164) format
- Role and department — optional, for filtering and reporting
- Employee ID — optional, your internal identifier
- A minor flag (yes/no) and, if yes, the timestamp at which you captured parental consent off-platform
We do not collect: date of birth, parental-consent documents, staff email addresses, home addresses, or health information.
4.3 Information staff members provide through their replies (message data)
When a staff member replies to a message sent through Seezonee, we collect:
- Message body — the text or interactive button payload they send
- Phone number — the number from which they reply
- Timestamp
- Channel — WhatsApp or SMS
- Opt-in / opt-out events — for example, a "STOP" reply is recorded as an opt-out event
4.4 Technical data our infrastructure generates
- Login timestamps and session tokens — Supabase Auth manages these; only essential session cookies are used
- WhatsApp Business Account identifiers — Meta phone-number ID, WhatsApp Business Account ID, and business-portfolio ID, obtained through Meta's Embedded Signup flow
- Twilio subaccount identifiers — subaccount SID, encrypted auth token, sender SID, provisioned per business
- Audit-log entries — records of who took which action in the platform and when
We do not use third-party analytics, advertising trackers, behavioural fingerprinting, or marketing pixels.
5. Why we collect it
We collect personal information for the following named, limited purposes:
- Operating the messaging platform — sending WhatsApp and SMS messages on behalf of seasonal businesses to their staff
- Demonstrating consent — maintaining a verifiable record that staff opted in and a record of any subsequent STOP or unsubscribe events
- Generating reports — aggregated views of message delivery, response rates, and pulse themes for the business manager
- Account administration — sign-in, billing, and customer support
- Compliance — meeting our obligations under PIPEDA, CASL, the Meta WhatsApp Business Policy, and Twilio's terms of service
We do not use personal information for advertising, profiling, sale, or any purpose unrelated to the operation of the service.
6. WhatsApp and SMS specifics
When you use Seezonee to send WhatsApp messages:
- Meta Platforms, Inc. acts as a sub-processor for WhatsApp message delivery. Meta's processing of WhatsApp Business data is governed by the WhatsApp Business Data Processing Terms.
- Twilio Inc. acts as our Business Solution Provider and Solution Partner under Meta's Multi-Partner Solution program. Twilio routes all WhatsApp and SMS messages and has visibility into your WhatsApp Business Account in its capacity as Solution Partner.
- Each seasonal business has its own dedicated Twilio subaccount and its own Meta Business Portfolio. Your business's data is isolated from other Seezonee customers at the infrastructure layer.
We follow Meta's WhatsApp Business Policy:
- All messages are operational (utility category) — no marketing, no commerce
- Message templates require Meta's pre-approval
- We respect Meta's 24-hour session window: outbound messages outside that window use only Meta-approved utility templates
- We honour STOP and opt-out requests immediately and indefinitely
When SMS shipping begins (a future stage of the platform), we will follow CASL (Canada) and TCPA (United States) plus Twilio's toll-free verification requirements. SMS opt-outs are honoured platform-wide.
7. Embedded Signup disclosure
When a business manager connects their WhatsApp Business Account to Seezonee through Meta's Embedded Signup flow, Seezonee receives:
- A WhatsApp Business Account access token — used to send messages on the business's behalf
- The Meta Business Portfolio identifier the business chose to link
- The phone-number identifier registered on the WhatsApp Business Account
We use these credentials only to operate the messaging platform on the business's behalf. We retain them for the duration of the business's subscription. When a business cancels its subscription, we revoke these credentials within 30 days.
We do not access any Meta asset outside the WhatsApp Business Account that the business explicitly authorized.
8. Sub-processors
Seezonee relies on the following sub-processors. Each one has been chosen for its security posture and contractual data-handling commitments. For each, we list the country, the purpose, and the category of data we send.
- Supabase (United States) — database and authentication. Receives all account-holder, staff, and message data.
- Vercel (United States) — application hosting. Receives application logs and request metadata.
- Twilio (United States) — WhatsApp Business Solution Provider and Solution Partner under Meta's Multi-Partner Solution; SMS delivery (future). Receives phone numbers and message content.
- Meta Platforms (United States and global) — WhatsApp message relay, acting as a sub-processor. Receives phone numbers, message content, and WhatsApp Business Account identifiers.
- Anthropic (United States) — AI-powered pulse-response theme aggregation (see Section 9). Receives free-text reply content; staff identifiers are not attached.
- Helicone (United States) — observability for AI calls, used to monitor Anthropic API usage. Receives the same data as Anthropic.
We will update this list when sub-processors change and notify customers in advance of any material change.
9. AI feature disclosure
Seezonee's "pulse" feature lets a business manager send a question to staff (for example, "How's your day going?"). Free-text replies are sent to Anthropic for structured aggregation into themes. The output the business manager sees is a summary plus drill-down links — staff identifiers are not sent to the AI provider; only message content is.
This feature operates under the following commitments:
- AI output is validated against a fixed schema before being shown to a business manager
- All AI calls are logged through Helicone for observability and cost-cap enforcement
- The feature has a per-business spend cap that triggers a kill-switch
- A signed Data Processing Addendum with Anthropic is required before this feature launches publicly
Until those commitments are satisfied for a given seasonal business, the AI feature is not active for that business.
10. Cross-border data transfer
The sub-processors listed in Section 8 are headquartered in or hosted on infrastructure based in the United States. Personal information collected in Canada is therefore stored on, and may transit through, US-based infrastructure.
PIPEDA permits cross-border transfer of personal information provided that organizations use comparable safeguards. We rely on standard contractual terms and the security commitments of each sub-processor to maintain comparable protection.
US authorities may, in some cases, compel disclosure of data held by US-headquartered companies. We will notify our customers of any such request to the extent permitted by law.
11. Retention
We apply the following retention rules:
- Staff records (after a business manager removes them) — soft-deleted on removal; permanently deleted after 2 years of inactivity.
- Consent records (opt-in, opt-out, parental-consent timestamps) — retained for 3 years after the business relationship ends.
- Opt-out registry (phone numbers that have requested STOP) — retained indefinitely as a phone-number-only suppression list, to prevent re-contact.
- Message bodies — retained for the duration of the subscription; eligible for business-managed deletion in a future stage of the platform.
- Account-holder data (email, name, business info) — retained for the duration of the subscription, plus the period required to satisfy our legal, tax, and accounting obligations.
- Audit-log entries — retained for 3 years for compliance auditability.
When data reaches the end of its retention period, it is permanently deleted from production systems. Backups roll off on a 90-day cycle.
12. Security safeguards
We protect personal information through:
- Row-level security on every database table — no row exists without an enforced access policy
- Encryption at rest (managed by our hosting provider) and in transit (TLS 1.2 or higher)
- Encrypted credentials for third-party tokens — Twilio auth tokens are stored encrypted; raw tokens never appear in logs
- Append-only audit log for sensitive actions
- Rate limiting on authentication and message-send endpoints
- Webhook signature validation on inbound messages from Meta and Twilio
- Sanitized logging — no secrets, no raw form bodies, and no personal information beyond what is operationally required
- Breach response — our practice is to assess potential breaches within 72 hours and notify affected parties without undue delay where required by law
13. Your rights
Under PIPEDA you have the right to:
- Access the personal information we hold about you
- Correct any inaccuracy
- Withdraw consent for our processing — with the understanding that this may end your ability to use the service
- File a complaint with the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/
In addition, even where not strictly required by Canadian law, we offer a deletion-on-request mechanism. Email privacy@seezonee.com and we will respond within 30 days. We will delete the data subject's information unless we are legally required to retain it (for example, consent records under CASL).
If you are a staff member of a seasonal business that uses Seezonee, requests about your personal information are usually handled by the business that employs you. Email us anyway — we will help you and the business respond.
To exercise any right, email privacy@seezonee.com. Please describe the request and provide enough information for us to identify you. We may ask for additional verification.
14. Children and minors
Seezonee is designed for staff at seasonal businesses. Some staff may be under the age of majority.
- We do not collect or persist a staff member's date of birth.
- For each staff member, the business manager indicates whether the person is a minor (yes/no) and, if yes, captures parental consent off-platform and records the timestamp.
- The platform blocks outbound messages to a staff member flagged as a minor unless a parental-consent timestamp is recorded. There is no in-product bypass.
- Parental-consent documents themselves are not stored on Seezonee; verification is the responsibility of the seasonal business.
We do not knowingly collect personal information from children under the age of 13.
15. Cookies and tracking
The www.seezonee.com marketing website runs on Webflow. It uses Webflow's default cookies for site delivery and may set a small number of essential cookies. We do not run advertising trackers, social-media pixels, or behavioural-analytics scripts on the marketing site.
The Seezonee web application uses only essential cookies — a Supabase-issued authentication session cookie. We do not run analytics, advertising, or behavioural tracking inside the application.
16. Changes to this policy
We will update this policy as our practices evolve. For material changes:
- In-product — a banner will appear in the Seezonee application
- Email — a notice will go to the account-holder email on file
- Notice period — at least 30 days before the new policy takes effect, where the change reduces your rights or expands our use of personal information
The current effective date and version are at the top of this page. Prior versions are available on request from privacy@seezonee.com.
17. Contact
For any privacy question, request, or complaint:
18. References