seshn

Privacy Policy

Version 1.0 – Effective January 10, 2026

Introduction

Seshn LLC ("Seshn," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (seshn.io) and mobile applications (Android and iOS), collectively referred to as the "Service."

By using our Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Phone number
  • Account credentials
  • Profile photo (optional)

Usage Information

When you use our Service, we automatically collect:

  • Session booking and scheduling data
  • Device information (device type, operating system)
  • Log data (IP addresses collected in server logs, access times, pages viewed). IP addresses may be anonymized where possible.

Sensitive Personal Information

Certain session categories may involve sensitive personal information (e.g., health or wellness data). We only process such data as necessary to provide the Service and do not use it for secondary purposes. We do not use sensitive personal information to infer characteristics about you or for secondary purposes like marketing.

Our Role as Controller and Processor/Service Provider

We act in different roles depending on the context:

  • As a Controller/Business: For personal information we collect directly from you for our own purposes (e.g., your account information, usage data for improving the Service, analytics). We determine how this data is processed, as described in this Privacy Policy.
  • As a Processor/Service Provider: When a participating business uses our Service to manage bookings, we process end-user personal information (e.g., booking details, notes) on behalf of and under the instructions of that business. In this case, the participating business is the controller/business responsible for the data, and we act solely as their processor/service provider. The business's privacy policy governs their use of your data, and they are responsible for providing any required notices, obtaining consents, and handling your rights requests related to that processing.

For processor relationships with businesses, we enter into data processing agreements (or incorporate terms via our subscription agreements) that meet requirements under applicable laws like GDPR and CCPA. Our Data Processing Addendum (DPA) for business subscribers is available upon request at privacy@seshn.io.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process and manage your session bookings
  • Send you important notifications about your account and sessions
  • Respond to your inquiries and provide customer support
  • Analyze usage patterns to improve user experience
  • Detect and prevent fraud or unauthorized access

Push Notifications

We may send push notifications for session confirmations, reminders, or service updates. We do not use push notifications for marketing purposes. You can manage push notification preferences in your device settings at any time.

Processing on Behalf of Businesses

Where we act as a processor/service provider on behalf of a participating business, we only use end-user data as instructed by the controller business and as necessary to provide the Service.

Information Sharing and Third-Party Services

We may share your information with the following third-party service providers:

  • Google Cloud Platform: We use Google Cloud Platform to host and operate our Service infrastructure. All data is stored and processed on systems located in the United States.
  • Firebase: We use Firebase for authentication services in our website and mobile applications. Firebase is operated by Google and processes your account credentials securely. We also use Firebase Analytics to understand app usage patterns. This may collect device identifiers, crash data, and anonymized usage events. You can opt out of Firebase Analytics through your device settings (iOS: Settings > Privacy > Analytics; Android: Settings > Google > Ads).
  • Google Analytics: We use Google Analytics on our website to analyze usage patterns and improve our Service. Google Analytics uses cookies to collect information such as your IP address, browser type, and pages visited. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by adjusting your browser's cookie settings. For more information, see Google's Privacy Policy.
  • Stripe: Business subscribers may use Stripe for payment processing. We facilitate but do not handle end-user payment details directly. For more information, see Stripe's Privacy Policy.

We may also disclose your information if required by law, to protect our rights, or in connection with a business transfer such as a merger or acquisition.

Participating Businesses

When you book a session, we share necessary personal information (such as your name, email address, phone number, profile photo if provided, and booking details/notes) with the participating business to enable them to confirm, manage, and provide the session. Similarly, businesses may share limited information with us (e.g., session attendance confirmation or notes).

Participating businesses are independent controllers of your personal data for their own purposes. We are not responsible for their privacy practices, and we recommend reviewing the business's privacy policy (if available) before booking.

For data processed on behalf of businesses (e.g., booking facilitation), we act as a service provider/processor and handle it according to their instructions and applicable laws.

If you have questions or wish to exercise rights regarding data processed on behalf of a business, please contact the business directly first. We will assist as required by law (e.g., forwarding requests to the appropriate business).

Cookies

Our website uses cookies for essential functions and analytics. Cookies are small text files stored on your device that help us provide and improve our Service.

We use the following types of cookies:

  • Essential Cookies: Required for the website to function properly
  • Analytics Cookies: Used by Google Analytics to understand how visitors interact with our website

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. You can opt out of non-essential cookies (such as analytics cookies) via your browser settings at any time. However, blocking essential cookies may affect website functionality.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Service. For inactive accounts, we retain account data for up to 2 years after the last account activity before anonymizing or deleting it, unless longer retention is required by law.

If you wish to delete your account and personal data, you can:

  • Request deletion through the account settings in our mobile app
  • Contact us at privacy@seshn.io

Upon receiving a valid deletion request, we will delete your personal data within 30 days. Your booking history will be anonymized or deleted, but we may retain limited transaction records for legal or accounting purposes as required by applicable law. We may retain anonymized data for analytics indefinitely.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Request that we delete your personal information
  • Portability: Request a copy of your data in a portable format
  • Opt-out: Opt out of certain data processing activities

To exercise any of these rights, you can:

  • Use the account settings within our mobile app to request data deletion
  • Contact us directly at privacy@seshn.io

We will acknowledge receipt of your request within 10 business days (CCPA) or one month (GDPR), and respond within 45 days (CCPA, extendable) or one month (GDPR, extendable by two additional months for complex requests).

Verification of Requests

To protect your privacy, we may verify your identity before processing requests (e.g., by matching provided information to our records or requiring account login). For sensitive requests, we may require additional proof of identity. If we cannot verify your identity, we will inform you and explain next steps.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, and the right to opt out of the sale of your personal information.

Categories of Personal Information We Collect and Disclose

In the preceding 12 months, we have collected the following categories of personal information (as defined under CCPA):

  • Identifiers: Name, email address, phone number, IP address
  • Internet or network activity: Device type, operating system, log data, usage patterns
  • Geolocation data: Approximate location inferred from IP address
  • Commercial information: Booking history, session details
  • Sensitive personal information: Limited; health/wellness inferences from certain session types, processed only for service provision
  • Inferences: Usage preferences drawn from the above

Sources: Directly from you, automatically via device/logs, from participating businesses.

Purposes: As described in "How We Use Your Information."

Disclosures for Business Purposes: To service providers (e.g., Google for hosting/analytics) and participating businesses (for booking fulfillment), including as a service provider to participating businesses.

We do not "sell" or "share" (for cross-contextual behavioral advertising) personal information. In the preceding 12 months, we have not sold personal information and have no intention to do so.

Authorized Agents

You may designate an authorized agent to submit a CCPA request on your behalf. The agent must provide proof of written authorization or power of attorney. We may contact you directly to verify your identity and confirm authorization before processing the request.

Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. We will not deny you services, charge different prices, or provide a different level or quality of service because you exercised your privacy rights.

Minors Under 16

We do not knowingly sell or share the personal information of consumers under 16 years of age. Our Service is not directed at children under 13 (see Children's Privacy section).

Other U.S. State Privacy Laws

Residents of other U.S. states with comprehensive privacy laws (e.g., Colorado, Connecticut, Virginia, Texas, Utah) may have similar rights. Please contact us at privacy@seshn.io to exercise your rights under applicable state law.

European Privacy Rights (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

  • Contract Performance: Processing necessary to provide you with our Service
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our Service and ensuring security
  • Consent: Where you have given us explicit consent to process your data for specific purposes

Your GDPR Rights

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Request restriction of processing
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

International Data Transfers

All personal data is stored and processed exclusively in the United States. If you are located outside the United States, your data will be transferred to the United States. We rely on Standard Contractual Clauses approved by the European Commission to ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws. We have executed Standard Contractual Clauses with our service providers and conduct regular risk assessments. Our third-party providers, including Google, operate under their respective Data Processing Addendums.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.

To exercise any of these rights, please contact us at privacy@seshn.io.

Children's Privacy

Seshn provides a platform for businesses to manage client sessions, bookings, and related features. These businesses may input personal information about their clients, including children under 13 (e.g., name, age, or attendance), for operational purposes.

Seshn acts as a data processor (or service provider) with respect to this information, processing it solely on behalf of and under the instructions of our business customers, who are the data controllers. We have actual knowledge that certain features may involve children's personal information but do not directly collect it from children or parents. Our business customers are solely responsible for complying with all applicable children's privacy laws, including the Children's Online Privacy Protection Act (COPPA), such as obtaining verifiable parental consent before collecting or inputting information about children under 13.

We require our business customers to warrant compliance with these laws in their agreements with us. We process children's personal information only as necessary to provide the requested features (e.g., tracking session attendance or progress). This information is not used for marketing purposes, sold to third parties, or shared beyond what is required to support the business's operations. We implement appropriate technical and organizational security measures to protect all data, including children's information.

Business customers control the data they input and are responsible for responding to parental rights requests (e.g., access, correction, or deletion). If you are a parent or guardian and have concerns about your child's information processed through a business using Seshn, please contact that business directly in the first instance. We will cooperate with our business customers to facilitate verified requests as required by law. You may also contact us at privacy@seshn.io, and we will assist in coordinating or processing the request where appropriate (subject to verification).

We retain children's information only as long as necessary to provide the Service or as directed by our business customers, subject to legal obligations. Seshn is committed to supporting compliance with COPPA and other applicable children's privacy laws in our role as a processor.

Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

  • Encryption in Transit: All data transmitted between your device and our systems is encrypted
  • Encryption at Rest: Your data is encrypted when stored on our systems
  • Access Controls: Strict access controls and authentication mechanisms to limit data access to authorized personnel
  • Security Assessments: Regular security reviews and assessments of our systems
  • Industry Standards: We follow industry-standard security practices to protect your information

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. We promptly notify affected users and relevant authorities of any confirmed data breach as required by applicable law.

Mobile Applications

Our mobile applications are available on Android (Google Play Store) and iOS (Apple App Store). The mobile apps collect the same types of information described in this policy.

Device Permissions

Our mobile applications may request the following optional device permissions:

  • Camera: Used only to take a profile photo, if you choose to add one
  • Photo Library: Used only to select an existing photo for your profile, if you choose to add one

These permissions are optional and only requested when you initiate a profile photo update. You can deny these permissions and still use all other features of the Service.

We do not request or collect precise geolocation, contacts, microphone, or other device permissions beyond those listed above. We may infer approximate location from your IP address for analytics or fraud prevention purposes.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For material changes, we will provide additional notice via email or in-app prompt and may require affirmative consent where required by law.

We encourage you to review this Privacy Policy periodically for any changes.

Last Updated: January 10, 2026

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Seshn LLC
Email: privacy@seshn.io