✦ New encouragement resources just dropped! Explore now →

Seen and Sent

Privacy Policy

Last updated: March 2026

1. Who We Are

Seen & Sent (seensent.com) is an encouragement platform that offers digital eCards, free downloadable resources, and physical products. References to “we,” “us,” or “our” mean Seen & Sent.

2. Data We Collect & Retention

DataPurposeRetention
Sender name (eCards)Display in card and email30 days
IP address (eCards)Rate limiting, abuse prevention24 hours, then auto-purged
eCard send recordDelivery + view tracking30 days (expires_at column)
Newsletter emailSending newslettersUntil you unsubscribe
Name & email (orders)Order confirmation and shipping updatesDuration of business relationship
Shipping address (orders)Delivery of physical productsDuration of business relationship
Order historyPurchase records, refunds, GST complianceMinimum 7 years (Australian tax law)
Contact messagesResponding to enquiriesDeleted after resolution

Recipient email addresses are never stored. They are used only to send the card email and are immediately discarded.

Payment card details are never stored on our servers. All payment processing is handled securely by Stripe.

3. Third-Party Services

  • Supabase — Database and file storage (EU/US)
  • Stripe — Payment processing (PCI-DSS compliant)
  • Resend — Transactional email delivery
  • Brevo — Email marketing (newsletter only, with consent)
  • Vercel — Hosting and edge network

We do not sell your data to any third party. Each service processes data under their own privacy policies and Data Processing Agreements.

4. Your Rights (GDPR)

If you are in the EEA or UK, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure (Article 17 — “right to be forgotten”)
  • Withdraw consent (newsletter) at any time via the unsubscribe link
  • Lodge a complaint with your supervisory authority

To exercise any right, contact us via the contact page.

5. Cookies

We use only essential cookies required for the website to function (session management). We do not use tracking, analytics, or advertising cookies.

6. Security

All data is transmitted over HTTPS. Database access is protected by Row-Level Security (RLS). Payment data is handled entirely by Stripe and never touches our servers.

7. Changes

We may update this policy. When we do, we will update the “last updated” date above.