Privacy Policy

Effective Date: February 18, 2026 · Version 1.0

1. Introduction

Sego Lily ("we", "us", "our") is committed to protecting your privacy. This policy describes how we collect, use, store, and share personal data when you use our platform. We comply with applicable data protection laws including GDPR.

2. Data We Collect

Information You Provide

  • Account data: Name, email address, password (hashed)
  • Booking data: Name, email, phone number, event/service selections
  • Payment data: Processed by Stripe; we store transaction IDs, not card numbers
  • Content: Event descriptions, email templates, documents you create
  • Intake form responses: Custom form answers submitted during booking

Information Collected Automatically

  • Analytics: Page views, session recordings, and heatmaps via PostHog (cookieless mode — no cookies are set)
  • Log data: IP addresses, browser type, request timestamps (for security and debugging)
  • Email delivery: Send status, timestamps (not email content after 90 days)

3. How We Use Your Data

  • Service delivery: Processing bookings, sending confirmations, managing memberships
  • Communication: Booking confirmations, reminders, newsletters (with consent)
  • Product improvement: Analytics to understand usage patterns and improve the platform
  • Security: Fraud prevention, rate limiting, audit logging
  • Legal compliance: Financial record keeping, tax obligations

4. Data Sharing

We share data only with:

  • Stripe: Payment processing (PCI-DSS compliant)
  • Resend: Transactional email delivery
  • PostHog: Product analytics (EU-hosted, cookieless)
  • Neon: Database hosting (SOC 2 compliant)
  • Vercel: Application hosting and deployment

We do not sell personal data to third parties.

5. Data Retention

We retain your data for the minimum period necessary:

Data TypeRetention Period
Account dataUntil deletion requested
Bookings & payments3 years (financial compliance)
Email delivery logs90 days
Activity logs1 year
Newsletter subscriptions30 days after unsubscribe
Feedback messages2 years after resolution
Password reset tokens24 hours

Automated cleanup runs weekly to remove data beyond its retention period. Financial records are anonymized rather than deleted during the retention period.

6. Your Rights

Under GDPR and applicable laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data via your profile settings
  • Erasure: Request deletion of your account and personal data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing of your data for specific purposes
  • Withdraw consent: Unsubscribe from newsletters at any time

To exercise these rights, use the member portal or contact privacy@segolily.app.

7. Cookies & Tracking

We use cookieless analytics via PostHog. No tracking cookies are placed on your device. Session data is stored in memory only and is not persisted across browser sessions. This means no cookie consent banner is required.

8. Security

We protect your data through:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Password hashing with bcrypt
  • Two-factor authentication (TOTP) support
  • Rate limiting on sensitive endpoints
  • Regular security audits
  • Role-based access control with tenant isolation

9. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. The "Effective Date" at the top of this page indicates the latest revision.

11. Contact

For privacy-related inquiries or to exercise your data rights, contact us at privacy@segolily.app.