Privacy Policy

1. Who We Are

Seek is an AI-powered cinematography reference platform operated as a sole proprietorship based in France. The Service is available at seek.film.

For any privacy-related questions, you can reach us at hello@seek.film.

2. Data We Collect

Account data

When you create an account, we collect your name and email address. If you sign up via Google or GitHub OAuth, we receive your name, email, and profile picture from the provider. We do not receive or store your OAuth provider password.

Usage data

We collect information about how you use the Service, including search queries, board activity, AI feature usage, and interaction patterns. This data helps us improve the Service and provide relevant features.

Payment data

Payments are processed by Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe provides us with a payment token, the last four digits of your card, and billing-related metadata. See Stripe's Privacy Policy.

Analytics data

We use PostHog for product analytics. PostHog collects anonymized usage data, including page views, feature usage, and session recordings. Session recordings have input masking enabled -- text typed into form fields is not captured. Analytics collection requires your consent via our cookie banner.

Technical data

We automatically collect technical information such as your IP address, browser type and version, device type, operating system, and referring URL. This data is used for security, fraud prevention, and Service optimization.

3. How We Use Your Data

• -- Service delivery: To provide, maintain, and improve the Service, including search, moodboards, and AI features.
• -- Billing: To process payments, manage subscriptions, and send transaction-related communications.
• -- Analytics: To understand how users interact with the Service and identify areas for improvement.
• -- Security: To detect and prevent fraud, abuse, and unauthorized access.
• -- Communication: To send essential service notifications, such as billing confirmations and account security alerts.

We do not use your data for advertising purposes. We do not sell your data to third parties.

4. Legal Basis (GDPR Art. 6)

We process your personal data on the following legal bases:

• -- Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service, manage your account, and fulfill subscriptions.
• -- Legitimate interest (Art. 6(1)(f)): Processing for security, fraud prevention, and Service improvement, where our interests do not override your rights.
• -- Consent (Art. 6(1)(a)): Analytics data collection via PostHog, which requires your opt-in consent through our cookie banner.
• -- Legal obligation (Art. 6(1)(c)): Retention of billing and payment records as required by French tax law.

5. Data Sharing

We share data with the following third-party service providers, strictly for the purposes described:

• -- Stripe (San Francisco, US) -- Payment processing. Receives billing and payment card information.
• -- PostHog (San Francisco, US) -- Product analytics. Receives anonymized usage data with your consent.
• -- Neon (EU region) -- Database hosting. Stores account data and application data.
• -- Vercel (San Francisco, US) -- Application hosting and edge delivery.

We do not sell, rent, or trade your personal data to any third party. We only share data as described above or when required by law.

6. Data Retention

• -- Account data: Retained while your account is active and for 30 days after account deletion, after which it is permanently erased.
• -- Payment records: Retained for 7 years after the transaction date, as required by French tax and accounting law.
• -- Analytics data: Retained for a maximum of 2 years, then automatically deleted.
• -- Technical logs: Retained for 90 days for security and debugging purposes.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the GDPR:

• -- Right of access: Request a copy of the personal data we hold about you.
• -- Right to rectification: Request correction of inaccurate or incomplete personal data.
• -- Right to erasure: Request deletion of your personal data ("right to be forgotten").
• -- Right to data portability: Request your data in a structured, commonly used, machine-readable format.
• -- Right to object: Object to processing based on legitimate interest.
• -- Right to restriction: Request restriction of processing in certain circumstances.
• -- Right to withdraw consent: Withdraw consent for analytics at any time via the cookie settings.

To exercise any of these rights, contact us at hello@seek.film. We will respond within 30 days. You also have the right to lodge a complaint with the French data protection authority (CNIL) at cnil.fr.

8. Cookies

We use the following categories of cookies:

• -- Essential cookies: Required for authentication, session management, and core Service functionality. These cannot be disabled.
• -- Analytics cookies (PostHog): Used to understand how you use the Service. These are only set after you give consent via our cookie banner.
• -- Payment cookies (Stripe): Set by Stripe during the checkout process for fraud prevention and payment processing.

You can manage your cookie preferences at any time through the cookie settings accessible in the footer of every page. You can also configure your browser to block or delete cookies, though this may affect the functionality of the Service.

9. International Transfers

Your data is primarily processed in the European Union (Neon database hosting). However, some of our service providers are based in the United States:

• -- Vercel (hosting and edge delivery)
• -- PostHog (analytics)
• -- Stripe (payment processing)

These transfers are protected by the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) as approved by the European Commission. We ensure that all data transfers comply with GDPR requirements.

10. Children

The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at hello@seek.film and we will promptly delete the data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect.

We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact & Data Protection

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

We aim to respond to all legitimate requests within 30 days. If your request is particularly complex, we may notify you and extend this period by an additional 60 days as permitted by the GDPR.