Back

Privacy Notice (Sealivo)

Last updated: 2026-01-02

This Privacy Notice explains how Sealivo ("Sealivo", "we", "us", "our") collects and processes personal data when you use our website and services, including:

  • our marketing website at https://sealivo.com
  • our web application (dashboards for creators and brands)
  • creator public pages (/p/[username]), leaderboard and verification badge images
  • related APIs and support channels

This Privacy Notice is intended to be aligned with the Swiss Data Protection Act (DPA / revDPA) and the EU General Data Protection Regulation (GDPR). The application of these laws depends on your specific situation.

If you provide us with personal data of other persons (for example sponsor contacts, colleagues, or other individuals), please make sure the respective persons are aware of this Privacy Notice and only provide such personal data if you are permitted to do so and such personal data is correct.

Table of contents

  1. What this Privacy Notice is about
  2. Controller and how to contact us
  3. What data we process (categories and examples)
  4. Where the data comes from (provided / collected / received)
  5. Purposes of processing
  6. Legal bases (where applicable)
  7. Profiling and automated decision-making
  8. Sharing and recipients
  9. Public profiles, leaderboard and badge disclosure
  10. International data transfers
  11. Retention and deletion
  12. Security
  13. Cookies, analytics and similar technologies
  14. Your rights
  15. Updates to this Privacy Notice

1. What this Privacy Notice is about

Sealivo provides a “verified media kit” for newsletter creators and a discovery/outreach workflow for brands. Creators can connect an email/newsletter provider via API key, Sealivo fetches aggregate metrics (such as subscriber count and average open rate where available), and creators may publish a public trust page and an embeddable badge. Brands can browse creators, save shortlists, and send sponsorship requests; creators can accept/decline and optionally reveal contact details upon acceptance.

This Privacy Notice describes how we process personal data in connection with these features. We may provide additional “just-in-time” notices for specific situations.

2. Controller and how to contact us

Sealivo is the controller for the processing described in this Privacy Notice.

  • Website: https://sealivo.com
  • Privacy contact: support@sealivo.com

If you need formal controller details (legal entity name and address), add them here once confirmed:

  • Controller legal entity: Fynn Auerbach & Lionel Wermelinger
  • Registered address: Sengelbachweg 19, 5000 Aarau, Switzerland

3. What data we process (categories and examples)

We process different categories of personal data depending on how you use Sealivo. “Personal data” means any information relating to an identified or identifiable person.

3.1 Technical data (website/app usage and infrastructure)

When you visit or use the website or Service, we may process technical data such as:

  • IP address (infrastructure logs and security systems)
  • device/browser information (user agent, language, approximate location derived from IP)
  • timestamps, pages visited, referrer URLs
  • identifiers stored in cookies or similar technologies (for example authentication session cookies)

Technical data is primarily used to operate the Service, secure it, and understand usage patterns.

3.2 Registration and account data (authentication)

If you create an account or sign in, we process:

  • email address
  • authentication/session identifiers and tokens (handled by Supabase Auth and stored as cookies)
  • login method (for example email/password, magic link, Google OAuth)
  • account identifiers (for example a user UUID)
  • account role and access flags (creator vs brand; subscription access)

Passwords (where used) are processed by Supabase Auth. Sealivo does not store raw passwords.

3.3 Master data (profiles and business identity)

Depending on your role, we process profile data such as:

Creators

  • username, display name, avatar URL
  • niche, newsletter URL, about text, audience country
  • sponsor contact fields you choose to provide (such as sponsor email and/or sponsor URL)
  • whether your profile is public

Brands

  • company name, website, industry

3.4 Newsletter provider connection data (credentials and metadata)

Creators may connect supported newsletter providers (for example Kit (formerly ConvertKit), Beehiiv, MailerLite, Brevo, Mailchimp). If you connect a provider, we process:

  • provider name and configuration metadata (for example publication/list identifiers)
  • API credentials you provide (stored encrypted at rest)
  • operational metadata such as last fetched time and error information (if a fetch fails)

Important: Sealivo is designed to store aggregate metrics (see next section) rather than subscriber-level personal data. However, when calling provider APIs, subscriber-level data may be processed in transit in the provider response even if we do not store it. We work to avoid storing or logging subscriber-level data unless necessary for troubleshooting.

3.5 Verified metrics (snapshots)

We store verification snapshots such as:

  • subscriber count
  • average open rate (where available)
  • verification timestamp and provider reference

These snapshots may be used to power creator dashboards, public pages, the public leaderboard, and badge images.

3.6 Communications data (support and marketplace messages)

We process communication data such as:

  • messages sent through the marketplace workflow (brand → creator sponsorship requests)
  • responses and status (accepted/declined) and timestamps
  • if accepted: contact details the creator provides (for example contact email and/or URL), which are then revealed to the requesting brand

Support channels (depending on configuration) may include:

  • support email correspondence
  • support chat conversations (Crisp) if enabled

3.7 Billing and contract data (payments and subscriptions)

If you subscribe to a paid plan (if applicable), we process billing-related data such as:

  • Stripe customer identifiers and subscription/access status stored in our database
  • invoices, payment status and payment method information processed by Stripe

Payments (including payment method details and tax information, if any) are processed by Stripe. Sealivo does not store full payment card details on its servers.

3.8 Leads / marketing contact data

If you submit your email through our lead form (if used), we process:

  • email address
  • timestamp and metadata related to the submission

3.9 Other data you submit

Certain fields in Sealivo allow free-form text (for example profile “about” text and sponsorship request messages). You control what you submit. If you include sensitive data (for example health or political information), we may process it as part of providing the Service, but the Service is not intended for collecting sensitive data.

4. Where the data comes from (provided / collected / received)

4.1 Provided by you

You provide data when you:

  • create an account or sign in
  • fill out or update your creator or brand profile
  • connect newsletter providers and enter API credentials
  • send sponsorship requests or respond to them
  • submit your email through our lead form
  • contact support (email/chat)

4.2 Collected automatically

We collect some data automatically when you use the Service, such as:

  • technical usage data (logs, cookies, basic device/browser information)
  • analytics events and aggregate usage metrics (depending on configuration)

4.3 Received from third parties

We receive data from:

  • newsletter providers (metrics responses)
  • Stripe (billing events and identifiers)
  • Supabase Auth (authentication/session data)
  • Google (OAuth) if you sign in via Google through Supabase

5. Purposes of processing

We process personal data for the following purposes:

5.1 Providing and operating the Service

  • creating and managing accounts
  • providing dashboards and Service functionality
  • generating creator public pages and badge images
  • generating creator-only exports (for example pitch deck PDFs) when applicable

5.2 Fetching and verifying newsletter metrics

  • connecting newsletter providers and fetching aggregate metrics through provider APIs
  • creating and refreshing verification snapshots

5.3 Marketplace functionality (brand ↔ creator)

  • enabling brands to discover creators, save shortlists, and send sponsorship requests
  • enabling creators to respond and, if accepted, reveal contact details to the requesting brand

5.4 Billing and subscription management

  • processing payments via Stripe
  • granting and revoking access based on subscription status
  • providing billing portal access through Stripe where available

5.5 Customer support

  • responding to inquiries and support requests
  • troubleshooting, quality assurance, and service communication

5.6 Security and abuse prevention

  • protecting accounts, endpoints, and infrastructure
  • preventing abuse, fraud and unauthorized access
  • enforcing our Terms of Service

5.7 Marketing and growth (where used)

  • contacting lead-form submitters and providing marketing communications where permitted
  • measuring acquisition and website performance (analytics)

5.8 Compliance and legal protection

  • complying with legal obligations and lawful requests
  • establishing, exercising or defending legal claims

6. Legal bases (where applicable)

Depending on applicable law and context, we may process personal data based on:

  • Contract / pre-contractual steps (for example, providing the Service, billing, marketplace workflows)
  • Legitimate interests (for example, security, preventing abuse, improving reliability and product development)
  • Consent (for example, certain marketing communications where required; optional support chat; optional analytics where required by cookie laws)
  • Legal obligations (for example, tax/accounting retention where applicable)

Where we rely on consent, you may withdraw your consent at any time with effect for the future.

7. Profiling and automated decision-making

7.1 Profiling

We may analyze usage and behavior in the Service (for example what pages are used and how features are used) to improve the Service, detect abuse, and understand performance. This may be performed through analytics tooling and internal service metrics.

We do not use personal data for “data sale” or behavioral advertising as a business model.

7.2 Automated decisions

The Service includes automated processes such as:

  • subscription access control (for example enabling/disabling features based on Stripe subscription status)
  • leaderboard ordering based on verification metrics

These processes are designed for service functionality and are not intended to produce “significant” legal effects about you in the sense of fully automated decision-making under certain laws. If this changes, we will update this Privacy Notice.

8. Sharing and recipients

We do not sell your personal data.

We share personal data with recipients where necessary to operate the Service:

8.1 Service providers (processors)

We use service providers that process personal data on our behalf, such as:

  • Supabase (authentication and database)
  • Vercel (hosting and infrastructure; may include logs and analytics)
  • Stripe (payments and subscription management)
  • Plausible and Vercel Analytics (analytics; depending on configuration)
  • Crisp (support chat) if enabled

8.2 Newsletter provider integrations (independent services)

If you connect a newsletter provider, we send your credentials to that provider to authenticate API requests and retrieve metrics from that provider. These providers typically act as independent controllers for their own services.

8.3 Other users (marketplace disclosure)

Brands and creators may see data needed to run sponsorship requests (for example message content and statuses). If a creator accepts a request, the creator’s provided contact details are revealed to the requesting brand.

8.4 Authorities and legal disclosures

We may disclose personal data to authorities, courts or other parties if required by law or to protect our rights.

9. Public profiles, leaderboard and badge disclosure

Sealivo includes features that intentionally publish certain creator information and verification metrics (for example on a creator public page, the public leaderboard, and badge images).

If you enable a public profile, your public profile data and selected verified metrics may be accessible to anyone on the internet. This may include sponsor contact fields you choose to publish. You control what you choose to publish, and you can disable public visibility through your settings.

10. International data transfers

Our service providers and integration partners may process personal data in countries outside your country of residence (including outside Switzerland and the EEA). Where required, we rely on appropriate safeguards (such as contractual protections) to support such transfers.

Note: Internet communications and cloud services may route data through multiple jurisdictions even if endpoints are in the same country.

11. Retention and deletion

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Retention depends on the data category and purpose. Examples:

  • Account and profile data: for the duration of your account, and for a reasonable period after deletion to handle obligations and disputes.
  • Provider connection data (encrypted credentials): while the connection is active; removed when you disconnect or delete your account (subject to backups).
  • Verified metrics snapshots: retained to provide verification history; may remain visible for public profiles until removed or the profile is made private.
  • Marketplace messages: retained to provide the marketplace workflow, prevent abuse, and support dispute handling.
  • Billing records: retained as required by applicable tax/accounting laws and for audit purposes.
  • Technical logs and security data: retained for security, debugging and abuse prevention, typically for limited periods.

If you request deletion, some data may still be retained where legally required or necessary for legitimate interests (for example billing records or abuse-prevention logs).

12. Security

We use appropriate technical and organizational measures designed to protect personal data. Examples evidenced in our architecture include:

  • encryption of newsletter provider credentials at rest (application-side encryption)
  • access controls and row-level policies in our database to limit access to data
  • HTTPS for data in transit
  • authentication and session management with Supabase Auth
  • protections around sensitive endpoints (for example cron routes and signed email relay requests if enabled)

No security system is perfect. We continuously improve security controls as the Service evolves.

13. Cookies, analytics and similar technologies

13.1 Necessary cookies (authentication and core functionality)

Sealivo uses necessary cookies to maintain authentication sessions and provide core functionality (for example staying signed in). If you disable these cookies, the Service may not function properly.

13.2 Analytics

Sealivo uses:

  • Plausible (via next-plausible)
  • Vercel Analytics

to measure usage and improve performance. Depending on configuration and applicable law, analytics may use cookies or similar technologies.

13.3 Support chat (optional)

If enabled, Sealivo may use Crisp for customer support chat. Crisp may store identifiers using cookies or local storage to provide chat functionality and may associate the chat session with a user identifier.

13.4 Your choices

You can typically control cookies through your browser settings and delete cookies at any time. If you disable certain cookies, parts of the Service may not function properly.

14. Your rights

Depending on applicable law, you may have rights such as:

  • access to your personal data
  • correction of inaccurate data
  • deletion of data (subject to exceptions)
  • restriction of processing
  • data portability (where applicable)
  • objection to certain processing
  • withdrawal of consent (where we rely on consent)

To exercise your rights, contact: support@sealivo.com.

You may also have the right to lodge a complaint with a competent supervisory authority. Examples:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
  • EU/EEA: your local data protection authority (a list is maintained by the EDPB)
  • UK: Information Commissioner’s Office (ICO)

15. Updates to this Privacy Notice

We may update this Privacy Notice from time to time. The version published in the Service (and/or on our website) is the current version. We will update the “Last updated” date when we make changes.