Privacy.

On application: name, email, date of birth, home city, sex, optional photo, and your written answers. After acceptance: what you write on your profile, photos you upload, friend marks, Discerning marks, RSVPs, and your posts in events, themes, cohorts, and the Room. On identity verification: a selfie + your declared date of birth. We log when you’re active, who accepted your application, and which admin acted on any flag about you.

We do not collect your contacts, your location beyond the city you tell us, your browsing outside Seen, or any third-party account linkage.

Application data informs the accept / decline decision. Profile data renders Seen for other members, gated by the standards page (mutuals see prose; non-mutuals see facts only). RSVP data runs gatherings. Room posts are reviewed by a Catholic-tone classifier (Anthropic Claude) before they appear; the post body is sent to Anthropic for that classification call only and not stored there. Identity verification photos are stored privately and viewed only by an admin reviewing the submission. Every admin view of an identity document is recorded in our audit log.

We don’t sell your data. We don’t train AI models on your data. We don’t run targeted ads. We don’t share your profile with anyone outside Seen — including your home parish, your employer, or your school. We don’t store your payments (subscriptions go through Apple in-app purchase). We don’t hand your data to law enforcement except in response to a valid subpoena or to prevent imminent harm.

• Supabase— database + storage. Encrypted at rest and in transit.
• Vercel— application hosting.
• Loops— transactional email.
• Anthropic— Claude API for application triage + Room post moderation.
• Apple Push Notification service— when you use the iOS app and grant push permission.

You control transactional email per-type from Settings → Notifications. Pastoral mail (acceptance, welcome calls, profile reminders, event nudges) does not have a per-type toggle; you can stop these by removing your account. On iOS, push notifications mirror the same preferences — one toggle controls both channels.

You can request a full export, correction of any field, or deletion of your account. Email hello@seenapp.place. Deletion is a hard delete: your row, profile, posts, and photos all go.

Members in California, Virginia, the EU, or the UK have additional statutory rights (access, correction, deletion, portability, opt-out of automated decision-making). The process above honors those rights. Name what you need in the email.

Active member data is retained for the lifetime of your account. After deletion, we retain audit-log entries naming you as an admin actor (when you were an admin) for seven years for compliance. Application records are retained for two years after a decision so we can recognize re-applicants. Identity verification submissions are retained for the lifetime of the account they belong to and deleted with the account.

Seen is for members 18 and older. We do not knowingly collect data from anyone under 18.

We update this page when our practices change. The “last updated” date at the top reflects the most recent change. Material changes get an in-app notice plus an email to the address on file.

hello@seenapp.place. A real person reads every one.