Every payment moves through a regulated payment processor and into a Seatkin-controlled escrow account. Funds are released to group owners only after the joiner confirms seat access, or after a short verification window.

All money-moving requests use idempotency keys, are wrapped in database transactions, and are reconciled hourly with our payment providers.

Before you can host or join a paid group, we verify your identity through a vetted third-party provider. This protects everyone in the group.

• Government-issued ID + live selfie.
• Documents are reviewed by a third-party identity service, not stored in clear text on our servers.
• You can request deletion of your KYC data after the legally required retention period.

All traffic between your device and Seatkin is encrypted using TLS. Data at rest is encrypted using AES-256. Sensitive fields such as ID numbers are additionally encrypted at the application layer.

Production access is restricted to a small set of engineers, requires hardware-key two-factor authentication, and is fully audited.

You stay in control of your account through several built-in protections:

• Two-factor authentication on login and on sensitive actions.
• Email and SMS alerts for new logins and payouts.
• A device list so you can sign out of sessions you don't recognize.
• Rate-limiting on login, OTP, and payment endpoints to block brute-force attacks.

Seatkin only supports subscriptions whose vendor terms explicitly allow multi-seat or family sharing. Vendor compliance is reviewed before a tool is added to the catalog.

If a vendor changes its terms, we will pause new groups for that tool and contact existing members with the next steps.

If you believe you have found a security issue, please report it privately. We respond to every legitimate report and credit researchers in our acknowledgements.

Email security@seatkin.com with steps to reproduce and any supporting evidence. Please do not test against real user accounts.