BirdSings BIRDSings

Privacy Policy

How BirdSings collects, processes, and protects your personal data — applies worldwide, with extra rights for residents of the EU/EEA, the UK, Switzerland, California, Brazil, and other jurisdictions noted below.

Last updated: 2026-06-29

1. Who we are

BirdSings ("we", "us", "our") operates the marketplace at https://birdsings.com. Data controller contact: privacy@birdsings.com. EU/UK representative requests and DPO inquiries use the same address.

2. What we collect

3. What we do NOT collect

4. Cookies

Three categories:

Change your choice anytime by clearing the consent cookie or contacting us.

5. Anti-piracy tokens

When you purchase, we mint a download token tied to your order. The token records the first IP address and User-Agent that successfully downloads, to prevent account sharing. The IP is processed strictly for fraud-prevention and is deleted 30 days after the token expires.

6. Your rights

If you live in the EU, EEA, UK, or Switzerland (GDPR / UK GDPR / FADP):

If you live in California (CCPA/CPRA): right to know, delete, correct, opt-out of sale/share (we do not sell or share), and non-discrimination.

If you live in Brazil (LGPD), Türkiye (KVKK), or other jurisdictions with comparable laws: equivalent access, rectification, deletion, portability, and objection rights apply.

Send requests to privacy@birdsings.com. We respond within 30 days (45 days for California requests where extension permitted).

7. Data retention

8. International data transfers

Your data may be processed outside your country, including in the United States. Where this happens, we rely on the EU Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, the Swiss FDPIC clauses, and — for transfers to certified US recipients — the EU–US Data Privacy Framework. Stripe, Resend, Netlify, and Google are all DPF-certified.

9. Third-party processors

10. Security

TLS 1.3 in transit, AES-256 at rest. Stripe handles card data. Access to production systems is limited to authorized personnel under written confidentiality. We will notify affected users and the competent supervisory authority within 72 hours of becoming aware of a personal data breach, where required.

11. Complaint

You may lodge a complaint with your local supervisory authority. Examples:

12. Changes

We may update this policy. Material changes will be announced on the site banner at least 30 days before taking effect, except where a shorter period is required by law.