Songbird Strategies Logo

Songbird Strategies

Legal Notice

Songbird Strategies
Privacy Policy

Last updated: July 15, 2025

Songbird Strategies LLC ("Songbird Strategies", "we", "our" or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information about visitors, prospective customers, and users ("you" or "your") of our website https://songbirdstrategies.io and any related services that link to or reference this Policy (collectively, the "Services").

If you do not agree with any part of this Privacy Policy, please do not access or use the Services.

1. Scope & Governing Law

We are a Delaware limited‑liability company located in the United States. Accordingly, U.S. federal and state privacy laws apply. Because we may receive visits from the European Economic Area ("EEA"), the United Kingdom ("UK"), and other jurisdictions, this Policy also addresses the EU General Data Protection Regulation 2016/679 ("GDPR") and the UK GDPR where applicable. If a provision of this Policy conflicts with a mandatory rule of applicable law, that law controls.

2. Definitions

"Personal Data" (or "Personal Information") means any information that identifies, relates to, describes, or could reasonably be linked to an individual.

"Processing" means any operation performed on Personal Data (collection, storage, use, disclosure, etc.).

"Controller" means the entity that determines the purposes and means of Processing Personal Data; Songbird Strategies is the Controller for data described in this Policy.

3. Personal Data We Collect & How We Collect It

CategoryExamplesHow We Collect
Identity DataFirst and last name, company nameUser‑supplied web forms
Contact DataEmail address, postal address, phone numberUser‑supplied web forms
Account & Content DataUser‑generated content submitted through the ServicesUser‑supplied
Technical & Usage DataIP address, device/browser type, operating system, clickstream data, page views, session duration, referrer URL, geographic region, analytics identifiers, interaction events (clicks, scrolls, form submissions)Automatic collection via cookies, pixels, log files, and SDKs (including Google Tag Manager/Analytics)
Inferred DataPreference profiles and service usage trends derived from Technical & Usage DataDerived internally

We do not knowingly collect data from children under 16 years of age and do not target our Services to them. If you believe we have collected such data, please contact us (Section 14).

4. Purposes & Legal Bases for Processing

4.1 United States (including CCPA/CPRA)

We use Personal Data for the following business purposes:

  • Provide and operate the Services (e.g., create user profiles, respond to inquiries).
  • Improve and personalize the Services (e.g., analytics, content creation, preventing the need to re‑enter data).
  • Security and fraud prevention.
  • Future marketing communications, with the ability to opt‑out at any time (see Section 8).
  • Compliance with legal obligations.

We do not "sell" or "share" Personal Information as those terms are defined by California law. We do not use sensitive Personal Information for inferring characteristics or for purposes beyond those authorized by Cal. Civ. Code §1798.121.

4.2 EU/UK GDPR Legal Bases

PurposeLegal Basis
Provide and operate the ServicesContract necessity (Art. 6 (1)(b))
Improve and personalize (analytics, OpenAI content generation)Legitimate interests (Art. 6 (1)(f))—we balance our interest in improving the Services against your rights and expect minimal privacy impact.
Future marketing emailsConsent (Art. 6 (1)(a)); you may withdraw at any time.
Security, fraud preventionLegitimate interests (Art. 6 (1)(f))
Compliance with lawLegal obligation (Art. 6 (1)(c))

5. Cookies & Tracking Technologies

We and our service providers use cookies, local storage, and similar technologies to collect Technical & Usage Data (Section 3). Where required by law, we obtain your consent for non‑essential cookies. You can manage cookie preferences through your browser settings or via any consent management tool we deploy.

6. Third‑Party Service Providers

We disclose Personal Data to vetted providers that perform services on our behalf:

  • Google Tag Manager / Google Analytics 4 (USA) – site analytics; receives Technical & Usage Data.
  • OpenAI API (USA) – generates responses and content; processes Identity Data, Contact Data, Account & Content Data you submit in prompts.
  • HubSpot CRM (USA) – stores Identity Data, Contact Data, and email interaction metadata for customer‑relationship management; used in CRM mode only.
  • Hostinger (USA/EU) – web‑hosting provider; stores all categories of data on secure servers.

These providers may process data in the United States or other jurisdictions. We contractually require them to protect data consistent with this Policy and applicable law.

7. International Data Transfers

We are headquartered in the United States. If you are located outside the U.S., your Personal Data will be transferred to and processed in the U.S. and possibly other countries with different privacy laws. For transfers from the EEA/UK, we rely on Standard Contractual Clauses and other legally recognized safeguards (GDPR Art. 46) to protect your information.

8. Marketing Communications

We do not currently send marketing emails but may do so in the future. If we do, we will obtain your affirmative consent (e.g., checkbox or double opt‑in). Each marketing email will include an unsubscribe link enabling you to opt out at any time.

9. Data Retention

We retain Personal Data for as long as your user profile exists or as needed to fulfill the purposes outlined in this Policy, plus any additional period required by law, contract, or legitimate business need (e.g., audit, security, or dispute‑resolution records). Upon profile deletion, we delete or anonymize associated Personal Data within a commercially reasonable period, unless retention is legally required.

10. Security Measures

We employ administrative, technical, and organizational safeguards designed to protect Personal Data, including:

  • HTTPS/TLS encryption for all data in transit.
  • Encryption at rest for databases and backups.
  • Role‑based access controls restricting employee access to need‑to‑know.
  • Employee NDAs and security/privacy training.
  • Regular vulnerability scanning and timely patch management.
  • Logical segregation of production and development environments.
  • Incident‑response procedures aligned with industry best practices.

No system is 100% secure; we cannot guarantee absolute security.

11. Your Rights & Choices

11.1 United States (including California)

Depending on your state of residence, you may have rights to access, delete, correct, and opt out of certain data processing. To exercise these rights, contact us (Section 14). We will not discriminate against you for exercising these rights.

11.2 EU/UK Data Subjects

Under GDPR, you have the right to:

  • Access your Personal Data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase data (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing based on legitimate interests (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

You may lodge a complaint with your local supervisory authority or the Irish Data Protection Commission. We will respond to requests within one month.

12. Children's Privacy

The Services are not directed to children under 16. We do not knowingly collect Personal Data from children. If we learn that we have collected such data, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Policy from time to time. If we make material changes, we will post the updated Policy and change the "Last updated" date. Continued use of the Services after the update constitutes acceptance of the revised Policy.

14. Contact Us

For questions or requests regarding this Privacy Policy or our privacy practices, contact:

Email: privacy@songbirdstrategies.io

© 2025 Songbird Strategies LLC. All rights reserved.