Last updated: 29 April 2026
This Privacy and Cookie Policy ("Policy") describes how Bajara S.r.l. ("SongyBird", "we", "us" or "our") collects, uses, discloses and protects your personal data when you use the SongyBird platform, websites, mobile applications and related services (collectively, the "Service"). It is issued in accordance with Regulation (EU) 2016/679 ("GDPR"), the Italian Personal Data Protection Code (Legislative Decree no. 196/2003 as amended by Legislative Decree no. 101/2018) and Directive 2002/58/EC ("ePrivacy Directive").
The Data Controller is:
Bajara S.r.l.
Registered office: Via Sandro Pertini 25 - 42017, Novellara (RE), Italia
VAT / Tax code: IT03013870351
Email: [email protected]
Website: songybird.com
For any privacy-related request, including the exercise of your rights, you may contact us at [email protected].
We collect the following categories of Personal Data:
| Purpose | Categories of data | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Creating and managing your account, providing the Service (Chirps, Nests, profile) | Account data, user-generated content, technical data | (b) Performance of the contract |
| Processing payments and managing subscriptions | Billing data, payment data | (b) Performance of the contract; (c) legal obligations (accounting, tax) |
| Issuing invoices and complying with Italian/EU tax law | Billing data, tax identifiers | (c) Legal obligation |
| Sending transactional emails (verification, password reset, billing notifications) | Account data, billing data | (b) Performance of the contract |
| Security, fraud prevention, abuse moderation, blocking disposable email addresses | Account data, technical data, IP address | (f) Legitimate interest in maintaining a safe Service |
| Diagnosing technical issues and improving the Service | Technical data, usage data, error logs | (f) Legitimate interest in operating and improving the Service |
| Responding to your requests and exercise of rights | Account data, communications | (c) Legal obligation; (f) legitimate interest |
| Marketing communications (where activated) | Email address, name | (a) Consent — withdrawable at any time |
| Defence of legal claims | All categories as needed | (f) Legitimate interest |
We collect data directly from you when you register, complete your profile, subscribe, record content or contact us. Some technical data is collected automatically by your browser or device when you interact with the Service. We do not purchase Personal Data from third-party data brokers.
Your Personal Data may be shared with the following categories of recipients, acting as Data Processors or autonomous Controllers:
We do not sell or rent your Personal Data to third parties for advertising purposes.
Personal Data is primarily processed within the European Economic Area (EEA). Some of our processors (such as Stripe) may transfer data outside the EEA, including to the United States. In such cases, we rely on the safeguards required by Articles 44–49 GDPR, including:
You may request a copy of the relevant safeguards at [email protected].
| Data category | Retention period |
|---|---|
| Account data | For the entire duration of the account, plus up to 12 months after deletion for security and legal purposes. |
| User-generated content (Chirps, comments, Nest messages, files) | Until you delete it or your account is closed; then permanently deleted within 30 days, save for backups which are rotated within 90 days. |
| Billing and invoice data | 10 years after the relevant tax year, as required by Italian and EU accounting/tax law. |
| Payment data (Stripe identifiers) | For the duration of the contractual relationship, plus 10 years for accounting purposes. |
| Server and security logs (incl. IP addresses on Chirp views) | Up to 12 months, unless required longer for security investigations. |
| Email communications and support tickets | Up to 24 months from the last interaction. |
| Marketing data (if consent given) | Until consent is withdrawn, and in any case no longer than 24 months from the last interaction. |
We adopt appropriate technical and organisational measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, in accordance with Article 32 GDPR. These include, among others:
No system is 100% secure; in case of a personal data breach affecting your rights and freedoms, we will notify you and the supervisory authority as required by Articles 33–34 GDPR.
Under Articles 15 to 22 GDPR, you have the right to:
To exercise your rights, write to [email protected]. We will reply within 30 days (extendable by 60 additional days where the request is complex). The exercise of your rights is free of charge unless requests are manifestly unfounded or excessive.
You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali): www.garanteprivacy.it, or with the supervisory authority of your EU country of residence.
You may delete your account at any time from your account settings or by writing to [email protected]. Deletion will remove your profile and user-generated content from the active Service within 30 days. Some data may be retained longer where required by law (see Section 8 — Retention).
The Service uses cookies and similar technologies (localStorage, sessionStorage) for the purposes described below. Cookie consent is managed in accordance with the ePrivacy Directive and the guidelines of the Italian Garante (10 June 2021).
| Name / type | Purpose | Duration | Category |
|---|---|---|---|
| Session cookie (Laravel) | Maintains your authenticated session | Session / 120 min | Strictly necessary |
| XSRF-TOKEN | CSRF protection | Session | Strictly necessary |
| locale | Stores your language preference | 30 days | Functional / strictly necessary |
| Sanctum auth token (localStorage) | Authenticates API requests | Until logout | Strictly necessary |
| Socket token (localStorage / memory) | Authorises WebRTC socket connections | 15 minutes | Strictly necessary |
| Cookie-consent preference | Stores your cookie choices | 12 months | Strictly necessary |
The Service does not currently set marketing, profiling or third-party analytics cookies. Stripe may set strictly-necessary cookies on the checkout and customer portal pages it hosts; please refer to stripe.com/cookies-policy.
Strictly-necessary cookies do not require consent. For any non-essential cookie, you may grant or withdraw your consent at any time through the cookie banner or your browser settings. Disabling strictly-necessary cookies may impair the functionality of the Service.
The Service is not directed to children. In Italy, the minimum age to consent to information-society services is 14 years (Art. 2-quinquies of the Italian Privacy Code). Outside Italy, the minimum age may range from 13 to 16 depending on the EU member state. By creating an account you confirm that you meet the minimum age in your country. If you become aware that a minor has provided us with Personal Data without valid parental consent, please contact [email protected] and we will delete the data without undue delay.
We do not carry out solely automated decisions producing legal or similarly significant effects on you (Art. 22 GDPR). Limited automated checks are performed for security purposes (e.g., rejecting disposable email addresses, abuse-rate limiting); these do not constitute solely automated decision-making in the sense of Art. 22.
We may update this Policy from time to time to reflect changes in our practices or in applicable law. The "Last updated" date at the top of this page indicates the date of the latest revision. Material changes will be notified through the Service or by email at least 15 days before they take effect.
For any question relating to this Policy or to the Processing of your Personal Data, write to:
Bajara S.r.l.
Via Sandro Pertini 25 - 42017, Novellara (RE), Italia
Email (privacy): [email protected]
Email (support): [email protected]
© SongyBird.com - All rights reserved.
Designed and developed by
VAT Code: IT03013870351
