Singergie

Privacy Policy

Last updated: March 29, 2026

1. Who we are

This policy explains how Singergie (registered Scottish charity SC051356) collects, uses, shares, and stores personal data across our public website, member area, staff area, and admin area.

Questions about privacy can be sent to info@singergie.com.

2. Personal data we collect

2.1 Public visitors

  • Information you choose to send us by email (for example via mailto links).
  • Approximate location input you provide in the postcode search feature (used to find nearby choirs).
  • Standard technical request data processed by our hosting and infrastructure providers (for example request metadata needed to serve pages).

2.2 User account data

  • Account identity data: full name, email address, and profile photo.
  • Contact data: phone number and email address.
  • Choir membership and role assignment data.
  • Authentication data handled via Firebase Authentication (including passwords).
  • Session cookie data used to keep signed-in sessions active.

2.3 Optional emergency medical and contact data

  • Address and date of birth.
  • Primary and secondary emergency contact details.
  • Medical conditions, essential medications, and additional support information.
  • Consent confirmations and consent timestamp for emergency data handling.

2.4 Rehearsals, events, and participation data

  • Attendance/check-in status for rehearsals.
  • Event RSVP responses, option selections, and member notes.
  • Operational notes entered by staff/admins for rehearsals and events.

2.5 Donations and payment-related data

  • Donation amount, frequency, status, timestamps, and receipt identifiers.
  • Stripe customer, checkout, invoice, subscription, payment intent, and charge IDs.
  • Gift Aid declarations and related taxpayer details where provided.
  • Cash donation entries entered by staff (including notes and entered-by records).

2.6 Content and media data

  • News article content, tags, images, and publication metadata.
  • Choir/staff images and venue/contact details entered by admins/staff.
  • Files uploaded to platform storage for public and internal content management.

2.7 Audit, security, and telemetry data

  • Audit logs for account sign-ins/sign-outs and significant member/staff/admin actions.
  • Activity feed entries shown to relevant users.
  • Limited feature telemetry (for example, opening lyrics/backing tracks).
  • Stripe webhook processing records (event IDs, status, and errors).

3. How we use personal data

  • To run and secure the Singergie website and account platform.
  • To authenticate users and enforce role-based access.
  • To manage choirs, rehearsals, attendance, events, and communications.
  • To process donations, receipts, subscriptions, and Gift Aid records.
  • To send verification and service emails.
  • To maintain audit trails, investigate issues, and prevent abuse/fraud.
  • To publish approved public content (for example staff profiles and news posts).

4. Lawful bases

We process personal data under one or more of the following UK GDPR lawful bases:

  • Legitimate interests (running and improving choir operations and platform security).
  • Performance of a contract or steps at your request (account and donation services).
  • Legal obligation (for example charity and accounting record obligations).
  • Consent (for emergency medical information and specific optional data uses).

5. Cookies and similar technologies

We use a secure, HTTP-only session cookie for authenticated areas so users can stay signed in. We do not currently run a separate advertising or behavioural cookie system on the public site.

6. Third parties and data sharing

We share data only where needed to run services, comply with law, or protect rights.

  • Google Firebase (Authentication, Firestore database, and Storage) for account, app data, and uploaded file processing.
  • Stripe for donation checkout, subscriptions, billing portal, and payment processing.
  • Resend for transactional email delivery (for example contact email verification).
  • OpenStreetMap tile services for map display on choir/location pages.
  • Postcodes.io for UK postcode lookup in the “Find your choir” feature.

We may also disclose data where required by law, regulation, legal process, or to protect users, Singergie, and the public.

7. International transfers

Some providers may process data outside the UK. Where this happens, we rely on appropriate safeguards (such as contractual protections) offered by those providers.

8. Retention

We keep data only as long as needed for the relevant purpose, including:

  • Account/profile data: while accounts remain active, then as operationally required.
  • Donation and finance records: as required for accounting and legal obligations.
  • Audit/security logs: retained for security, safeguarding, and governance purposes.
  • Email verification tokens: short-lived and automatically expire.
  • Session cookies: expire automatically (or sooner on sign-out/revocation).

9. Security

We use role-based access controls, authenticated routes, audit logging, secure cookie settings, and provider-level security controls. No internet service can be guaranteed 100% secure, but we work to reduce risk and respond to incidents promptly.

10. Your rights

Depending on your circumstances, you may have rights to:

  • Access personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion or restriction in certain cases.
  • Object to certain processing.
  • Withdraw consent where processing depends on consent.
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO).

11. Public content and external links

Our website may link to third-party websites and social platforms. Their privacy practices are separate from ours. Please review their policies before sharing personal data.

12. Changes to this policy

We may update this policy as services evolve. Material changes will be posted on this page with a new “Last updated” date.

You can return to this policy any time via /privacy.