Byrd
Join UsLog inRegister Interest

Privacy Policy

Last updated: 1 April 2026

Byrd (“we”, “us”, “our”) is a choir management platform. This policy explains how we collect, use, store, and protect personal data when you visit our website, register your interest, or use the Byrd platform.

1. Who we are

Byrd is operated by Shaun Brown as a sole-trader software product. For questions about this policy, contact us at privacy@byrd-app.co.uk.

2. What data we collect

2.1 Expression of Interest form

When you register your interest in Byrd, we collect: choir name, contact name, email address, phone number (optional), choir size, country, feature preferences, pricing feedback, and any notes you provide. We use this data solely to contact you about Byrd's launch and to shape product development.

2.2 Platform accounts

When a choir signs up to Byrd, we collect: name, email address, and authentication credentials (or OAuth tokens for Google/Apple sign-in). Passwords are hashed with bcrypt and never stored in plain text.

2.3 Choir member data

Choir administrators enter member data into the platform (names, contact details, voice parts, attendance, financial records, etc.). For this data, the choir is the data controller and Byrd acts as a data processor on their behalf. Each choir is responsible for having its own privacy policy that covers how it handles member data, and for obtaining appropriate consent from its members.

2.4 Automatically collected data

We collect standard web server logs (IP address, browser type, pages visited) and use cookies for authentication sessions. We do not use third-party analytics or advertising trackers.

3. How we use your data

  • To provide and maintain the Byrd platform
  • To communicate with you about your account or our service
  • To process expressions of interest and launch notifications
  • To send automated emails (rehearsal reminders, payment notices) on behalf of your choir
  • To improve and develop the platform based on usage patterns

4. Legal basis for processing (UK GDPR)

  • Consent — for EOI submissions and marketing communications. You can withdraw consent at any time.
  • Contract — to provide the platform service to subscribing choirs.
  • Legitimate interest — for platform security, fraud prevention, and service improvement.

5. Data sharing

We share personal data only with:

  • Hosting and infrastructure providers — for serving the application and storing data. Our database is hosted in the EU (London region).
  • Email delivery provider — for sending transactional emails (rehearsal reminders, payment notices, etc.)
  • Authentication providers — only if you choose to sign in via a third-party account (e.g. Google or Apple)

We do not sell, rent, or trade personal data. We do not use personal data for AI training. A full list of our sub-processors is available on request by emailing privacy@byrd-app.co.uk.

6. Data retention

  • EOI data — retained until you ask us to delete it, or for up to 24 months after submission if we cannot reach you.
  • Account data — retained for the duration of your account, and deleted within 30 days of account closure.
  • Choir member data — retained as long as the choir's subscription is active. On cancellation, data is deleted within 90 days unless the choir requests earlier deletion.

7. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data (Subject Access Request)
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time

To exercise any of these rights, email privacy@byrd-app.co.uk. We will respond within 30 days.

8. Children's data

Some choirs on Byrd are youth choirs with members under 18. In these cases, the choir (as data controller) is responsible for obtaining parental or guardian consent. Byrd provides consent signature workflows to support this. We do not knowingly collect data from children without parental consent.

9. Security

We protect your data with: HTTPS encryption in transit, encrypted database connections, bcrypt password hashing, role-based access controls, multi-tenant data isolation, and security headers. Our infrastructure is hosted with enterprise-grade cloud providers.

10. Cookies

Byrd uses only essential cookies for authentication sessions and organisation context. We do not use advertising or analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.

11. Changes to this policy

We may update this policy from time to time. We will notify registered users of material changes by email. The “last updated” date at the top of this page reflects the most recent revision.

12. Contact and complaints

If you have questions or complaints about how we handle your data, contact us at privacy@byrd-app.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.