Privacy & Cookie Policy

Last updated: 16 November 2025

Contact Us

Introduction

Welcome to SongChoice. We are committed to protecting your privacy and personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR), and the Privacy and Electronic Communications Regulations (PECR).

This Privacy and Cookie Policy explains how we collect, use, store, and protect your personal information when you use our website at www.songchoice.co.uk.

Data Controller

The data controller responsible for your personal data is:

SongChoice
Email: privacy@songchoice.co.uk

What Personal Data We Collect

1. Information You Provide

  • Account Information: Name, email address, password (encrypted)
  • Church Information: Church name, role, membership details
  • Content: Songs, services, notes, and other content you create
  • Profile Information: Profile picture, preferences, settings

2. Information Collected Automatically

  • Authentication Cookies: Session tokens for keeping you logged in (strictly necessary)
  • Usage Data: Pages visited, features used, interaction patterns (only with consent)
  • Technical Data: Browser type, device information, IP address (anonymized with consent)
  • Performance Data: Page load times, error reports (only with consent)

How We Use Your Data

Legal Bases for Processing

1. Contractual Necessity

To provide and maintain our service, including:

  • Creating and managing your account
  • Storing and organizing your church's song library
  • Enabling collaboration within your church community
  • Providing customer support

2. Legitimate Interests

  • Improving and developing our service
  • Ensuring security and preventing fraud
  • Troubleshooting technical issues

3. Consent

With your explicit consent, we use:

  • Google Analytics: To understand how users interact with our website
  • Vercel Analytics: To monitor website performance and speed

You can withdraw consent at any time through our .

Cookie Policy

Cookies are small text files placed on your device to help websites function properly and provide usage information. We use the following types of cookies:

1. Strictly Necessary Cookies (No Consent Required)

Authentication Cookies

  • Purpose: Keep you logged in and maintain your session
  • Duration: 30 days or until you log out
  • Provider: Better Auth (first-party)
  • Can be disabled: No (essential for site functionality)

2. Analytics Cookies (Requires Consent)

Google Analytics (GA4)

  • Cookies: _ga, _gid, _gat_*
  • Purpose: Understand website usage, page views, user behavior
  • Duration: Up to 26 months
  • Provider: Google LLC (USA)
  • Data shared: Anonymized usage statistics
  • Can be disabled: Yes, via cookie preferences

3. Performance Cookies (Requires Consent)

Vercel Analytics & Speed Insights

  • Purpose: Monitor website performance, speed, and errors
  • Duration: Session-based
  • Provider: Vercel Inc. (USA)
  • Data shared: Performance metrics, page load times
  • Can be disabled: Yes, via cookie preferences

Third-Party Embeds

We use YouTube's privacy-enhanced mode (youtube-nocookie.com) for video embeds, which reduces tracking but may still set cookies when you interact with videos.

Data Storage & Security

Where We Store Your Data

  • Application Data: Hosted on secure servers in the EU
  • Database: PostgreSQL with encryption at rest
  • Backups: Encrypted and stored securely

How We Protect Your Data

  • Industry-standard encryption (TLS/SSL)
  • Password hashing with bcrypt
  • Regular security audits and updates
  • Access controls and authentication
  • Automated backup systems

Data Retention

  • Account Data: Retained while your account is active
  • Analytics Data: Up to 26 months (Google Analytics)
  • Audit Logs: 90 days for security purposes
  • Deleted Accounts: Personal data removed within 30 days

Your Privacy Rights

Under GDPR and UK PECR, you have the following rights:

1. Right to Access

Request a copy of your personal data we hold.

2. Right to Rectification

Correct inaccurate or incomplete personal data.

3. Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data.

4. Right to Restrict Processing

Limit how we use your data in certain circumstances.

5. Right to Data Portability

Receive your data in a machine-readable format.

6. Right to Object

Object to processing based on legitimate interests.

7. Right to Withdraw Consent

Withdraw consent for analytics and performance cookies at any time.

Exercise Your Rights

To exercise any of these rights, please contact us at privacy@songchoice.co.uk

We will respond to your request within 30 days. If you're not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

International Data Transfers

Some of our service providers are based outside the UK/EU:

  • Google Analytics: Google LLC (USA) - Standard Contractual Clauses
  • Vercel: Vercel Inc. (USA) - Standard Contractual Clauses

We ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

Children's Privacy

SongChoice is intended for use by churches and their authorized members. We do not knowingly collect personal data from children under 13 (or 16 in the EU) without parental consent.

Changes to This Policy

We may update this Privacy and Cookie Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact Us

If you have any questions about this Privacy and Cookie Policy, please contact us:

Email: privacy@songchoice.co.uk

Website: www.songchoice.co.uk

Data Protection Officer: Available upon request

Manage Your Cookie Preferences

You can change your cookie settings at any time