Privacy Policy
Last Updated: 8th September 2025
This Privacy Policy explains how Sonic Baume LTD ("we," "us," or "our") collects, uses, shares, and protects information in relation to Rejig (the "Service"). We process your information as described here and in our Terms and Conditions.
This policy is designed to be compliant with the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). For the purpose of the GDPR, the data controller is Sonic Baume LTD of 14 Marlborough Road, St Albans, AL1 3XQ, United Kingdom.
Information We Collect
We collect information in the following ways to provide and improve our Service to you. We only collect the information necessary for these purposes and regularly review our data collection practices to ensure we're not collecting excessive information. We do not collect any sensitive personal information.
| Category | Information We Collect | How We Collect It |
|---|---|---|
| Account & Profile | • Full name • Email address • Password (hashed) • Company name (optional) • Profile picture (optional) | Provided directly by you when you create or update your account. |
| Payment | • Billing address • Last 4 digits of your payment card • Card expiry date | Provided directly by you when you subscribe. This is processed by our secure payment processor (Paddle); we do not store your full card details. |
| User Content | • Files, project details, text, and comments you upload or create within the Service. | Provided directly by you during your use of the Service. |
| Usage & Technical Data | • Features used, pages visited, clicks • IP address • Browser type and version • Operating system • Device type • Error reports and crash data | Collected automatically when you interact with our Service. |
| Third-Party Authentication | • Name, email address, and profile picture associated with your third-party account. | Received from third-party services (e.g., Google, Microsoft) if you choose to use them to sign in. |
How and Why We Use Your Information
We use the information we collect for specific purposes and rely on a lawful basis for each processing activity under GDPR. The table below explains what we use your information for and our legal justification for doing so.
| Purpose of Processing | Types of Data Used | Legal Basis (under GDPR) |
|---|---|---|
| To Provide and Maintain the Service To operate the core functionality of Rejig, authenticate you, provide customer support, and fulfill our obligations to you. | • Account & Profile Information • User Content • Usage & Technical Data | Performance of a Contract |
| To Process Payments To manage your subscription, process payments, and send billing information. | • Account & Profile Information • Payment Information | Performance of a Contract and Legal Obligation (for tax and financial records) |
| To Communicate with You To send important service updates, security alerts, and administrative messages. | • Account & Profile Information | Performance of a Contract and our Legitimate Interests (to keep you informed about your account) |
| For Marketing To send you newsletters and promotional offers about our Service. | • Account & Profile Information | Consent. You can withdraw your consent at any time by unsubscribing. |
| To Improve Our Product To analyze usage trends, fix bugs, and develop new features to enhance the Service. | • Usage & Technical Data | Legitimate Interests (to develop and improve our business and Service) |
| For Security and Fraud Prevention To protect our Service, prevent abuse, and ensure the security and integrity of our platform. | • Account & Profile Information • Usage & Technical Data | Legitimate Interests (to protect our platform, users, and business) |
| To Comply with Legal Obligations To meet legal requirements or respond to valid requests from public authorities. | • All relevant categories as required by law. | Legal Obligation |
We do not use your personal data for profiling or automated decision-making that produces legal or similarly significant effects. Any analytics or personalization features can be opted out of in your account settings.
Data Sharing and Third-Party Processors
We do not sell your personal information. We share your data with trusted third-party service providers (sub-processors) in order to operate, provide, and improve our Service. These processors are bound by contractual obligations to keep your information confidential and secure.
Our primary servers are located in the United Kingdom. However, some of our third-party processors are based in other countries, including the United States. When we transfer personal data from the UK or European Economic Area (EEA) to countries outside of these regions, we ensure that an adequate level of data protection is in place. We rely on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs) approved by the European Commission and the UK's Information Commissioner's Office (ICO).
| Processor | Function | Location | Transfer mechanism |
|---|---|---|---|
| Amazon Web Services Inc. | Infrastructure | United States | Data Privacy Framework |
| Cloudflare Inc | Cloud services | United States | Data Privacy Framework |
| Paddle.com Market Ltd | Payment processing | United Kingdom | Standard Contractual Clauses |
| Supabase Inc | Infrastructure | Singapore | Standard Contractual Clauses |
| Google Cloud EMEA Limited | Infrastructure | Ireland | Standard Contractual Clauses |
| Replicate Inc | Infrastructure | United States | Standard Contractual Clauses |
| Astrodon Inc | Email communication | United States | Standard Contractual Clauses |
| Fernand SAS | Customer communication | France | Standard Contractual Clauses |
| Better Stack Inc | Log management | Germany | Standard Contractual Clauses |
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We will notify you of such disclosures unless legally prohibited from doing so.
Cookies
We use the following types of cookies to operate and personalize the Service. We do not use cookies for analytics, marketing, or advertising, or any cookies that track users.
- Strictly Necessary Cookies: These are essential for you to access the Service and use its features, such as accessing secure areas of the site, user login, and live chat.
- Functional Cookies: These cookies allow our website to remember choices you make (such as your user name or language).
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not allow strictly necessary cookies, you may not be able to access our Service.
Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with the Service. After you delete your account, your data will be permanently removed from our production servers within 30 days. Residual copies of your data may remain in our backup systems for up to 90 days before being automatically deleted. We may retain certain information for a longer period to comply with our legal obligations (e.g., retaining billing records for 7 years for tax purposes), resolve disputes, and enforce our agreements.
Data Security
We take the security of your data very seriously. We use a variety of administrative, technical, and physical security measures to protect your personal information.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you in the most expedient time possible, and no later than 72 hours of becoming aware of the breach. We will provide information about the nature of the breach and the steps we're taking to address it.
Your Data Protection Rights
You have specific rights concerning your personal data. To exercise any of these rights, please email gizmrtp@ivazx.dvuzr.
We will respond to your data rights requests without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary, taking into account the complexity and number of requests. We do not charge a fee for responding to your requests unless they are manifestly unfounded, repetitive, or excessive.
To protect your privacy and maintain security, we may take steps to verify your identity before complying with your request. This may involve confirming details you have already provided to us, such as your registered email address or account information. You may also designate an authorized agent to make a request on your behalf under the CCPA, provided the agent presents written authorization signed by you and we can verify your identity directly.
For Users in the EEA and the UK (under GDPR)
- Right to Access: You have the right to request copies of your personal data.
- Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete. You can edit your profile information directly in your account settings.
- Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions. You can request account deletion from your account settings page.
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- Right to Object to Processing: You have the right to object to our processing of your personal data for marketing purposes. You can unsubscribe from marketing emails via the link provided in each email.
- Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions. You can export your project data from your dashboard.
For Residents of California (under CCPA)
- Right to Know: You have the right to know what personal information we collect, use, and disclose.
- Right to Delete: You have the right to request the deletion of your personal information.
- Right to Correct: You have the right to request the correction of inaccurate personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
Rejig does not "sell" or "share" your personal information as those terms are defined under the CCPA. Therefore, we do not offer an opt-out mechanism for the sale or sharing of data.
AI Processing
When you use our AI-powered features, your content is processed by our AI service providers solely to provide you with the requested service. Your data is not used to train or improve AI models. All AI processing is done in accordance with our data minimization principles.
Children's Privacy
Our Service is not directed to individuals under the age of 18, and our terms require users to be at least 18 years old. If we learn that we have collected personal information from anyone under 18, we will promptly delete that information and terminate the account.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.
Contact Us
If you have any questions about this Privacy Policy, or wish to exercise your rights, please contact us using the live chat or by emailing gizmrtp@ivazx.dvuzr.