At Birdie, we are committed to protecting our customers’ personal data. This policy will help you understand how we collect, manage and use their and their users’ personal data as part of our provision of our products and services to you.
In essence, we (Birdie, together with our affiliates, licensors, partners and contractors, including their respective successors and assigns, referred to as “Birdie”, “we”, “us” or “our”) need to collect certain personal data about our customer (either you as an individual, or the legal entity that you represent, or for the benefit of which you are agreeing to these terms and have the full power and authority to bind contractually, as applicable; referred to as “Customer”, “you”, “your” or “yours”) in order to be able to provide such Customer and/or its employees or other authorized users acting on its behalf (each a “user”) with our products. We promise to work hard to preserve the integrity and the security of Customer’s information (including that of its users) under our control. We will only use Customer’s data in a manner consistent with this privacy policy, and will not share it with anyone for any other purpose.
In this policy, the expression “personal data” means any information relating to an identified or an identifiable natural person. Such information may include, for example, the person’s name, address, contact information (such as telephone numbers or email addresses), age, and gender. We further use the term “product” to refer to any product, service, solution or other offering made available by Birdie, including our website and web-based application at app.birdie.ai (the “Platform”), as well as the features and services provided via our website and application.
Your continued use of our website will be regarded as an acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us via security@birdie.ai.
We reserve the right to change this policy at any given time. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page.
WE STRONGLY ENCOURAGE YOU TO CAREFULLY READ THIS POLICY. YOUR (INCLUDING YOUR USERS’) USE OF OUR PRODUCTS WILL MEAN THAT YOU ARE AWARE OF THE COLLECTION, STORAGE, USE AND DISCLOSURE OF PERSONAL DATA IN THE MANNER DESCRIBED IN THIS POLICY.
Links to Other Websites
Our website contains links that lead to other websites. If you click on these links Birdie is not held responsible for your data and privacy protection. Visiting those websites is not governed by this privacy policy agreement. Make sure to read the privacy policy documentation of the website you go to from our website.
What User Data We Collect
When you visit the website, we may collect the following data:
- Your IP address.
- Your contact information and email address under your consented opt-in.
- Other information such as interests and preferences.
- Data profile regarding your online behavior on our website.
Why we need to collect personal data
We need to collect certain personal data to better understand Customer’s needs and preferences, and to provide our products to Customer and its users. Additionally, we may rely on such personal data to contact Customer regarding Customer’s Birdie account, upcoming changes, improvements, software updates and upgrades, as well as to improve the effectiveness of our offerings, to conduct research, analysis and other business activities, as further explained in this privacy policy. In any event, the personal data will not be used, made available or otherwise disclosed for purposes other than those specified herein, unless we obtain Customer’s prior approval or are required to do so by law.
We also use personal data to maintain the functionality of our Platform, personalize the user experience, send transactional communications, detect and prevent fraudulent behavior, and ensure compliance with applicable laws.
What kind of personal data may be concerned General
We make available a variety of products, any combination of which may be procured by Customer. Consequently, the scope and nature of information collected by us varies based on the products used by Customer. In any case, we access and collect personal data only to the extent necessary to ensure that Customer can access and use the products that it has procured. We may further collect information to identify and associate Customer with its Birdie account. This includes Customer’s name, contact information, including mailing address, email addresses of certain users entitled to access and use the products for or on behalf of Customer, as well as other unique identifiers attributed to Customer (including its users) by us or by other service providers, as the case may be.
Additionally, we may collect and store personal data that Customer (including its users) chooses to provide to us, at its sole discretion, without us requiring it to do so. This may occur, for example, where you disclose certain personal data to us when you contact us, or when you choose to store certain personal data in our products as part of your use of such offerings.
Personal data may also be collected when a user fills out a form on our website, subscribes to a newsletter, provides feedback, or interacts with our team via email or support tickets.
Personal data collected in relation to our products
Generally, our products may be grouped in four categories: on-premise software, cloud services, hybrid products and mobile applications. Below, you will find an overview of the type of information that may be collected and processed by us in relation to your use of our products. However, we encourage you to refer to the relevant product privacy sheet to better understand what information may be collected and processed by us in relation to your use of such product.
The first category combines our software products that are installed on infrastructure provided by or on behalf of Customer. In these cases, all personal data remains stored in the Customer’s systems, and will not be shared with Birdie. Customer may, however, for its convenience, choose to enable the automated modules.
The second category groups cloud products that are hosted on systems made available by us. The extent of personal data that may be collected and processed by us as part of our cloud products will vary based on the type of cloud product being used.
Our hybrid products category represents products that are generally installed on infrastructure provided by or on behalf of Customer (with all of the personal data being hosted on-premise, as outlined above), but additionally require an internet connection to ensure that Customer holds a valid subscription to use such hybrid products.
We may also make available certain mobile applications to Customer in relation to its use of our products. Generally, our mobile applications are an extension of Customer’s other Birdie products. Our mobile applications only collect and send to our systems a limited set of information, which includes hardware and operating system information, web browser version, certain anonymous usage data, as well as the mobile device’s geographic location. All other information remains stored on the mobile device or in the relevant Birdie product.
Cookie policy
Cookies, analytics and session tracking may also be used across the Platform to improve user experience, diagnose issues, and optimize performance. We rely on platforms such as Google Analytics and Posthog to track site visits and engagement. Any third-party analytics tools are configured to avoid personal identification unless consent has been given.
Once you agree to allow our website to use cookies, you also agree to use the data it collects regarding your online behavior (analyze web traffic, web pages you spend the most time on, and websites you visit).
The data we collect by using cookies is used to customize our website to your needs. After we use the data for statistical analysis, the data is completely removed from our systems.Please note that cookies don’t allow us to gain control of your computer in any way. They are strictly used to monitor which pages you find useful and which you do not so that we can provide a better experience for you.
Types of Cookies | What do they do? | Type of data collected |
|---|---|---|
Necessary Cookies | They are essential for the correct operation of the website and for the use of the services offered. You can set your browser to block or alert you about these cookies, but parts of the website may not work correctly. | Browsing data: IP address, date and time of access, geographic location, browser type, length of visit and pages visited. Data on the access device: model, manufacturer, operating system, telephone operator, browser type, and connection type and speed. |
Performance Cookies | They help us understand how visitors interact with the website of the Organization; thus, we collect information about the areas visited, the time and any problems encountered, with its error messages. We use Google Analytics to monitor the traffic and also to measure and improve the website’s performance. | Browsing data: date and time of access, geographic location, browser type, length of visit and pages visited on our websites. Data on the access device: browser type, connection type and speed, and Customer access/session to the Organization’s social networks for browsing and audience measurement. |
Analytics Cookies | Used to understand how visitors interact with the website. | These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc. |
Functional Cookies | Allow the Birdie Organization page to remember your choices to offer a customized experience. | Preference data: Customer Type and Account reminder (if they choose to leave this information saved) and menu customization options on our pages. |
Advertisement Cookies | They may be used to offer more relevant content that is of the User’s interest. They can present advertising with better targeting or to limit the quantity shown on the Birdie Organization’s pages. Also allowing to measure the effectiveness of an advertising campaign. | Browsing data: date and time of access, browser type, length of visit and pages visited on our websites. |
You can also customize your cookie preferences in our cookie banner. This can be found by clicking “customize” on your first-visit on the website or if you have already chosen an option, you can find it on the bottom left of the page.
Personal data collected in relation to Customer accounts
When you create a customer account with us in association with any Birdie product, including the use of our Platform, we will require you to submit to us certain personal data to identify you (including your users) as the holder of such customer account, but also to protect information associated with your customer account from unauthorized disclosure. Such personal data may include, but is not limited to, Customer full name, user full name, address, contact information, your Birdie account username and password, organization, department and role, as well as usage preferences and communication opt-in choices.
Personal data collected in relation to support services
When Customer contacts us, whether by phone, chat, email, through our websites or otherwise, we may keep a record of such communications to help solve issues that Customer might be dealing with, but also for training, quality assurance and statistical purposes, as well as to improve our products.
We may also maintain logs of support interactions for audit and compliance purposes. These logs may include technical data such as timestamps, IP addresses and usage metadata that help diagnose the issue.
Personal data collected via our websites
When you visit our websites (including https://birdie.ai/ and related subdomains), we may collect certain information automatically from your device. This includes IP address, device type, browser type, operating system, device identifier, and interactions such as pages visited and buttons clicked.
Some of this data is gathered through Cookies. We use both session and persistent Cookies for security, session continuity and analytics.
Who may have access to personal data
At Birdie, we recognize and respect the importance of protecting our customer’s personal data. Keeping personal data in strict confidence is a core part of our commitment to service excellence. We do not sell or rent any personal data to any third party. However, in order to provide Customer with our products, we may share Customer’s personal data with our affiliated companies, parent entities and subsidiaries, for internal business purposes, as well as with our partners acting on our behalf in relation to the provision of such products.
As many other service providers, we use third party partners’ help in some aspects of our business operations, which, in some cases, involves processing or handling of Customer’s personal data. However, before we do so, we take appropriate measures to safeguard personal data, and to ensure that it is used only in a manner consistent with this privacy policy.
These measures also include protecting personal data within our organization. Such information may only be accessible by those employees, agents, representatives and contractors of Birdie who need to know such information as part of their duties. We further ensure that our employees, agents, representatives and contractors perform their duties in a way compatible with the terms and conditions described in this policy.
We may be required to disclose information that we have on Customer and its users (including its and their personal data) to governing and law enforcement authorities, including where required by law, a court order, or by other legal obligations that we may have in any jurisdiction.
Accountability for Onward Transfers
In the context of an onward transfer, Birdie has responsibility for the processing of personal information it receives under the Data Privacy Framework ("DPF") and subsequently transfers to a third party acting as an agent on its behalf. Birdie shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless Birdie proves that it is not responsible for the event giving rise to the damage.
How we protect personal data
We use industry-standard security measures, including encryption at rest and in transit, secure credential management, role-based access controls, audit logging, and proactive monitoring.
Data is stored in secure data centers and we regularly test the effectiveness of our security program. We also follow secure development practices and conduct privacy impact assessments when required.
International data transfers
Birdie operates globally and transfers your personal data to the United States, where our primary infrastructure and service providers are located. This transfer is essential for the provision, maintenance, and security of our services. The following categories of personal data are collected and transferred:
- User Email and Name: Used to identify users within our systems, enable authentication, and support communication.
- IP Address and Access Region: Collected for security monitoring, fraud prevention and session management.
- Role and Affiliation within the Company: Used to manage platform functionality and permissions according to the user's roles, as well as to support user segmentation and reporting.
- Website Usage Data: Includes browsing behavior, page interactions, and preferences, which are processed to improve our services, personalize the user experience, and support analytical insights.
Birdie processes this data under the legal bases of the controller's legitimate interest (GDPR Art. 6(1)(f), LGPD Art. 7(IX)) and contract performance (GDPR Article 6(1)(b), LGPD Art. 7(V)) in order to operate and improve the platform, provide support, ensure security, and fulfill our clients’ expectations. These data transfers are performed in accordance with applicable data protection regulations, including the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the Swiss Federal Act on Data Protection (FADP), and the Brazilian General Data Protection Law (LGPD). Birdie ensures that such transfers are:
- Strictly necessary for the performance of a contract between you and Birdie (GDPR Art. 49(1)(b); LGPD Art. 33(IX) in conjunction with LGPD Art. 7(V));
- Based on your specific and highlighted consent, with prior information about the international nature of the transfer (GDPR Art. 49(1)(a); LGPD Art. 33(VIII));
- Protected by strict technical and organizational safeguards, including access controls, encryption in transit and at rest, audit logging, and secure data processing pipelines.
By agreeing to our Privacy Policy, you also acknowledge and accept the terms outlined in our Data Processing Agreement (DPA). The DPA specifies the subprocessors involved in international data transfers, the policies and procedures in place, and Birdie’s obligations for handling personal data in compliance with relevant data protection laws, including the GDPR and LGPD. For any inquiries regarding international data transfers, you may contact our Security team and Data Protection Officer at security@birdie.ai.
Commitment to the Data Privacy Framework
Birdie complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Birdie has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Birdie has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Birdie is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Retention of personal data
Birdie shall retain accounts data as long as the company has a need for its use, or to meet regulatory or contractual requirements. Once data is no longer needed, including Personally Identifiable Information, it shall be securely disposed of or archived. Data owners, in consultation with legal counsel, may determine retention periods for their data. Anonymized and aggregated data may be retained indefinitely for statistical or analytical purposes.
Legal basis for processing personal data
The legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you or to comply with applicable laws, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
If we ask you to provide personal data to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
In other situations, Customer (including its users) must always give us clear consent for the collection, use and processing of personal data in order for us to do so. This can be done in several ways, for example, by phone, chat, email, by click of a button, or other similar means.
Occasionally, a Customer may give us access to, or provide us with, additional personal data which may be necessary to enable us to provide our products to Customer. This may, for example, happen when Customer chooses to enable a relevant feature in a product. In such a case, we will treat such personal data in accordance with the terms of this privacy policy and the applicable laws.
When Customer procures or uses our products, Customer acknowledges and agrees that Customer has the necessary authority and all relevant consents (including those that may be required from its uses) to transfer such personal data to us, and allow us to treat such personal data in accordance with this privacy policy.
Minors
Our services are intended for users aged 18 and older. We do not knowingly collect personal data from children under 18.
Openness and accountability
Birdie’s privacy team, under the leadership of our Data Protection Officer (DPO), Rafael Libardi, is responsible for our security and privacy-related matters, including the application of this privacy policy. He and his team oversee training of our staff to ensure security compliance and to raise privacy awareness. Security, transparency and integrity are among the key values at Birdie. We will gladly answer any questions or concerns that you may have with respect to your privacy or the security of your personal data, or if they wish to request a correction of your personal data in our custody or control. Please do not hesitate to reach us via security@birdie.ai.
Your data protection rights
You have the right to request access to, and obtain a copy of, your personal data. You may also request that any personal data that is inaccurate or incomplete be rectified or completed. Note however that, in some cases, we may not be able to provide you access to your personal data. This may occur when providing such access would be likely to impact the privacy or the security of a third party, or for other valid reasons in accordance with applicable laws. In these events, we will advise you in writing of the grounds of our decision.
Under certain legal conditions (for example, where the personal data is no longer needed to achieve the purposes for which the information was initially collected) you may request that your personal data be erased. In addition, you may object to the processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data under certain legal conditions.
In situations, other than those outlined above in this section, where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note, however, that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on other lawful processing grounds (such in relation to your account or use of your products under a contract).
You also have the right to opt-out of electronic marketing communications that we may send you at any time and free of charge. You may exercise this right by clicking on the “unsubscribe”, “opt-out” or other similar links in the marketing e-mails that we may send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided under the “How to contact us” heading below. However, we may still contact you using your contact information for example to share important technical or functional information relating to your account or use of our products.
You may exercise any of the rights described above at any time by doing the following:
When you are filling the forms on the website, make sure to check if there is a box that you can leave unchecked, if you don’t want to disclose your personal information.
If you have already agreed to share your information with us, feel free to contact us via security@birdie.ai with a Data Subject Access Request and we will be more than happy to change this for you. You are also able to contact our Data Protection Officer, Rafael Libardi, via this email. You can also send a response to our webform with your request with your Data Subject Access Request.
If we are unable to resolve an issue to your satisfaction, you may choose to request assistance from, or submit a complaint to the privacy authorities:
Country | Authority Name (English) | Native Name / Acronym | Law Enforced | Website |
|---|---|---|---|---|
Brazil | National Data Protection Authority | Autoridade Nacional de Proteção de Dados (ANPD) | LGPD | |
USA | Federal Trade Commission (FTC) | FTC | Sectoral (e.g., FTC Act, HIPAA, etc.) | |
USA | California Privacy Protection Agency (CPPA) | CPPA | Sectoral (e.g., FTC Act, HIPAA, etc.) | |
EU (Union) | European Data Protection Board | EDPB | GDPR | |
Germany | Federal Commissioner for Data Protection and Freedom of Information | BfDI | GDPR | |
France | National Commission on Informatics and Liberty | CNIL | GDPR | |
UK | Information Commissioner’s Office | ICO | UK GDPR / DPA 2018 | |
Canada | Office of the Privacy Commissioner of Canada | OPC | PIPEDA | |
Australia | Office of the Australian Information Commissioner | OAIC | Privacy Act 1988 | |
Japan | Personal Information Protection Commission | PPC | APPI | |
India | Data Protection Board of India (provisional) | TBD (under MeitY currently) | Digital Personal Data Protection Act 2023 | |
Switzerland | Federal Data Protection and Information Commissioner | FDPIC / PFPDT / EDSB | FADP |
Choices Regarding Data Sharing
In addition to the rights listed, we provide you with the choice to opt-out of having your personal data shared with third parties, other than our agents acting on our behalf and under our instructions. You may also object to the use of your personal data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. To exercise these choices, please contact us at security@birdie.ai.
Your U.S. State Privacy Right
This section applies to residents of U.S. states with comprehensive privacy laws, including California, Colorado, Connecticut, Utah, and Virginia, and provides additional details about the personal information we collect and your rights. Under these laws, you may have the following rights:
- Right to Know and Access: The right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purposes for collecting, selling, or sharing it, and the categories of third parties to whom we disclose it.
- Right to Delete The right to request that we delete personal information we have collected from you, subject to certain exceptions.
- Right to Correct: The right to request that we correct inaccurate personal information that we maintain about you.
- Right to Opt-Out of Sale or Sharing: We do not "sell" your personal data in the traditional sense for monetary value. However, under the broad definition of "sale" or "sharing" in some state laws, the use of certain advertising and analytics cookies may be considered a sale or sharing of personal information. You may opt-out of such sharing by managing your cookie preferences through our cookie banner or by contacting us.
- Right to Non-Discrimination: The right not to be discriminated against for exercising any of your privacy rights.
To exercise any of these rights, please contact us at security@birdie.ai with the subject line "U.S. Privacy Rights Request". We will need to verify your identity before processing your request and may ask for additional information to do so.
Dispute Resolution
In compliance with the DPF Principles, Birdie commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our DPF policy should first contact Birdie at: security@birdie.ai.
Birdie has further committed to refer unresolved DPF complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit the JAMS DPF website for more information or to file a complaint. The services of this provider are provided at no cost to you.
Under certain conditions, more fully described on the Data Privacy Framework website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
How to contact us
If you have questions or concerns about our privacy practices, or would like to exercise your rights, please contact:
Data Protection Officer: Rafael Libardi
Email: security@birdie.ai
Website: https://birdie.ai/
Updates to this privacy policy
Continuous improvement of our products is key to our goal of providing our customers with the most innovative and relevant solutions. We, therefore, continuously implement new technologies and improve our processes, software and services, which may require us to update this privacy policy from time to time, without prior notice. However, if we make any major changes to our privacy practices, we will publish a relevant notice on our corporate website, at https://birdie.ai/.
The revised version of this policy terms will take effect as soon as it is made available on our website with regards to all new customers. If any revision to this policy outlines any material changes to the way that we use or otherwise process any personal data, we will provide a more prominent notice.
Where applicable, we will also provide Customer with instructions on how to opt in to or opt out from our new products, or communications. Note that some aspects of our products may not be available to Customer if Customer chooses to opt out from certain communications.
Supplementary documentation—such as the Data Lifecycle, Record of Processing Activities (ROPA) and other relevant materials—can be provided upon request.
This privacy policy was last updated on October 13th, 2025. Please note that this version takes into account the provisions of applicable data protection laws, including Regulation (EU) 2016/679 (General Data Protection Regulation), the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018, the Swiss Federal Act on Data Protection (FADP), and the specific requirements of Brazil’s LGPD.
