Bird empowers businesses to optimize their operations with our all-in-one app, Business in a Box. This comprehensive platform includes four key suites - Marketing, Data, Developer, and Finance - designed to address critical business needs both internally and externally.
Marketing empowers teams to enhance customer interactions and drive growth through tools for lead generation, customer engagement, brand visibility, and streamlined customer support communication management.
Data brings together customer information through a unified platform, enabling teams to connect data from any source, enrich it for deeper insights, and maintain strong governance. With these capabilities, teams can make smarter, privacy-conscious decisions and take action across all business functions.
Developer equips technical teams with essential communication APIs, including SMS, Email, WhatsApp, and Numbers, to seamlessly integrate these channels into their applications.
Finance streamlines financial operations with scalable payment processing and comprehensive expense management, helping teams improve efficiency and maintain clear financial oversight.
To deliver these services, operate our websites, and conduct business, we process personal data.
In this statement, "you" refers to you, and can apply to you as a website visitor or customer, depending on your use of our services. "Affiliate" means any entity that directly or indirectly controls, is controlled by, or shares common control with BIRD, where "control" means ownership of over 50% of voting interests or power to direct management and policies.
This statement applies to all our websites, platforms, and services, and explains what personal data we collect, why we collect it, and how we process it.
Personal data refers to information that would allow any natural person to be directly or indirectly identified. Your use of our services may involve processing personal data relating to three categories:
Website visitor data: Personal data collected through cookies or submitted through forms
Customer account data: Personal data related to customers or potential customers
End user data: Personal data related to individuals interacting with you via our services
Privacy protection is a core principle for us. We want you to feel informed and empowered regarding the privacy of your and your end users' personal data and the steps we take to protect it.
Regional Terminology Clarifications
For users in Singapore, terms like "data subject", "data controller", and "data processor" refer to "individual", "organization", and "data intermediary" under the Personal Data Protection Act of 2012 (PDPA).
For users in California, terms like "personal data", "data subject", "data controller", and "data processor" refer to "personal information", "consumer", "business", and "service provider" under the California Consumer Privacy Act (CCPA).
We apply similar data protection standards to all individuals regardless of nationality or location. Personal data is only used when necessary to achieve a purpose, with proper notification to affected individuals, and with legal grounds to do so. All activities involving personal data are checked against the EU's GDPR or other applicable data protection laws.
1. About Our Personal Data Processing Practices
We process personal data only to the extent necessary for specific purposes, unless legally required otherwise. Section 2.2 provides an overview of the different purposes that may apply to you.
Examples of actions that result in us processing your personal data include:
Signing up for our newsletter or filling out a webform
Creating an account and accepting our General Terms and Conditions (referred to in this Privacy Statement as Terms)
Signing up for the use of our services through an order form
When you share personal data with us, we handle it according to applicable data protection laws, including the GDPR. As we do not interact with end users directly, you are responsible for ensuring you have the rights and consents necessary to share end user data with us, and that this data is accurate and complete.
1.1 Roles and Responsibilities
Data Controller: Determines the purpose and means of personal data processing and remains ultimately responsible for correct handling of personal data. Typically, this is the company that directly collects personal data from individuals.
Data Processor: Provides services to the data controller and receives personal data to perform those services. For example, when our customers send marketing campaigns through our platform, we receive data like phone numbers or email addresses to provide the service. We act as the data processor, while the customer acts as the data controller. The processor follows the controller's instructions and meets legal obligations as defined in a data processing agreement.
Depending on your relationship with us, we can be either a data controller, data processor, or both. For questions about how we handle personal data, contact us at privacy[at]bird.com.
Personal data is collected for specific purposes including preventing spam and fraud, fulfilling legal requirements, communication, marketing, sales, and providing services. We never collect, use, or retain personal data without purpose, and we do not sell your or your end users' personal data.
2. Why We Collect Personal Data
We prioritize keeping your personal data safe and secure while protecting your privacy rights. We do not use your personal data for purposes other than those agreed to by you or permitted by our Terms and this privacy statement.
2.1 Lawfulness of Processing
All personal data we process has a legal basis. We rely on:
Explicit consent: For example, when you tick a box to download information, sign up to receive marketing information, or request contact from our sales department by means of a webform.
Performance of a contract: Including service provision and contract negotiations.
Compliance with legal obligations applicable to us: Such as preventing service misuse, cooperating with disclosure requests, and retaining required customer and financial data.
Legitimate interest: Applies in some jurisdictions for activities like direct marketing to existing customers (opt-out basis). When relying on legitimate interest, we assess that the processing is not high risk, does not involve special categories of personal data, and does not violate fundamental privacy rights.
The specific legal basis for processing your data may differ outside the European Economic Area (EEA) due to varying data protection requirements.
2.2 Purposes
The purposes for processing personal data depend on your relationship with us. You will need to provide personal data related to you and your business when creating an account, and we may require additional data to enable service use.
We may also process anonymized and/or aggregated data derived from personal data to conduct business, improve services, fulfill legal obligations, and develop new functionalities that meet customer needs. In our Data Processing Agreement (DPA), under section 3.4, we refer to these collectively as "legitimate business purposes."
We only request necessary personal data for specified purposes; If our relationship changes, we may need you to provide additional information or remove data that is no longer required.
Personal data processing purposes include:
Provision of services
Sharing relevant product and service information according to your marketing preferences
Creating and managing your account
Verifying your identity
Facilitating service access and use
Finance and billing purposes
Providing customer support and account communications
Analyzing product and service usage
Optimizing communications processing and infrastructure
Enforcing Terms compliance and applicable laws
Maintaining security of our site, your account, and services
Detecting and preventing fraudulent or unlawful activity
Protecting rights, property, and safety of all parties
Meeting legal obligations, including compliance with valid legal mechanisms
Conducting surveys to improve services (voluntary participation)
Applying cookies according to your consent settings
3. What Personal Data We Collect and How
The types of personal data we collect depend on our relationship and the applicable processing purposes. Examples of actions requiring data sharing include applying cookie settings, newsletter signup, marketing material downloads, sales contact requests, account creation, and using our products and services.
3.1 Personal Data Directly Collected From You
Categories include:
Personal identifiers: Name, business address, phone number, email address, financial information, optional photo, bio description, and signature.
Employment/professional information: Company information, and job title.
Financial information: Payment and billing details, including banking information.
Commercial information: Product interests, service usage, account dashboard usage, and web page visits.
Internet activity information: Device data, browser information, time zone, pages visited, products viewed, response times, interaction data, IP address, and cookie usage.
Location-related information: IP Address, business address, and service traffic metadata like routing paths and carriers.
Support interaction information: Contact details and query content for customer support interactions.
3.2 Personal Data From Other Sources
We may collect "Third Party Data" obtained from sources other than you, including:
Third party service providers of business information: We obtain business data such as employment or professional information from third parties. This includes email addresses, company details, job titles, phone numbers, and profile URLs obtained from business information providers. This helps us expand through marketing, advertising, and event promotion. Third Party Data may be combined with personal data that you provide to us.
Third party social media providers: Information from platforms like Google, Twitter, and Facebook (subject to your privacy settings and consent options). This helps us expand through marketing, advertising, and event promotion. Third Party Data may be combined with personal data that you provide to us.
Third-party services & connectors: Data received through API connectors with third-party services, including contact data, activities, and event data. For the sole purpose of enabling and facilitating the connector, your information may be made available to or shared by our services with the relevant third party service (and vice versa).
Google API & Connectors: When you as a customer are making use of a connector service that involves the use and transfer of information received from Google API to any other application, you are required to adhere to Google API Services User Data Policy, including the Limited Use requirements mentioned therein. We will process your personal data to provide you with the services you requested. We do not transfer or disclose your personal data to third parties for purposes other than the ones provided in the privacy statement or DPA. We will not sell your personal data to third parties, but we may share it with our partners who help us provide our services. We will not use Google Workspace APIs data to develop, improve, or train generalized AI and/or ML models.
Resellers & Partners: In the event that you purchase our services through an authorized reseller, then limited information will be exchanged with authorized resellers or partners for sales agreement purposes or referral payments.
Colleague referrals: Personal data provided by your colleagues, such as name, job title, and contact information.
You can unsubscribe from sales and marketing communications via email campaigns or by contacting support[at]bird.com.
You always have choices regarding what personal data you share with us, subject to exceptions in this statement or our Terms. However, certain products and services require personal data, and choosing not to provide it may prevent you from using those offerings.
3.3 Products & End User Personal Data
The following table provides a comprehensive overview of the personal data we process across our product portfolio. For each product, we have outlined the categories of personal data collected, applicable retention periods, primary processing purposes, and links to relevant sub-processor information, helping you easily understand how your personal data is handled across our various services.
Product name | Cat. of Personal Data | Retention Period | Purpose(s) | Subprocessors |
content | 72 hours max | See section 2.2 | ||
email address | 6 months after transmission | See section 2.2 | ||
Voice | phone number | 6 months after transmission | See section 2.2 | |
Numbers | None - consider the additional service used with Numbers, such as Voice or SMS | Account active | See section 2.2 | |
SMS | phone number | 6 months after transmission | See section 2.2 | |
phone number | Account active | See section 2.2 | ||
Marketing | None - consider the additional service used with Marketing, such as Email | Account active | See section 2.2 | |
Sales (Contacts) | Personal data included by customer in contact profile; e.g. phone number email address | Account active | See section 2.2 | |
Customer Support | name | Account active | See section 2.2 | |
Payments | name | Account active | See section 2.2 | AWS |
Expenses | name | Account active | See section 2.2 | AWS |
Workflows | Personal data included by customer in flow invocations | Account active | See section 2.2 | |
Video | name | Account active | See section 2.2 | |
Omnichannel Widget | name | Account active | See section 2.2 | |
Push | content | Account active | See section 2.2 | |
Social messaging services | OTT Conversation Channels Google Business Messages, Facebook Messenger, Instagram, Line, Twitter, Viber, WeChat | phone number | Account active | See section 2.2 |
* Traffic data concerns data processed for transmitting communications purposes, including routing information, and data about date, time, and duration.
3.4 Special Categories of Personal Data
While our products and services are technically capable of processing special categories of personal data (as defined by applicable data protection laws), such information is not necessary for the standard operation of our services. Processing such special categories of personal data is generally prohibited under applicable data protection laws unless specific exceptions apply. You are not permitted to process special categories of personal data using our services unless otherwise specifically agreed to in writing (for example, but not limited to, through a Business Associate Agreement in the case of Protected Health Information under HIPAA). You remain solely responsible for ensuring you have an appropriate legal basis under applicable data protection laws, including, but not limited to, explicit consent from the data subject, processing related to employment law obligations, or data manifestly made public by the data subject. You must implement appropriate safeguards as required by law, and ensure you have implemented documentation and/or hold legally enforceable agreements as required by applicable law. Please make sure that you have read and understood the Terms, Product Specific Terms, and Acceptable Use Policy before using our services. We recommend that you seek independent legal advice to ensure compliance with your legal obligations when processing personal data.
4. Parties We Share Personal Data With
We share personal data with third parties only in limited instances. Whether acting as controller or processor, we ensure third parties adhere to similar data protection standards. We share data with:
Communications Service Providers: Telecom operators, aggregators, carriers, and communications service providers for routing and connectivity. These providers act as mere conduits for transmission rather than as controllers or processors for message content, though they may process data for their own purposes as a controller, such as for fraud prevention or legal requirements.
Third-Party Service and Technology Providers: Analytics, data science, fraud prevention, cloud hosting providers, and connector setup services. We thoroughly vet providers and implement necessary safeguards.
Payment Service Providers (PSPs): Airwallex, Stripe, Braintree, Zuora, Maxio, and Adyen process payments. Some offer "Saved Payment Methods" and "Auto Recharge" features on a consent basis.
Partners: Authorized resellers or partners may exchange information with us for sales agreement purposes. Third-party consultants may receive limited information related to referrals and implementation services.
Affiliates: We may share data among our Affiliates for customer support, sales activities, or service provision, following the terms of this statement, our Terms, and the DPA.
Government Authorities: We share information only when legally required, according to our Disclosure Requests Policy. We notify you about governmental information requests unless forbidden by law, and we push back on requests when legally possible.
5. International Transfer of Personal Data
As a global cloud service provider with international operations, our services may involve transferring personal data to recipients inside and outside the European Economic Area (EEA). We ensure that partners in all locations have sufficient safeguards to properly process and protect personal data.
For international transfers involving third parties, we conduct due diligence and vetting. We only transfer data outside the EEA with appropriate cross-border transfer mechanisms and safeguards, including contractual, technical, and organizational measures and impact assessments where necessary. We monitor changes to international transfer mechanisms to ensure ongoing compliance.
The Data Privacy Framework & Bird.com Inc.
Bird.com Inc. ("Bird USA") complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), (together "DPF"), as set forth by the U.S. Department of Commerce. Bird USA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Bird USA has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Bird USA complies with the DPF Principles for all onward transfers of personal data originating from the EU, UK, and Switzerland, including the onward transfer liability provisions. Bird USA is responsible for the processing of personal data it receives under the DPF and subsequently transfers to a service provider acting as a (sub)processor or agent on its behalf. Bird USA requires third parties and service providers to which it discloses personal data to protect personal data using substantially similar standards to those required by Bird USA and at least the same level of privacy protection as is required by the DPF and this Privacy Statement. Bird USA shall remain liable under the DPF Principles if its service provider(s) processes such personal data in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
With respect to personal data received or transferred pursuant to the DPF, Bird USA is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Bird USA commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Bird USA at: privacy[at]bird.com.
Where applicable, Bird USA offers individuals whose personal data is processed in reliance on the DPF the opportunity to choose (i.e., opt out) whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals, unless processing by the third party is done as an agent (in which case Bird USA will enter into a contract with the third party agent), or is required due to a statutory legal obligation that applies to Bird USA. Individuals can exercise their choice and right, in line with the DPF choice principle, by reaching out to privacy[at]bird.com as well.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Bird USA commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to the Data Protection Authority that is relevant for you. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit the website of the EU/EEA Member State data protection authority; UK Information Commissioner’s Office (ICO) or Gibraltar Regulatory Authority (GRA); or the Swiss Federal Data Protection and Information Commissioner for more information or to file a complaint. The services of the data protection authorities are provided at no cost to you.
Under certain conditions, more fully described on the Data Privacy Framework website available here, you may be entitled to invoke binding arbitration after other dispute resolution procedures have been exhausted. Additional information is available here for EU/EEA and UK (and Gibraltar) individuals and here for Swiss individuals.
6. Data Protection and Security Standards
Data security is paramount. We invest in state-of-the-art technology, thorough security screenings, and industry-standard security measures. Depending on the platform and services, we maintain globally recognized information security certifications including ISO27001 and SOC 2 Type II compliance. All our hosting providers meet these same standards.
All accounts require password protection and allow for two-factor authentication to be enabled. You are responsible for safeguarding your credentials. If your login information is compromised, notify us immediately at security[at]bird.com with the subject "Urgent: account credentials."
For more information about our security measures, see our trust centre, Security Overview, and Technical and Organizational Security Measures pages, which detail our administrative, technical, physical, and organizational safeguards.
7. Data Retention Periods
We retain personal data only as required by contractual or legal obligations. Retention periods vary based on data nature, purpose, and applicable legal requirements, which may differ by geographic location.
7.1 Telecom Products: Email, SMS, and Voice Services
Personal data has a retention period of six months. This retention is necessary to:
Ensure service integrity and security
Prevent telecommunications service misuse
Transmit information
Fulfill legal obligations to assist authorities
Some jurisdictions may require longer retention periods (up to two years).
Email design and deliverability products, such as Inbox Tracker and Competitive Tracker, do not process personal data.
7.2 All other Products and Services
For all other products and services personal data is retained for the duration of our contract or service provision. Ancillary services like online address books and usage insights retain data for the contract duration. Any personal data contained in the contacts feature, such as names, phone numbers, email addresses, and other personal identifiers, is controlled by you. As a data controller, you are responsible for addressing end user data protection rights and ensuring compliance with your obligations to them.
7.3 Marketing and Sales
We retain personal data processed for marketing and sales purposes for up to twelve months from the last interaction with our marketing communications or sales team. For existing customers, we retain marketing and sales data for the duration of our business relationship. Upon withdrawal of consent or unsubscription from marketing communications, we will promptly cease processing your data for these purposes and apply our data deletion or anonymization procedures in line with our retention schedule.
7.4 Corporate and Financial Compliance
We retain customer data (name, email, address, bank details, invoices, services used, and customer representative roles) for up to ten years to comply with financial and tax laws. Consent records (given or withdrawn) are retained for five years. After retention periods expire, we may keep anonymized data for archival, statistical, or business purposes, with no possibility of individual identification. We may be unable to fulfill data erasure requests that conflict with legal retention obligations. We retain confirmation emails of rights requests for five years to demonstrate compliance.
8. Controlling Your Data Protection Rights
You control your personal data and, where applicable, end user data you provide to us. Unless legally obligated otherwise, your data protection rights and freedoms are yours to exercise.
You can:
Exercise your right to access
Submit a data erasure request
Change cookie settings as a website visitor
Withdraw consent where applicable
Control and review your personal data
Object to legitimate interest processing
Request restriction of processing when necessary
If we need to process personal data by law or under contract terms and you do not provide it, we may be unable to perform the contract or provide services.
8.1 Exercising Your Data Protection Rights
For account holders: View, amend, delete, and transfer personal data (including end user data) through your account's privacy dashboard. We provide assistance to fulfill your data controller obligations toward communications recipients. For non-account holders: Exercise your rights by emailing privacy[at]bird.com.
We provide you with a reasonable level of assistance to fulfill your obligations when acting as a data controller. In order to verify your identity, or the validity of a request you make on behalf of another person whose data you control, we have made technical and organizational measures available that allow you to fulfill these obligations via your online account.
8.2 Your Right to Access Personal Data
You have the right to obtain confirmation as to whether we process your personal data and, where we do, access to that data. When you exercise your right of access, we will provide you with:
A copy of your personal data we hold
The purposes for which we process your data
The categories of personal data concerned
The recipients or categories of recipients to whom your data has been or will be disclosed
The retention period or the criteria used to determine that period
Information about your rights to rectification, erasure, restriction of processing, and objection
Information about your right to lodge a complaint with a supervisory authority
The source of your data, if we did not collect it directly from you
Information about any automated decision-making, including profiling, and the logic involved
Appropriate safeguards for international data transfers, where applicable
For California consumers, you have the right to request disclosure of the categories and specific pieces of personal information we have collected, the categories of sources, our business purposes for collection, and the categories of third parties with whom we share your information.
8.3 Withdrawing Consent
You can always revoke consent for personal data processing. Your withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8.4 Objecting to Processing
For legitimate interest processing, you can object and request restriction. We will assess each request according to applicable data protection laws. If we reject your request, we will demonstrate compelling grounds or legal claims allowing retention.
If you disagree with our handling, you can file a complaint with the Netherlands data protection authority, your local EU authority, or the authority where the suspected infringement occurred. We appreciate the opportunity to address concerns first.
8.5 Request Processing Time
We process requests as soon as possible, and no later than within one month. Complex requests or high volumes may extend this to two months, and we will inform you if this applies. When you delete personal data, we may retain fully anonymized and aggregated data that cannot identify you. If we must retain information for legal reasons, we'll explain this. California consumers are protected from discrimination for exercising CCPA rights.
9. AI-enabled Services on Bird Box
9.1 How Bird Uses AI Technology
Bird provides AI-supported customer support and optional spam filtering for Customer Support. No personal data or interactions are used to train or improve LLM service provider models.
9.2 AI in Customer Support
Our customer support system uses AI to assist with inquiries and manage tickets, processing organization/user ID and representative email along with your issue description. This helps us respond efficiently and fulfill our contractual obligations. We use an LLM service provider with contractual safeguards to protect your data. Your data is never used to train these models and is processed solely for providing support. Support data is retained for the duration of our contractual relationship. All AI system output is thoroughly anonymized and contains no customer-identifying information.
9.3 AI-Powered Email Spam Filtering
Our Customer Support product uses open-source AI technology to detect unwanted emails. This spam filtering feature is enabled by default but can be disabled through account settings. The system does not retain personal data after processing. This self-hosted system doesn't involve third-party providers and processes email content to identify spam patterns, protecting you from harmful communications.
9.4 Data Protection in AI Services
We implement appropriate technical and organizational measures to safeguard personal data, with additional contractual safeguards for AI service providers. We practice data minimization and limit personal data exposure in our products and internally. We maintain logs of AI system interactions for security and accountability, but no customer data is used for model training or improvement.
10. Cookie Notice
When you use our website, we place cookies or similar technologies on your browser. A cookie is a small text file saved on your device that collects information about website interactions. The cookie manager references this privacy statement. This notice explains cookie details including hosting, lifespan, and purpose. Cookies fall into three categories:
Mandatory: Necessary for website operation, and do not involve personal data
Opt-out: Do not involve personal data, but helpful for non-mandatory website functionalities
Opt-in: Involve personal data processing for advertising and analytics
10.1 Cookie Categories
Website visitors can select cookie categories through the consent manager. Our websites use four types:
Strictly Necessary: Essential for website functionality, set in response to service requests like privacy preferences and form submission.
Functional: Enable enhanced functionality and personalization, such as preferred language. May be set by us or third-party providers.
Analytics: Measure visits, traffic sources, and engagement to improve site performance.
Advertising: Allow advertising parties to identify your browser and device, potentially identifying individuals directly or indirectly.
We also process:
IP Addresses: Track and analyze device interactions and locations, such as for detecting account login locations to combat fraud.
Web Beacons: Objects in web pages or emails that check whether content has been accessed. They are used with cookies to gather usage data.
Microsoft Clarity. We use Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve our website. Website usage data is captured using third-party cookies and other tracking technologies to determine the popularity of online activity. Additionally, we use this information for site optimization. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
10.2 Managing Cookie Settings
When first visiting our websites, you can allow all cookies, accept specific categories, or deny all non-essential cookies. You can change preferences in browser settings or on our website.
10.3 Browser-Level Controls
Update, activate, deactivate, or remove cookies through your browser:
Global Privacy Control (GPC): Use this technical specification to inform websites of your ad tracker preferences by visiting the Global Privacy Control page (may impact website functionality).
Do-Not-Track: Our systems currently don't recognize browser "do-not-track" requests, but you can disable tracking through cookie settings.
11. Children
Our services aren't directed at or intended for children under 18 years of age. We never knowingly collect or process personal data from children under 18. If we discover we've received such data without parental/legal consent, we will take reasonable steps to delete that information. If you believe we have information from or about a child, contact privacy[at]bird.com.
12. Third-Party Links
Our online services may contain links to websites we don't own or control. We're not responsible for their privacy practices, policies, or content. We recommend reading the privacy practices of any linked sites.
13. Changes to Privacy Statement
We may change, update, modify, or remove any part of this statement. For substantial changes affecting your rights, we will notify you where possible. You can discontinue service use if you disagree with updates.
14. Disputes
For privacy practice disputes, contact our legal team at privacy[at]bird.com with the subject "Dispute." If email resolution is not possible, refer to our Terms for dispute resolution procedures.
15. Approved Sub-processors
Find an overview of sub-processors used for personal data processing here. The Help Center page includes a "subscribe" button for notifications about changes to our third-party sub-processors.
16. Contact Information
For questions or feedback about personal data processing or this statement, you can reach our Data Protection Officer at privacy[at]bird.com. If dissatisfied with our response, you may refer complaints to your jurisdiction's relevant regulator.
