Birdie

Birdie Studio — Intelligence Context Layer

Privacy Policy

Birdie Studio ApS · Effective: March 2025

1. Who We Are

Birdie is an AI-powered SaaS platform provided by Birdie Studio ApS, a company incorporated in Denmark (CVR 45 95 19 87), with its registered office at Rosenvaengets Allé 11, 2100 København Ø, Denmark.

2. What Personal Data We Collect

2.1 Account Data

When you create a Birdie account, we collect:

  • Email address
  • Full name
  • Company name (optional)
  • Job title (optional)

2.2 Usage & Technical Data

We automatically collect certain technical data when you use Birdie:

  • IP address — for security and fraud prevention
  • Browser type and basic device metadata — for logging and compatibility
  • Session and activity logs — to maintain service reliability

2.3 Workspace Content

Birdie is a workspace tool. Content you create, upload, or generate inside the platform is treated as your content. This may include text prompts, AI-generated responses, uploaded documents, business data you choose to input, and any personal data about others included in your content.

2.4 Payment Data

We do not store payment card details. All payment processing is handled by Nets, accessed via Deltek WorkBook. No full card details are transmitted to or stored by Birdie.

3. How We Use Your Data

We use your personal data to provide, maintain, and improve the Birdie platform, to communicate with you about your account, and to comply with legal obligations.

4. Legal Bases for Processing

We process your personal data based on contractual necessity (to provide the service), legitimate interest (to improve and secure the platform), consent (for marketing and analytics cookies), and legal obligations (tax and accounting requirements).

5. AI Processing

Birdie is an AI platform. When you use AI features, your prompts and content may be sent to third-party large language model (LLM) providers to generate responses. Our native LLM providers (Microsoft Azure OpenAI, Google Vertex AI) are configured to process data within the European Union.

Birdie is also a multi-LLM platform — tenants may connect their own LLM provider keys. When a tenant does so, data flows directly between the tenant and that provider. The tenant is solely responsible for the applicable DPA and compliance obligations with that provider.

6. Data Retention & Deletion

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Right to Erasure requests are processed within 72 hours. Contact: dh@birdie.studio

7. International Transfers & Subprocessors

The majority of personal data is stored and processed within the European Union. Where data is transferred outside the EU/EEA, we rely on EU Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework (DPF).

8. Your Rights (GDPR)

If you are located in the EU/EEA, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion (‘right to be forgotten’)
  • Right to restriction — ask us to pause processing in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — for processing based on consent (e.g. marketing)

To exercise your rights, email info@birdie.studio. We will respond within 30 days.

You also have the right to lodge a complaint with the Datatilsynet, the Danish data protection authority.

9. Cookies

Birdie uses cookies on its website and platform. Please see our Cookie Policy for full details on specific cookies, their purposes, and how to manage your preferences.

10. Security

Birdie implements technical and organisational security measures to protect your personal data, including:

  • Encryption in transit (HTTPS/TLS) — active
  • Encryption at rest — planned Q3/Q4 2026
  • Role-based access controls and principle of least privilege
  • Microsoft SSO authentication with MFA at the SSO level
  • GDPR-aligned breach notification process (72-hour supervisory authority notification)

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or an in-product notice. The effective date at the top indicates when the latest version was published.

12. Contact

For privacy-related questions or to exercise your rights: