Birdor

Legal

Privacy Policy

Last updated: 2025-11-28

This Privacy Policy explains how Birdor ("we", "us", or "our") collects, uses, and protects information when you use our websites, tools, and related services (collectively, the "Services").

Birdor is designed to be calm, developer-first, and privacy-conscious. Most tools run entirely in your browser and do not send your input to any server. Where we do process data on servers (for example, future APIs), we aim to collect and retain as little as reasonably possible.

1. Scope of this Policy

This Privacy Policy applies to:

  • the main Birdor site (e.g. birdor.com),
  • any Birdor-hosted tools and utilities,
  • any future hosted APIs and dashboards, and
  • any documentation or support pages that are part of the Birdor Services.

This Policy does not apply to third-party services that we link to or integrate with. Those services are governed by their own privacy policies.

2. Information We Collect

Birdor is built to minimize data collection. In broad terms:

  • Client-side tools: many Birdor tools (such as JSON formatters, URL parsers, and JWT debuggers) run fully in your browser. The data you enter is not sent to our servers and is processed only locally on your device.
  • Server-side features & APIs: for any future hosted APIs or authenticated features, we may collect limited data necessary to operate those services (e.g. account details, usage metrics, logs). Those will be documented clearly in their own sections.

2.1 Data you enter into client-side tools

For tools explicitly marked as "local only" or "browser-only":

  • Your input (e.g. JSON, URLs, tokens, text) is handled in your browser's memory.
  • We do not send that input to our servers.
  • We do not store or log this content.

However, it is still your responsibility to ensure you do not paste highly sensitive information (such as private keys or production credentials) into any tool, especially on shared or untrusted devices.

2.2 Account information (for future authenticated features)

If you create a Birdor account in the future (for example, to use hosted APIs or team features), we may collect:

  • basic identification data (e.g. email address, display name);
  • authentication-related information (e.g. password hash, OAuth ID, or similar, never in plain text);
  • subscription and billing information (for paid plans, processed via third-party payment providers).

This information is used to create and manage your account, provide the Services, and communicate with you where necessary.

2.3 Usage data & logs

For security, reliability, and debugging, we may process limited usage data when you interact with our Services, such as:

  • IP address and basic device information;
  • timestamps and URLs of requests;
  • response codes, error logs, and performance metrics (e.g. latency).

We aim to retain this data for the minimum period necessary to ensure security, debug issues, and understand service health.

2.4 Cookies and analytics

Birdor's default approach is to avoid heavy tracking and invasive analytics. Depending on deployment, we may:

  • use strictly necessary cookies (or local storage) for things like theme preferences and session management;
  • use lightweight, privacy-respecting analytics to understand aggregate usage (e.g. which tools are popular) — without building personal profiles.

Where applicable, cookie banners or consent preferences will be used to comply with regional requirements.

3. How We Use Information

We use the information we collect for purposes such as:

  • providing, maintaining, and improving the Services;
  • securing the Services and preventing abuse;
  • understanding overall usage patterns (which tools are helpful, what to improve);
  • communicating with you about updates, security notices, or support requests;
  • complying with legal obligations.

4. Legal Bases for Processing (where applicable)

If you are located in a region that requires a legal basis for processing personal data (such as the EU/EEA under GDPR), we rely on:

  • Contractual necessity – to provide the Services you request (e.g. account, API usage).
  • Legitimate interests – to secure our Services, prevent abuse, and understand aggregated usage patterns, balanced against your privacy rights.
  • Consent – for optional cookies, analytics, or communications, where required.
  • Legal obligations – to comply with applicable laws and regulations.

5. How We Share Information

We do not sell your personal information. We may share limited data with:

  • Service providers: trusted third parties who assist us in operating the Services (e.g. hosting providers, payment processors, email providers). They are bound by obligations to protect your information.
  • Legal reasons: when required to comply with law, regulation, legal process, or governmental request.
  • Business changes: in connection with a merger, acquisition, or transfer of assets, in which case we will take reasonable steps to ensure continued protection of your data.

6. Data Retention

We retain personal data only for as long as necessary to:

  • provide the Services you're actively using,
  • meet legal, accounting, or reporting requirements, and
  • resolve disputes or enforce our agreements.

For client-side tools where no data is sent to our servers, we do not retain your inputs at all.

7. Security

We take reasonable technical and organizational measures to protect the information we handle from loss, misuse, and unauthorized access. However, no online service can be completely secure.

You are responsible for:

  • using strong passwords and protecting your credentials;
  • keeping your devices secure and up to date;
  • avoiding pasting highly sensitive information into tools on shared or untrusted devices.

8. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal data, such as:

  • the right to access the personal data we hold about you;
  • the right to request correction or deletion of your data;
  • the right to restrict or object to certain processing;
  • the right to data portability;
  • the right to withdraw consent (where processing is based on it).

To exercise these rights, you can contact us at contact@birdor.com. We may need to verify your identity before fulfilling your request.

9. International Data Transfers

Birdor may operate infrastructure or use service providers in multiple countries. As a result, your information may be transferred to and processed in countries other than your own.

Where required by law, we will implement appropriate safeguards to protect personal data during such transfers (for example, standard contractual clauses or equivalent mechanisms).

10. Children's Privacy

The Services are not directed to children under the age of 13 (or the equivalent minimum age in relevant jurisdictions), and we do not knowingly collect personal data from children.

If you believe that a child has provided us with personal data, please contact us, and we will take steps to delete such information where required by law.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Services, legal requirements, or how we handle information.

  • When we make material changes, we will update the "Last updated" date at the top of this page.
  • Where appropriate, we may provide additional notice (for example, via the website or email).

Your continued use of the Services after changes become effective constitutes your acceptance of the updated Policy.

12. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or how we handle data, you can contact us at:

If you operate your own Birdor deployment or derivative project, you should adapt this Privacy Policy (and associated data practices) to match your actual infrastructure, service providers, and applicable laws.