Privacy Policy

Last updated: January 1, 2026

1. Introduction

HeyBirdy.ai ("HeyBirdy", "we", "us", "our") is an AI-powered customer service and conversational automation platform. HeyBirdy.ai is operated by Shoppertise Sdn Bhd (201301034266 (1064096-H)), a company incorporated in Malaysia ("Shoppertise").

We are committed to protecting and respecting your privacy. This Privacy Policy ("Notice") explains how we collect, use, disclose, and protect personal data when you:

  • visit our website;
  • communicate with us;
  • use the HeyBirdy.ai platform; or
  • otherwise interact with our services.

We have aligned our data protection compliance programme to the core requirements of the General Data Protection Regulation (EU Regulation 2016/679) ("GDPR"), which we treat as the global benchmark for data protection. This Notice is also intended to comply with applicable data protection laws, including but not limited to the UK GDPR, Malaysia Personal Data Protection Act 2010, Singapore PDPA, Indonesia PDP Law, California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA"), and other applicable laws.

2. Roles and Responsibilities

2.1 Data Controller and Processor

In most cases, HeyBirdy acts as a Data Processor on behalf of our business clients, who are the Data Controllers for personal data processed through the HeyBirdy.ai platform.

HeyBirdy acts as a Data Controller for:

  • contact and account information of our clients and prospects;
  • data collected through our website and marketing activities; and
  • administrative and operational data necessary to operate our business.

3. Personal Data We Process

3.1 Information Provided by Our Clients

The categories of personal data processed through the HeyBirdy.ai platform are determined by our clients and may include:

  • names;
  • business contact details (email address, telephone number);
  • message content exchanged via supported communication channels;
  • conversation metadata (timestamps, routing decisions, escalation status);
  • SOPs, policies, and structured knowledge uploaded by clients.

3.2 Information Collected Directly from You

When you interact with our website or contact us, we may collect:

  • name;
  • job title;
  • company name;
  • email address;
  • telephone number;
  • device and browser information;
  • IP address and approximate location data.

3.3 Cookies and Similar Technologies

We use cookies and similar technologies to:

  • operate and secure our website;
  • analyse website usage and performance; and
  • improve user experience.

You may control cookies through your browser settings. For more information, please refer to our Cookie Policy.

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes and lawful bases:

PurposeLegal Basis
Providing and operating our servicesPerformance of a contract
Processing data on behalf of clientsPerformance of a contract
Responding to enquiries and communicationsLegitimate interests
Improving platform reliability and securityLegitimate interests
Website analytics and performanceLegitimate interests or consent
Compliance with legal obligationsLegal obligation

We do not use client conversation data to train general-purpose AI models without explicit client consent.

5. AI Processing and Safeguards

HeyBirdy.ai processes data in accordance with client-configured rules, SOPs, and policies. Our AI systems:

  • operate within parameters defined by clients;
  • support human-in-the-loop escalation workflows; and
  • do not autonomously make decisions beyond configured rules.

Clients retain ownership of all data processed through the platform.

6. Data Sharing and Subprocessors

We may share personal data with trusted third-party service providers acting as subprocessors, including:

  • cloud infrastructure and hosting providers;
  • communication platform providers;
  • security, monitoring, and support service providers.

All subprocessors are subject to contractual data protection obligations consistent with applicable data protection laws.

7. International Data Transfers

Personal data may be transferred to and processed in countries outside your jurisdiction. Where required, we implement appropriate safeguards, such as Standard Contractual Clauses, to protect personal data.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Notice, comply with legal obligations, and resolve disputes. Upon termination of services, client data is deleted or returned in accordance with contractual agreements.

9. Your Rights

Subject to applicable law, you may have the right to:

  • access your personal data;
  • request correction or deletion;
  • restrict or object to processing;
  • request data portability; and
  • withdraw consent where processing is based on consent.

Requests may be submitted by contacting us at legal@heybirdy.ai.

10. Children's Data

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal data from children.

11. Security

We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption, and monitoring.

12. Changes to This Notice

We may update this Notice from time to time. Changes will be posted on this page with an updated revision date.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: legal@heybirdy.ai

Appendix A – California Residents

This Appendix applies to California residents under the CCPA and CPRA.

We do not sell personal data. California residents have the right to access, delete, and limit the use of their personal data, and the right to non-discrimination for exercising these rights. Requests may be submitted to legal@heybirdy.ai.