Privacy Policy

Last updated: March 18, 2025

Birdseye (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use Birdseye, how we use it, and the choices you have. By installing or using Birdseye, you agree to the practices described in this policy.

1. Information We Collect

Account Information

When you sign in with Auth0, we receive and store your email address. We do not store your password — authentication is handled entirely by Auth0.

Google Calendar Data

When you connect a Google account, we request read access to your Google Calendar. Specifically:

  • Your Google account email address and display name (for identification within the app)
  • Your Google OAuth tokens (access token and refresh token), which are encrypted before being stored in our database
  • Calendar events for the current day: event title, start/end time, location, video conference links, and attendee information

We only sync events for the current day. We do not read your past events beyond what is needed to render today's view, and we do not read the content of calendar event descriptions or attachments.

Usage Information

We do not currently collect analytics, crash reports, or telemetry from the Birdseye desktop application. Standard server-side access logs (IP addresses, request timestamps) may be retained by our hosting provider (Heroku) for a limited period.

Billing Information

Payment processing is handled by Stripe. We do not store your full credit card number, CVC, or any raw payment data on our servers. Stripe provides us with limited billing metadata (e.g., subscription status, last four digits of your card).

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Birdseye service
  • Sync your Google Calendar events and display them in the app
  • Authenticate your identity and maintain your session
  • Process subscription payments via Stripe
  • Send you transactional emails related to your account or subscription (via Stripe or Auth0)
  • Respond to support requests
  • Comply with applicable legal obligations

We do not use your calendar data for advertising, we do not sell your data to third parties, and we do not use your data to build advertising profiles.

3. How We Share Your Information

We do not sell or rent your personal information. We share data only with the service providers necessary to operate Birdseye:

Auth0

We use Auth0 for user authentication. When you sign in, Auth0 processes your credentials and provides us with a verified identity token. Auth0's privacy policy is available at auth0.com/privacy.

Google

When you connect your Google account, you authorize Google to share your calendar data with us under Google's OAuth framework. Google's privacy policy is available at policies.google.com/privacy.

Stripe

We use Stripe to process subscription payments. Stripe may collect your payment information, billing address, and other financial data. Stripe's privacy policy is available at stripe.com/privacy.

Heroku (Salesforce)

Our API and database are hosted on Heroku. Your data (including encrypted Google tokens and cached calendar events) is stored on Heroku's infrastructure. Heroku's privacy policy is available at salesforce.com/company/privacy.

4. Data Security

We take security seriously. Measures we employ include:

  • Google OAuth tokens are encrypted at rest using AES-256-GCM before being stored in our database
  • All data in transit is encrypted via HTTPS/TLS
  • The Electron app stores your auth session token using macOS Keychain (via Electron's safeStorage API)
  • Our database is hosted on Heroku Postgres with SSL-required connections

No method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we strive to use commercially reasonable measures to protect your information.

5. Data Retention

We retain your account information and calendar data for as long as you maintain an active account with us. When you disconnect a Google account from Birdseye, all tokens and cached events for that account are permanently deleted. When you delete your Birdseye account entirely, we delete all associated personal data within 30 days.

Stripe may retain billing records as required by law or its own policies.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Disconnect your Google account at any time from the Birdseye settings panel
  • Revoke Birdseye's access to your Google Calendar from your Google Account security settings

To exercise any of these rights, contact us at privacy@birdseye.app.

7. Children's Privacy

Birdseye is not directed at children under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above. For material changes, we will notify you by email or through a notice in the app.

9. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Email: privacy@birdseye.app
Website: https://birdseye.app