<aside>
💁 You can contact us anytime at [email protected]
</aside>
Birdie uses commercially reasonable efforts to implement and maintain the security measures listed below. Birdie may update or modify these Security Measures from time to time provided that the updates and modifications will not result in any material degradation of the overall security of Birdie's Services.
Personnel Security
- Background Checks. Birdie conducts background checks for employees and contractors with systems access to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
- Confidentiality. Birdie personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Birdie's internal policies.
- Security Education and Awareness Training. Birdie personnel are required to attend security and privacy training upon hire and annually thereafter.
Organizational Security
- Access Controls. Birdie implements access provisioning based on the principle of least privilege and access removal controls promptly upon termination.
- Multi-factor Authentication (MFA). Birdie employs multi-factor authentication for access across our production environment and internal systems containing Customer Data.
- Passwords. Birdie requires and enforces password complexity requirements where passwords are employed for authentication (e.g., login to workstations). These requirements include restrictions on password reuse and sufficient password strength.
- Anti-Virus and Malware. Birdie employs an anti-virus and malware solution with daily signature updates for end user devices.
- Endpoint Security. Birdie-issued devices are configured by Birdie's endpoint management solutions which include inactivity screensaver timeouts, full disk encryption, remote data wipe and lock capabilities, and regular patching.
- Information Security. Birdie personnel are required to acknowledge and comply with Birdie Information Security policies and standards. Noncompliance is subject to disciplinary action, up to and including termination of employment.
- Monitoring and Incident Response. Birdie maintains incident detection capabilities and a documented incident response program. In the event of an incident, Birdie will promptly take reasonable steps to minimize harm and secure Customer Data.
Data Practices
- Industry Standard Encryption. Data in transit is encrypted using TLS 1.2+, and data at rest is encrypted using AES-256. Birdie hashes user passwords with bcrypt before storing them in an encrypted database.
- Retention and Deletion. Birdie maintains backup data for up to 30 days after a video has been permanently deleted by an end user. Video data is then permanently deleted.
- Secure Destruction. Birdie's primary hosting provider complies with Department of Defense standards for secure erasure and secure decommissioning of storage media.
- Storage. Birdie stores data in a multi-tenant environment hosted on AWS servers and logically isolates Customer Data.
Network Protection