Privacy Policy

Introduction

BirdX ("we", "us") operates the BirdX secure messaging platform at birdx.chat and app.birdx.chat. This Privacy Policy explains what information we process, why we process it, and the choices you have. By using BirdX, you agree to the practices described here.

Who this policy applies to

This policy applies to anyone who visits our website, uses the BirdX web or native apps, or communicates with our support team. If you use BirdX through an organization that hosts its own instance, your administrator may have additional policies.

Information we collect

We collect only what is needed to run a secure messaging service:

• Account data: username, display name, email address (if provided), profile photo, and authentication credentials (stored using industry-standard hashing).
• Messaging metadata: delivery timestamps, chat membership, and technical logs required to route messages — not the readable content of end-to-end encrypted direct messages.
• Usage and security logs: IP address, device/browser type, and error reports to prevent abuse and keep the service reliable.
• Support communications: messages you send to support@birdx.chat or privacy@birdx.chat.

End-to-end encryption

Direct messages between users can be protected with end-to-end encryption (E2EE) using X3DH key agreement and AES-256-GCM. When E2EE is active, message bodies are encrypted on your device before they leave it. BirdX cannot decrypt or read that content. Group and channel messages may use different encryption models; see in-app security indicators for each conversation.

How we use your information

We use collected data solely to provide and improve BirdX: account authentication, message delivery, voice/video calls (WebRTC), notifications, moderation where applicable, fraud prevention, and customer support. We do not sell your personal data and we do not use private message content for advertising or profiling.

Cookies and local storage

The web app uses cookies and browser local storage to keep you signed in, remember preferences (such as theme and language), and support PWA installation. You can clear site data in your browser settings; you may need to sign in again afterward.

Sharing with third parties

We do not share personal data with advertisers. We may use infrastructure providers (hosting, CDN, email delivery) under contracts that require them to protect data and use it only on our instructions. We may disclose information if required by law or to protect the safety of users and the platform.

Retention and deletion

We retain account and operational data while your account is active. Message retention in groups and channels may follow server or community settings. You may request account deletion by emailing privacy@birdx.chat from your registered address; we will delete or anonymize personal data within a reasonable period, subject to legal retention obligations.

Your rights

Depending on your location, you may have the right to access, correct, export, or delete personal data we hold about you, and to object to certain processing. Contact privacy@birdx.chat to exercise these rights. We will respond within a reasonable timeframe.

Security

We apply technical and organizational measures including TLS in transit, access controls, monitoring, and optional two-factor authentication (TOTP). No online service is 100% secure; please use a strong unique password and enable 2FA in Settings → Security.

Children

BirdX is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has created an account, contact us so we can take appropriate action.

Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will change when we do. Continued use of BirdX after changes means you accept the updated policy.

Contact

Privacy questions and data requests: privacy@birdx.chat. General support: support@birdx.chat.