At MessageBird, we do everything in our power to protect your data and give you full control over your personal data on our platform. Our aim is that you always feel informed and empowered with respect to safeguarding your own privacy, and the privacy of your customers. As a Cloud Communications Platform as a Service (CPaaS), we process personal data in order to deliver our services. This privacy statement contains information about what data we collect, why we collect it, and how we handle that data.
This version of our Privacy Statement has been updated to give you a better understanding of how we treat personal data and to call your attention to new features. The updated document is even more user-friendly and addresses new data protection regulations, including GDPR. You can view the previous statement here.
MessageBird is a Cloud Platform as a Service (CPaaS) company that allows enterprises all over the world to communicate with their customers via various communication channels, such as SMS, Voice, and E-Mail.
We only ask for personal data when we need it for business purposes or to provide you with relevant information. Whether you sign up for our newsletter or sign a Service Agreement, you provide your personal data to us for a particular purpose. You always have the opportunity to explicitly agree to the collection, use, disclosure, and sharing of the information you’ve provided. That applies even when you're browsing our website, where you can manage your cookie preferences. You can review your personal data and change your settings at all times.
Since customers integrate our products in their own software applications, we don’t interact with their end users directly. When customers do share end-user information with us, we always handle that data in accordance with data protection regulations, including GDPR. We don’t use that data for any purposes other than those specifically issued by the customer who provides the data.
Throughout this document you’ll encounter the mention of several roles and responsibilities. Here’s a quick explanation of the different roles, responsibilities, and systems of governance that play an integral part in ensuring your data is protected.
Controller is the company that an individual (or data subject) provides their personal data to. The Controller determines the purpose for the personal data (e.g. to receive important information or for sending invoices) and is responsible for the correct handling of the subject’s data.
Processor is the company that provides part of the service of the Controller, and needs specific personal data in control of the Controller in order to do so. To give an example: when one of our customers sends a campaign through our platform, we need personal data such as a phone number to fulfil the service. The Processor only processes personal data according to the instructions of the Controller.
Depending on your relationship with MessageBird, we can be both Controller and Processor. If you have any questions about these terms or more general inquiries about how we handle identifiable data, you can always contact us at firstname.lastname@example.org or send a written inquiry to:
All the personal data we process is lawfully obtained and with a legal basis. The purpose of the information we collect is so we can continue to conduct and expand our day-to-day business, and enable you to use our services. Personal data can also help us to improve our products to fit the needs of our customers.
Just as keeping your data safe is our priority, so is protecting your rights and freedoms as an individual, all in full compliance with global standards of rules and regulations for the protection of data. We process personal data based on a limited set of legal bases: 1) explicit consent (e.g. ticking a box on our website when you want to download product information), 2) signing a contract to receive a MessageBird service, 3) a legitimate interest (e.g. web analytics or direct marketing when there is an existing relationship), or 4) we have a legal obligation to do so (such as storing financial billing data for the time period required).
We collect personal data for specific purposes, and we’ll always tell you what those are when we collect it. We’ll use the collected data for the specified purpose alone, as long as our relationship stays the same. If our relationship changes, we may need more information. For example, if you fill out a form to request more information, we’ll use your data to send it to you. If you then decide to become a customer, we’ll need additional information including your billing address.
Here’s a list of the purposes for which we’ll request or use your data:
You will always have the choice to provide personal data on our domain or not. Please keep in mind that declining to provide personal data might prevent you from using a certain product or service. We will tell you the implications of not providing the information asked for when you choose not to do so.
In order to develop our business, we make use of third parties that supply us with information collected from publicly available sources and data enrichment providers. The information we collect is based on personas created by automated processes. In order to make sure we only approach the right audience, we only retain information that will help us reach out to people and companies that would benefit from the use of our services and products. If you no longer want to be contacted by our sales team, you can always object by contacting our support team.
The exact type of data we collect depends on the related product or service. Setting your privacy settings on our website, signing up for a newsletter, downloading marketing materials, or using any of our products and services all require you to leave appropriate details, specific to that purpose. We never collect more data than we need and may ask for additional data at the appropriate time.
The personal data we collect may include (depending on our relationship):
To be thorough, we've listed how we collect personal data and how that data will be used. The information below is not exhaustive and may be updated in accordance to new legislation, or because further clarification is needed based on a new product or service.
When browsing our website we automatically collect data by placing cookies and trusted tracking technologies on your browser. The information we collect helps us maintain and improve our website and business. It usually includes your IP address, browser type, the pages you've visited and in what order, and whether you’re a new or recurring visitor.
We use this data to ensure that the website works correctly and store any preferences you may have. It also helps us show relevant advertisements, generate and review data, and generate reports on our website user base and usage patterns.
When filling out a web form on our website, you directly interact with us. When you ‘Talk to Sales’, ‘Suggest an Integration’, ‘Talk to Support’ through our live chat window, send us an email, or subscribe to our newsletter, we hold the right to use the data you provide.
When you sign up on our website, we ask for some personal data like your email address, company, name, and the content of your inquiries. The particular fields to fill in may differ per form, we'll never ask you for irrelevant information, and we'll always use the data for the purpose you submitted it for.
If you're already a customer, we'll use the data collected from your account. That gives us relevant insight into how you’re using our platform and our products, what your business needs are, past support issues, and so on. Pulling this information allows us to tailor our assistance, product offers and provide the best possible assistance support via our support, tech and sales teams.
When creating a free trial account, you’ll need to fill out some personal data. The information we ask for is limited to what we need to provide you with the trial account. If you sign up by linking a third party account, you allow that third party to share the basic profile information needed to create a personal account with MessageBird.
We always ask you to authenticate yourself when activating your account by sending an activation link sent to the email address you provided. All you have to do next is log in with your username and password and you're ready to get started. Activating your account with a confirmation link proves to us that you created the account and that you're human.
When you start using the product during or after your free trial, we will ask for your phone number. Your number is used to send test messages, allows our support team to contact you, and allows for two-factor authentication on your account.
When buying credits or subscribing to a plan, we need more information than just your name and password. In order to start billing, we need information including your company details, billing address and preferred payment method(s). You’re assigned an Account ID automatically that’s used to process your orders, assign invoices, and track API requests. If you integrate our APIs into your software application, you'll be given an authentication token that allows us to identify you when you send API requests.
Your credentials help us to improve our internal processes and services. We keep account credentials on record to identify the account that assigns the API commands, and to make sure the account manager and our support team can store and access relevant information about your account.
Sometimes, we're legally required to collect additional information depending on the service. For instance, if you want to operate in Canada, Denmark, Malaysia, or the United States, you need specific approval, which can be requested through your account portal. To complete the request, we require details like the purpose of your campaign and a template or example SMS that you would send via MessageBird. We then share this information with local authorities of the country you specified to complete the procedure.
When using our products and services, we collect the commands your application communicates to MessageBird. This includes your IP addresses, information on your usage, and routing information.
Whether we fulfil the role of Controller or Processor, we always make sure that the parties we work with adhere to the GDPR Privacy and Security Standards. Additionally, we will make sure that another party will not use the data you have entrusted to us for any other purpose than delivering the service you signed up for.
Here's who we share information with and why:
Telecom operators and other communications service providers for proper routing and connectivity. We reach people’s smartphones through telecom operators and other communication service providers. In order to make sure the message you send will reach the intended recipient, independent of their location, we make use of a global network of telecom providers.
Third party service and technology providers who perform necessary actions on our behalf. We can share personal data with third party service providers, like our payment processor and hosting providers. We never share information without due contracts or for specific purposes that can be fulfilled in-house.
MessageBird Company Family. In order to do business with our global offices, we might need to share personal data between our legal entities. Both MessageBird B.V. and all other entities in the MessageBird Company Family will only ever use the data as described in this statement.
Targeted Advertising. We don't sell or rent any information to or from third parties for advertising or marketing purposes. We use direct marketing ourselves through Google Adwords. Find out more on how to manage your advertising preferences by checking out our Cookie Preference Center, or by visiting the advertising settings in your browser.
Payment Service Providers (PSPs) of MessageBird provide our customers with two ancillary services, besides the regular provision of payment services: Saved Payment Methods, and Auto Recharge. Stripe, Mollie and Adyen are the PSPs collecting, processing and storing the payments requests of our customers and are doing so as controllers in their own right.
Saved Payment Methods allows our customers to save the financial information of a specific payment method on a consent basis for their own convenience. The information necessary to provide the service differs depending on the selected payment method (credit card, iDeal or Paypal) but for a credit card consist of the last four digits of a credit card number, the expiration date, and the name of the cardholder. For iDeal the IBAN/ BIC number and account name, and for PayPal the account email address.
With Auto Recharge MessageBird and its Payment Service Providers enable our customers to automatically top up their account balance if it falls below a minimum threshold. This ancillary service is enabled by means of a toggle button, by which you provide your consent to use the required information to automatically recharge the credits on your balance. MessageBird requests extra authentication from its customers by means of an email that requires you to complete an extra authentication, when the bank or PSP requires it for these transactions.
For both of these ancillary payment services you can withdraw your consent at any time on the customer finance settings page, here.
We won’t share your information with third parties without your permission, except when we’re required to by law.
We will only respond to government requests when we are legally obliged to do so. The request needs to 1) be sent from a government agency, 2) be issued where we are subject to the respective jurisdiction, 3) be an enforceable subpoena, search warrant, court order or similar official instrument compelling us to disclose the information requested, and 4) state the categories of records sought and specific time period.
As a global, cloud based enterprise, our usage of the internet almost always involves the international transmission of personal data, both within and outside the EEA. If in our capacity as Processor an SMS message and the personal data involved transfer to a country outside the EEA, this is always determined by the use of our client in their role as Controller.
We take care to ensure our partners outside the EEA have sufficient guarantees and safeguards in place to properly treat and protect your data. Whether we're dealing with international mobile operators or other companies, we always make sure we contractually agree on data protection to protect the rights and freedoms of all individuals, inside and outside the EU, and ensure compliance with the GDPR.
We do everything in our power to keep your data safe. We invest in state-of-the-art technology and thorough security screenings of our infrastructure and employees to minimise security risks.
Since all our accounts are password-, and possibly two-factor authentication, protected, the only person with access to your account should be you. If your login information is stolen or used without your permission, it's imperative you notify us immediately so we can secure your account. You can do so by sending an email to email@example.com with the subject 'Urgent: account credentials'.
If you want to know more about the measures we take to keep your data secure, check out our Security Statement. It contains information about the industry standard, administrative, technical, physical, and organizational safeguards designed to prevent unauthorized access and use of personal data.
How long we keep personal data depends on its nature and the purpose for which it was obtained. Personal data related to our services, such as telephone numbers, geographic data, and message body, have a default retention period of 6 months. We only keep information that can personally identify you for 12 months for marketing and sales purposes. Additionally, we are under an obligation to demonstrate compliance with the applicable national and EU financial and tax laws and regulations. To do so, Customer data related to the account such as name, email address, (company) address, (company) bank details and position within the company will be kept for a period up to 10 years.
If you would like to review, amend, transfer or request to delete personal data during the default retention period, you can use dedicated features to do so. You can use our Data Request API for bulk requests. More specific requests can be submitted through easily accessible forms on our Dashboard.
If we've come to an agreement with you that we can store your data for an alternative period of time, we'll do that for as long as the agreement stipulates. After the agreed retention period, we might keep data in a non-identifiable form for archival, statistical and/or other legitimate purposes. None of it will be able to identify you as an individual.
Even though we collect your data to conduct business, your data stays your own. You stay in control of your personal data and can at any time choose what you want us do with it.
You can at any time:
Change your cookie settings. When you visit our website for the first time, you can either allow us to place all the cookies we use on your browser, decide to accept specific ones or deny all our cookies. You can always change your preferences both in your browser settings and the in cookie settings on our website. Within our cookie settings, we outline each cookie type in use on our site and provide an explanation of the implications of accepting it.
Withdraw consent to our processing of your data. If for whatever reason you no longer want us to use your personal data, you’re free to change your mind. We will always comply with your request, unless we're legally required to keep your data. Which basically means that if there is any legal dispute, about for example outstanding invoices, we can keep your information until it’s resolved.
For Saved Payment Details, you can withdraw your consent by selecting this link and deleting the stored payment information by clicking on the bin next to the stored details.
For Automatic Recharge, you can withdraw your consent by selecting this link and clicking on "No, I don't want to configure an automatic recharge.
For other consent withdrawal requests please send your request to firstname.lastname@example.org
Control and review your data. You can always view, amend, delete, and transfer your personal data. If you want to edit your information, you can do so on our dashboard where you can find an overview of your personal data. If you don’t use the dashboard, you can get a copy of your personal data directly by sending a request to email@example.com, our support staff, or via written request addressed to our headquarters in Amsterdam. We’ll process your request as soon as possible with a maximum of one month after receiving it. If a request is complicated or we get too many requests to process at a given time period, our response time can be increased by two months. You’ll be informed when such an extension period applies. When you choose to delete your personal data, we hold the right to hold onto anonymised and aggregated data. If we do so, nothing will be able to identify you as a person in any way. If we’re required to retain your information for legal reasons, we will let you know in response to your request.
Object to and restrict the processing of data. When your personal data is being processed to fulfill a legitimate interest to us, such as marketing, you’re able to object and unsubscribe. You can always exercise your right to restrict processing, and we’ll make sure to process your data in the way you specify. We will assess each request on a case-by-case basis according to the rules set out by the GDPR. If we override your request, we need to demonstrate that we have compelling grounds to do so, or that there’s a legal claim which allows us to retain personal data. If you don’t agree with how we’ve handled your request, you can file a complaint with the Supervisory Authority of The Netherlands, the authority related to the Member State you live or work in, or the country in which the suspected infringement has taken place.
We place small data files, called cookies, or similar technologies on your browser. A cookie is a small text file saved on your computer or mobile device when you visit a website.
In the cookie banner and in this notice we will explain in clear and plain language the relevant details about their use. This includes: where they are hosted, the lifespan of the cookie, and their purpose. This list is subject to change and it may not include all such providers at any given time.
The MessageBird website uses four types of cookies; strictly necessary, performance, functional and marketing & analytics cookies. These include first and third party cookies: first party cookies are set and controlled by MessageBird, while third party cookies are set and controlled by a third party tool or service.
The duration of a cookie varies: session cookies disappear from your computer or browser when you logout of your account or close your browser, while persistent cookies are stored even after you’ve closed the page. The retention period for these cookies is specified below.
With the exception of Strictly Necessary Cookies, cookies will only be placed on your device and/or browser after you confirm or update your preferences through the cookie banner.
If you decide to not allow opt-in cookies on this site, the site may not function as designed. For example, you may face issues logging in or retaining set preferences, such as the language the website displays.
Your consent applies to the following domains: developers.messagebird.com, messagebird.com
Cookie declaration last updated on 24/07/2018 by Cookiebot:
Strictly Necessary (5)
These cookies are necessary for the website to function and cannot be switched off in our systems. They are set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
|Stores the user's cookie consent state for the current domain||1 year||HTTP Cookie|
|language||messagebird.com||Saves the user's preferred language on the website.||1 year||HTTP Cookie|
|Preserves user session state across page requests.||Session||HTTP Cookie|
These cookies enable the website to provide enhanced functionality and personalisation such as the website content being provided in the preferred language for your location. They may be set by us or by third party providers whose services we have added to our pages.
|CookieConsentBulkTicket||cookiebot.com||Enables cookie consent across multiple websites||1 year||HTTP Cookie|
|dropdown||messagebird.com||Remembers the country selected in the country dropdown on the pricing page.||Session||HTTP Cookie|
|Remembers the user's selected language version of a website||Session||HTTP Cookie|
These cookies allow us to measure visits, traffic sources and engagement so we can improve the performance of our site. They help us learn which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous.
|_ga||messagebird.com||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||2 years||HTTP Cookie|
|_gat||messagebird.com||Used by Google Analytics to throttle request rate||Session||HTTP Cookie|
|_gid||messagebird.com||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||Session||HTTP Cookie|
|ajs_anonymous_id||messagebird.com||This cookie is used to identify a specific visitor - this information is used to identify the number of specific visitors on a website.||1 year||HTTP Cookie|
|collect||google-analytics.com||Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.||Session||Pixel Tracker|
|personalization_id||twitter.com||This cookie is set by Twitter. The cookie allows the visitor to share content from the website on his/her Twitter profile.||2 years||HTTP Cookie|
These cookies allow advertising parties to uniquely identify your browser and internet device. These cookies have the capability to either alone or in conjunction with others uniquely identify a person directly or indirectly. They may be regarded as personal data, under the relevant Data Protection Legislation.
|__ab12#||messagebird.com||Pending||4209 days||HTTP Cookie|
|351aec7931114f91a83ecef745e11b5a194f87559c0f4b82a707fe2c68175eab||api.autopilothq.com||Pending||1 year||HTTP Cookie|
|ajs_group_id||messagebird.com||This cookie is used to assign specific visitors into segments, this segmentation is based on visitor behavior on the website - the segmentation can be used to target larger groups.||1 year||HTTP Cookie|
|ajs_user_id||messagebird.com||This cookie is used to collect data on the visitor's behavior on the website - this information can be used to assign the visitor to a visitor segment, based on common preferences.||1 year||HTTP Cookie|
|bcookie||linkedin.com||Used by the social networking service, LinkedIn, for tracking the use of embedded services.||2 years||HTTP Cookie|
|BizoID||ads.linkedin.com||Pending||29 days||HTTP Cookie|
|bscookie||linkedin.com||Used by the social networking service, LinkedIn, for tracking the use of embedded services.||2 years||HTTP Cookie|
|fr||facebook.com||Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.||3 months||HTTP Cookie|
|IDE||doubleclick.net||Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.||1 year||HTTP Cookie|
|intercom-id-ovarfzs9||messagebird.com||Pending||270 days||HTTP Cookie|
|lidc||linkedin.com||Used by the social networking service, LinkedIn, for tracking the use of embedded services.||Session||HTTP Cookie|
|NID||google.com||Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.||6 months||HTTP Cookie|
|r/collect||doubleclick.net||This cookie is used to send data to Google Analytics about the visitor's device and behavior. It tracks the visitor across devices and marketing channels.||Session||Pixel Tracker|
|test_cookie||doubleclick.net||Used to check if the user's browser supports cookies.||Session||HTTP Cookie|
|UserMatchHistory||ads.linkedin.com||Pending||29 days||HTTP Cookie|
|uuid2||adnxs.com||Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.||3 months||HTTP Cookie|
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
|ajs%3Acookies||messagebird.com||Pending||1 year||HTTP Cookie|
|ajs%3Atest||messagebird.com||Pending||1 year||HTTP Cookie|
|Pending||Persistent||HTML Local Storage|
|Pending||Persistent||HTML Local Storage|
|algoliasearch-client-js||developers.messagebird.com||Pending||Persistent||HTML Local Storage|
|intercom.played-notifications||messagebird.com||Pending||Session||HTML Local Storage|
|Pending||Persistent||HTML Local Storage|
|m-b||quora.com||Pending||6311 days||HTTP Cookie|
IP Addresses: When you visit our website or account portal, or use our products and services, we collect your IP address. We use IP addresses to track and analyse information about the devices that interact with our systems and to know where these devices are located. For example, to detect the location of account logins to help us detect potential fraud or malicious agents.
Web Beacons: A web beacon is an object placed in a web page or email we use to check whether a user has accessed its content. We use web beacons along with cookies to gather data about your use of the MessageBird site and account portal. For example, we may use web beacons in marketing emails that notify us when you open an email or click on a link.
Our services and products are not directed to children under the age of 18. We never knowingly collect and/or process any personal data from children under this age directly. If we discover we’ve received personal data from a child without parental or legal consent, we will immediately take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about a child, please contact us at firstname.lastname@example.org with the subject: ‘Children’.
This statement might be subject to changes. We reserve the right to change, update, modify, or remove any part of this Privacy Statement at any time. If any modifications substantially affects your rights under this statement, we will send you an email where possible. You can always decide to continue to use our services or not in accordance with the new terms.
If you have any dispute with us relating to our privacy practices, please contact our legal team at email@example.com with the subject: ‘Dispute’. If we can’t reach an understanding via email, please refer to the Terms, which describes how disputes will be resolved between us. Please be sure to review the Terms before you use any of our products and services.
|Processor||Geographical Location||Transfer Mechanism|
|Adyen||The Netherlands (EU)||N/A|
|Atlassian||USA||EU-US Privacy Shield|
|Autopilot||USA||EU-US Privacy Shield|
|Claranet||The Netherlands (EU)||N/A|
|Clearbit||USA||EU-US Privacy Shield|
|CloudApp||USA||Standard Contractual Clauses|
|DocuSign||USA||Standard Contractual Clauses|
|Exact Online||The Netherlands (EU)||N/A|
|Google Cloud Platform||Ireland (EU)||N/A|
|Google G Suite||Ireland (EU)||N/A|
|Intercom||USA||EU-US Privacy Shield|
|Interswitch||The Netherlands (EU)||N/A|
|Looker||USA||Standard Contractual Clauses|
|MailChimp||USA||EU-US Privacy Shield|
|NetSuite||USA||Standard Contractual Clauses|
|Salesforce||UK (EU)||Binding Corporate Rules|
|Segment||USA||Standard Contractual Clauses|
|Sift Science||USA||EU-US Privacy Shield|
|Sparkpost||USA||EU-US Privacy Shield|
|Split.io||USA||Standard Contractual Clauses|
|SpringCM||USA||EU-US Privacy Shield|
|Stripe||USA||EU-US Privacy Shield|
|Tray.io||USA||EU-US Privacy Shield|
|Thrive Digital||Canada||Standard Contractual Clauses|
|Unit4 Multivers||The Netherlands (EU)||N/A|
|Workramp||USA||Standard Contractual Clauses|
|Zapier||USA||EU-US Privacy Shield|
|Zendesk||USA||EU-US Privacy Shield|
If you have any questions left regarding the processing of your personal data when you use our website and services, or have any feedback or suggestions to make this policy better, please don’t not hesitate to contact us.
If you’re not satisfied with our reply, you may refer your complaint to the relevant regulator in your jurisdiction.
You can reach our Data Protection Officer at firstname.lastname@example.org or at our HQ address:
Do you live in the USA, Singapore, Germany, China, Australia or in the UK? Check out our local addresses if you prefer old-fashioned mail.