Your privacy is important to us. It is Direction LLC’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including via our app, Birdie, and its associated services.
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, images of your face, and even information about how you use an app or online service.
In the event our app contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our app.
This policy is effective as of November 14, 2024.
Last updated: November 30, 2024
Information We Collect
Information we collect falls into one of two categories: ‘voluntarily provided’ information and ‘automatically collected’ information.
‘Voluntarily provided’ information refers to any information you knowingly and actively provide us when using our app and its associated services.
‘Automatically collected’ information refers to any information automatically sent by your device in the course of accessing our app and its associated services.
Personal Information
We may ask for personal information — for example, when you register an account or when you contact us — which may include one or more of the following:
• First name
• Date of birth
• Sexual orientation
• Skin health conditions
• Allergies
• Skin concerns
• Images of your face
• Current skincare product routine
• Ideal budget range for products
Sensitive Information
‘Sensitive information’ or ‘special categories of data’ is a subset of personal information that is given a higher level of protection. Examples of sensitive information include information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation, health information, or biometric information.
The types of sensitive information that we may collect about you include:
• Sexual orientation
• Health information (including skin health conditions and allergies)
• Biometric data (images of your face)
We will not collect sensitive information about you without first obtaining your explicit consent, and we will only use or disclose your sensitive information as permitted, required, or authorized by law. You have the right to withdraw your consent at any time.
Device Data
Our app may access and collect data via your device’s in-built tools, such as:
• Camera (to capture images of your face)
• Contacts
• Storage, photos, and/or media
• Notifications
• Background data refresh
When you install the app or use your device’s tools within the app, we request permission to access this information. The specific data we collect can depend on the individual settings of your device and the permissions you grant when you install and use the app.
Log Data
When you access our servers via our app, we may automatically log the standard data provided by your device. It may include your device’s Internet Protocol (IP) address, your device type and version, your activity within the app, time and date, and other details about your usage.
Additionally, when you encounter certain errors while using the app, we automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Legitimate Reasons for Processing Your Personal Information
We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.
Legal Bases for Processing Your Personal Information
We will only collect and use your personal information when we have a legal right to do so under applicable data protection laws such as the GDPR. Our legal bases for processing your personal information include:
• Consent: You have given clear consent for us to process your personal data for a specific purpose. For example, when you provide sensitive information like health data or facial images, we obtain your explicit consent.
• Performance of a Contract: Processing your data is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. For instance, using your data to provide personalized skincare analyses and product recommendations.
• Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided that these interests are not overridden by your rights and interests. Our legitimate interests include improving our services, analyzing usage patterns, and ensuring the security of our app.
• Compliance with Law: Processing is necessary for compliance with a legal obligation to which we are subject.
Collection and Use of Information
We may collect personal information from you when you do any of the following on our app:
• Register for an account
• Use a mobile device or web browser to access our content
• Upload images of your face for skin analysis
• Provide details about your skin health conditions, allergies, and concerns
• Enter your current skincare product routine and budget preferences
• Contact us via email, social media, or on any similar technologies
• When you mention us on social media
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
• To provide you with our app and platform’s core features and services
• To enable you to customize or personalize your experience of our app
• To analyze images of your face using AI models to provide detailed skin analysis
• To generate personalized skincare product recommendations based on your provided data
• To contact and communicate with you
• For analytics, market research, and business development, including to operate and improve our app, associated applications, and associated social media platforms
• For advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you (with your explicit consent)
• To enable you to access and use our app, associated platforms, and associated social media channels
• For internal record keeping and administrative purposes
• To attribute any content (e.g., posts and comments) you submit that we publish on our app
• For technical assessment, including to operate and improve our app, associated applications, and associated social media platforms
We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources.
Security of Your Personal Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.
How Long We Keep Your Personal Information
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy.
For example:
• Facial images and skin analysis data are retained until you personally request we delete it to provide you with access to your scan history and recommendations.
• If you delete your account and request personal data deletion, we will delete the associated personal data within 30 days.
If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation, or for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes.
Children’s Privacy
We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13.
Disclosure of Personal Information to Third Parties
We may disclose personal information to:
• A parent, subsidiary, or affiliate of our company
• Third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, professional advisors, and payment systems operators
• Our employees, contractors, and/or related entities
• Our existing or potential agents or business partners
• Courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or to establish, exercise, or defend our legal rights
• Third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you (with your explicit consent)
• Third parties to collect and process data
• An entity that buys or to which we transfer all or substantially all of our assets and business
Third parties we currently use include:
• Amplitude (Analytics)
• Apple Pay (Payment Processing)
• Supabase for data storage and hosting
We ensure that all third-party service providers comply with applicable data protection laws and protect your personal information with appropriate safeguards.
International Transfers of Personal Information
The personal information we collect is stored and/or processed in the United States, or where we or our partners, affiliates, and third-party providers maintain facilities.
When transferring personal data from the European Economic Area (EEA) or the United Kingdom to countries outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or other legally accepted means, to protect your personal information.
The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. By providing your personal information, you consent to the transfer of your information to these countries.
Your Rights and Controlling Your Personal Information
Your Rights Under GDPR
If you are a resident of the EEA or the UK, you have the following data protection rights:
• Right to Access: You have the right to request copies of your personal information.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
• Right to Erasure: You have the right to request that we erase your personal information, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal information, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
To exercise any of these rights, please contact us using the details provided in this privacy policy.
Your Rights Under CCPA
If you are a resident of California, you have the following rights:
• Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
• Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information. However, if we ever decide to sell personal information, you have the right to opt-out of the sale of your personal information.
To exercise any of these rights, please contact us using the details provided in this privacy policy.
Consent for Marketing Communications
We will only send you marketing communications if you have explicitly opted-in to receive them. You have the right to withdraw your consent at any time by contacting us or using the unsubscribe link in our communications.
Cookies and Similar Technologies
We use cookies and similar tracking technologies to collect and use personal information about you, including to serve interest-based advertising.
Cookies are small data files stored on your device when you visit a website or use an app. They help us to recognize your device and store information about your preferences or past actions.
We use cookies to:
• Enable core functionalities of our app
• Analyze usage and performance of our app
• Provide personalized content and recommendations
• Remember your preferences and settings
You can control cookies through your device or browser settings. However, disabling cookies may affect the functionality of our app.
Data Breaches
In the event of a data breach, we will promptly notify you and the appropriate regulatory authorities where we are legally required to do so. We will take all reasonable steps to mitigate any potential harm resulting from the breach.
User-Generated Content
If you submit content through our app, such as reviews or comments, we may display this content along with your first name. Please be aware that any personal information you submit in this manner may be read, collected, or used by others who access them. We are not responsible for the personal information you choose to submit in these forums.
Updates to This Policy
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes.
If we decide to change this privacy policy, we will post the changes here and update the “Last updated” date at the top of this policy. By continuing to use our app after these changes are in effect, you agree to the revised policy.
Compliance with Other Jurisdictions
We comply with data protection laws applicable to the countries where we operate. If you are accessing our app from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States or other countries where our servers are located.
HIPAA Compliance
Our app is not intended to process Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). We do not consider ourselves a Covered Entity or Business Associate under HIPAA. If you are a healthcare provider or otherwise subject to HIPAA, you should not use our app to transmit PHI.
Contact Us
For any questions or concerns regarding your privacy, you may contact us using the following details: