Bird Security Overview
Last updated
Last updated
Last Reviewed and Updated: 10 September 2024
At Bird, we help businesses transform the way they connect with customers through our powerful CRM platform. Whether it's managing customer relationships, automating marketing campaigns, or optimizing sales, Bird is designed to enhance every interaction—making it more personal, efficient, and impactful.
Our platform unifies all communication channels—WhatsApp, Email, SMS, Voice, WeChat, Messenger, and Instagram—into one seamless system, giving businesses the tools to deliver personalized experiences at scale. Bird helps you create memorable customer journeys and streamline support, all while maintaining the highest security standards.
With over 50,000 businesses globally—from fast-growing startups to established enterprises—choosing Bird, our commitment to protecting your data is absolute. We blend cutting-edge technology with industry-leading security practices, giving you the peace of mind to focus on what really matters: growing your business.
If you want access to our security documents, please see our trust page at bird.com/trust for more information on how to access the following documents:
As your business scales, so does the responsibility to protect sensitive customer information. At Bird, we know that trust is key to your success. That’s why security isn’t an afterthought—it’s baked into everything we do. Our infrastructure and products are certified to the highest standards, including ISO/IEC 27001:2022 and SOC 2 Type I & II. These certifications are more than just badges; they’re proof that we prioritize your data’s safety every step of the way.
We’re also registered with the Dutch Authority for Consumers and Markets (ACM) and are an Associate Member of the Groupe Speciale Mobile Association (GSMA). Bird meets stringent international compliance standards like GDPR, ensuring that your business can confidently operate in any market.
Overview of services covered by standards:
Service
ISO 27001
SOC 2 Type I*
SOC 2 Type II
BirdCRM platform
✔
✔
✘
Inbox (BirdCRM)
✔
✔
✘
Contacts
✔
✔
✘
Email (Sparkpost/Taxi/EDS)
✔
✘
✔
SMS
✔
✔
✘
Voice (BirdCRM)
✔
✘
✘
Numbers (BirdCRM)
✔
✔
✘
Conversation Channels
✔
✔
✘
Flows (BirdCRM)
✔
✔
✘
Connectors
✔
✔
✘
Mobile Push Beams & Channels (Pusher)
✔
✘
✘
Video (24sessions)
✔
✘
✘
*SOC2 Type I is not yet finalized but is on the roadmap to be completed in 2024.
Bird’s ISO/IEC 27001:2022 certified ISMS is the backbone of our security framework. It ensures that the confidentiality, integrity, and availability of your data are always protected. Here’s what that means for you:
Confidentiality: Your data is safe from unauthorized access.
Integrity: We protect your data from being altered or corrupted.
Availability: Your business-critical information is always accessible when you need it.
Security is a partnership between us and our customers. Every Bird employee is trained to protect sensitive information, starting with their onboarding and continuing with regular annual training. Our Legal, Security, and Compliance Team ensures that every policy stays up to date with evolving regulations, so you never have to worry about compliance.
Security isn’t one-size-fits-all. At Bird, we’ve developed a comprehensive suite of security policies to address every aspect of our platform. These policies are regularly updated to ensure that we’re always ahead of potential threats.
Our Security and Compliance Teams work closely with engineering and operations to ensure that these policies don’t just protect your data—they allow you to run your business efficiently, without interruptions.
Downtime is not an option for your business, and we understand that. Bird’s business continuity and disaster recovery plans ensure that, in the rare event of an outage, services are quickly restored with minimal disruption. You can subscribe to real-time service updates on our status page to stay informed and in control. https://status.messagebird.com/
We know that security starts with the people who have access to your systems. That’s why all Bird employees undergo rigorous screening—including criminal, education, and employment history checks—before they ever touch a system. Confidentiality agreements are mandatory, and security training is part of every employee’s annual curriculum.
Our Security and Privacy Awareness Program keeps everyone at Bird updated on the latest best practices, ensuring that your data is always handled with care.
Bird’s Security Team has established a thorough Incident Management Program to handle any potential breaches or attacks. We follow a robust Data Breach Notification Procedure to ensure you’re informed quickly when appropriate.
Bird leverages the best in cloud infrastructure with Google Cloud Platform (GCP) and Amazon Web Services (AWS). These world-class platforms offer unparalleled security, including fully isolated development, staging, and production environments, as well as data encryption both at rest and in transit. Furthermore, we monitor all our internal and external security events via our security information event management solution and have 24/7 on-call security engineers. We also perform regular third-party penetration testing to stay ahead of emerging threats.
Your business might operate across multiple regions, and Bird makes it easy to comply with local data protection laws. We offer data residency options across the US, EU, and APAC regions, allowing you to choose the hosting location that best meets your needs.
Bird’s Change Management Process ensures that every update, fix, or new feature is carefully tested and implemented without disrupting your operations. All changes to our production environment follow a formal process that guarantees they’re reviewed, authorized, and implemented securely.
Your data is treated as if it were highly sensitive—because it is. Bird encrypts all customer data both in transit and at rest using TLS 1.2 and advanced encryption configurations. We’ve also implemented record-level encryption for particularly sensitive information, ensuring that your data is safe no matter where it is.
Bird follows strict Role-Based Access Control (RBAC), ensuring that only authorized individuals can access critical systems and information. We enforce Single Sign-On (SSO) and MFA across the board to add additional layers of protection. Access is immediately revoked when employees leave the company, minimizing any potential risks.
You’re in control of your data, and Bird follows your instructions for data retention or deletion. For compliance purposes, we may retain certain data for specific periods, ensuring legal obligations are met.
Bird’s applications are designed with security in mind. We follow secure coding practices and enforce code reviews to ensure vulnerabilities are caught and addressed before they ever reach production. Annual penetration testing and adherence to OWASP security standards keep our platform secure.
At Bird, we understand that your data security extends beyond our walls. That’s why we carefully vet every third-party vendor, ensuring they meet our rigorous security standards. We maintain transparency about our subprocessors, so you always know where your data is and who has access to it. Please see our subprocessor overview via the link.
When you partner with Bird, you’re not just getting a powerful CRM solution—you’re gaining a partner who takes security, compliance, and data protection as seriously as you do. We’ve built our platform to support your growth, backed by robust security measures that allow you to focus on what matters most: delivering value to your customers.
