Bird Security Overview

Last Reviewed and Updated: 10 September 2024

Purpose

At Bird, we help businesses transform the way they connect with customers through our powerful CRM platform. Whether it's managing customer relationships, automating marketing campaigns, or optimizing sales, Bird is designed to enhance every interaction—making it more personal, efficient, and impactful.

Our platform unifies all communication channels—WhatsApp, Email, SMS, Voice, WeChat, Messenger, and Instagram—into one seamless system, giving businesses the tools to deliver personalized experiences at scale. Bird helps you create memorable customer journeys and streamline support, all while maintaining the highest security standards.

With over 50,000 businesses globally—from fast-growing startups to established enterprises—choosing Bird, our commitment to protecting your data is absolute. We blend cutting-edge technology with industry-leading security practices, giving you the peace of mind to focus on what really matters: growing your business.

If you want access to our security documents, please see our trust page at bird.com/trust for more information on how to access the following documents:

Why Security is Central to Bird

As your business scales, so does the responsibility to protect sensitive customer information. At Bird, we know that trust is key to your success. That’s why security isn’t an afterthought—it’s baked into everything we do. Our infrastructure and products are certified to the highest standards, including ISO/IEC 27001:2022 and SOC 2 Type I & II. These certifications are more than just badges; they’re proof that we prioritize your data’s safety every step of the way.

We’re also registered with the Dutch Authority for Consumers and Markets (ACM) and are an Associate Member of the Groupe Speciale Mobile Association (GSMA). Bird meets stringent international compliance standards like GDPR, ensuring that your business can confidently operate in any market.

Overview of services covered by standards:

Service

ISO 27001

SOC 2 Type I*

SOC 2 Type II

BirdCRM platform

Inbox (BirdCRM)

Contacts

Email (Sparkpost/Taxi/EDS)

SMS

Voice (BirdCRM)

Numbers (BirdCRM)

Conversation Channels

Flows (BirdCRM)

Connectors

Mobile Push Beams & Channels (Pusher)

Video (24sessions)

*SOC2 Type I is not yet finalized but is on the roadmap to be completed in 2024.

How We Protect Your Business

Bird’s ISO/IEC 27001:2022 certified ISMS is the backbone of our security framework. It ensures that the confidentiality, integrity, and availability of your data are always protected. Here’s what that means for you:

  • Confidentiality: Your data is safe from unauthorized access.

  • Integrity: We protect your data from being altered or corrupted.

  • Availability: Your business-critical information is always accessible when you need it.

Security is a partnership between us and our customers. Every Bird employee is trained to protect sensitive information, starting with their onboarding and continuing with regular annual training. Our Legal, Security, and Compliance Team ensures that every policy stays up to date with evolving regulations, so you never have to worry about compliance.

Comprehensive Security Policies

Security isn’t one-size-fits-all. At Bird, we’ve developed a comprehensive suite of security policies to address every aspect of our platform. These policies are regularly updated to ensure that we’re always ahead of potential threats.

Key policies below (list contains 21 policies)
  • Information Security Policy

  • Roles and Responsibilities Policy

  • Change Control Policy

  • Third-Party Security Policy

  • Audit Log and Event Management Policy

  • Incident Management Policy

  • Business Continuity Policy

  • Data Protection Policy

  • Data Retention Policy

  • Data Classification Policy

  • Information Security Risk Management Policy

  • Teleworking Policy

  • Asset Management Policy

  • Intellectual Property Policy

  • Configuration Management Policy

  • Information Backup Policy

  • Vulnerability Management Policy

  • Access Control Policy

  • Cryptographic Key Management Policy

  • Development Outsourcing Policy

  • Secure Development Policy

  • Acceptable Use Policy

Our Security and Compliance Teams work closely with engineering and operations to ensure that these policies don’t just protect your data—they allow you to run your business efficiently, without interruptions.

Business Continuity and Disaster Recovery

Downtime is not an option for your business, and we understand that. Bird’s business continuity and disaster recovery plans ensure that, in the rare event of an outage, services are quickly restored with minimal disruption. You can subscribe to real-time service updates on our status page to stay informed and in control. https://status.messagebird.com/

People Security

We know that security starts with the people who have access to your systems. That’s why all Bird employees undergo rigorous screening—including criminal, education, and employment history checks—before they ever touch a system. Confidentiality agreements are mandatory, and security training is part of every employee’s annual curriculum.

Our Security and Privacy Awareness Program keeps everyone at Bird updated on the latest best practices, ensuring that your data is always handled with care.

Incident Management

Bird’s Security Team has established a thorough Incident Management Program to handle any potential breaches or attacks. We follow a robust Data Breach Notification Procedure to ensure you’re informed quickly when appropriate.

Cutting-Edge Infrastructure Security

Bird leverages the best in cloud infrastructure with Google Cloud Platform (GCP) and Amazon Web Services (AWS). These world-class platforms offer unparalleled security, including fully isolated development, staging, and production environments, as well as data encryption both at rest and in transit. Furthermore, we monitor all our internal and external security events via our security information event management solution and have 24/7 on-call security engineers. We also perform regular third-party penetration testing to stay ahead of emerging threats.

Data Residency and Global Compliance

Your business might operate across multiple regions, and Bird makes it easy to comply with local data protection laws. We offer data residency options across the US, EU, and APAC regions, allowing you to choose the hosting location that best meets your needs.

Change Management

Bird’s Change Management Process ensures that every update, fix, or new feature is carefully tested and implemented without disrupting your operations. All changes to our production environment follow a formal process that guarantees they’re reviewed, authorized, and implemented securely.

Encryption and Data Security

Your data is treated as if it were highly sensitive—because it is. Bird encrypts all customer data both in transit and at rest using TLS 1.2 and advanced encryption configurations. We’ve also implemented record-level encryption for particularly sensitive information, ensuring that your data is safe no matter where it is.

Access Management

Bird follows strict Role-Based Access Control (RBAC), ensuring that only authorized individuals can access critical systems and information. We enforce Single Sign-On (SSO) and MFA across the board to add additional layers of protection. Access is immediately revoked when employees leave the company, minimizing any potential risks.

Data Retention

You’re in control of your data, and Bird follows your instructions for data retention or deletion. For compliance purposes, we may retain certain data for specific periods, ensuring legal obligations are met.

Application Security

Bird’s applications are designed with security in mind. We follow secure coding practices and enforce code reviews to ensure vulnerabilities are caught and addressed before they ever reach production. Annual penetration testing and adherence to OWASP security standards keep our platform secure.

Third-Party Risk Management

At Bird, we understand that your data security extends beyond our walls. That’s why we carefully vet every third-party vendor, ensuring they meet our rigorous security standards. We maintain transparency about our subprocessors, so you always know where your data is and who has access to it. Please see our subprocessor overview via the link.

Trust Bird with Your Growth

When you partner with Bird, you’re not just getting a powerful CRM solution—you’re gaining a partner who takes security, compliance, and data protection as seriously as you do. We’ve built our platform to support your growth, backed by robust security measures that allow you to focus on what matters most: delivering value to your customers.

Last updated