Privacy Policy

This Privacy Policy (hereinafter referred to as “Privacy Policy”) describes how Firebird AI CJSC (hereinafter referred to as “Firebird”) collect and process Customer’s personal information in relation to Firebird Cloud Services.

1. Information Firebird Collects

Firebird processes certain categories of information in order to operate and provide access to the platform and infrastructure services. These categories include Account Information, Billing information, Infrastructure Metadata, Operational Logs, and Customer Content.

1.1. Personal Data the user provides

Registration

Firebird processes information required to create and manage Accounts and provide access to Firebird Cloud services.

To access Firebird Cloud services, Firebird collects information at registration, which differs based on selected enrollment type: personal or corporate. This information may include:

Personal Account:

• Email address and authentication credentials
• Full Name
• Country of Residence
• Citizenship
• Industry
• Phone number

Firebird does not intentionally collect sensitive personal data (e.g., information revealing race, ethnicity, political opinions, religion, health, PHI or similar).

Business Account:

• Organization details:
  • Company name
  • Industry
  • Country of Incorporation
  • Tax ID
  • Website
• Primary Contact information, including:
  • Email address and authentication credentials
  • Full Name
  • Job title
  • Phone number

This information is used to manage Customer’s identities, authenticate Customers, and control access to Firebird Cloud services.

Third-party authentication

If Customer chooses to sign up using Google or GitHub account (or another supported third-party account), Customer authorizes Firebird to receive, store, and use any information that Customer has permitted the third party to share via its API. This may include, for example, name, email address, profile picture, and any other data that have agreed to share.

Know Your Customer (KYC).

Access to Firebird Cloud services is subject to a compliance review process. After registration, prospective Customer may be required to provide information necessary for compliance, risk assessment, or regulatory purposes. This may include government-issued ID, corporate registration documents, proof of end-use, export control classification and other information required to evaluate eligibility to access the service.

Customer accounts are not activated until the compliance review process has been completed and approved. Only after successful completion of the compliance review Customers are granted access to Firebird Cloud infrastructure services.

Firebird may deny, restrict, or revoke access to the service if the compliance review determines that a prospective or existing Customer does not meet applicable compliance, risk management, or regulatory requirements.

Billing Information

The platform processes billing and payment information required to invoice Customers and collect payment for Firebird Cloud services. This information may include:

Billing details:

• Billing address (street, city, state/province, country, postal code)
• External email addresses for invoice delivery
• Notification preferences (invoice generated, payment processed, payment failed, promotional credits, usage summary)

Payment method details:

• Credit card number, expiration date, and CVV
• Cardholder name
• Cardholder billing address

Payment method data is collected and processed by a third-party payment processor. Firebird does not store full credit card numbers or CVV data on its own infrastructure. The payment processor handles card data in accordance with PCI DSS requirements.

Billing account details (company name, Tax ID, billing address) are stored by Firebird and used for invoicing, tax compliance, and account management.

Support Communication

Firebird collects the information the Customer provides through email, support tickets, or other communications, including message content and associated details.

1.2. Data collected by Firebird

Infrastructure Metadata

Firebird processes operational metadata related to infrastructure resources created and managed by Customers. This information may include:

• virtual machine identifiers
• GPU allocation information (type, number)
• disk and storage identifiers
• network configuration information
• other system configuration parameters (number of CPUs, RAM, OS image, attached disk, etc)
• infrastructure usage metrics

Infrastructure metadata is used to provision, monitor, maintain, and operate Firebird Cloud infrastructure services.

Operational Logs

Firebird may generate and process operational logs required for system reliability, monitoring, security, and troubleshooting. Such logs may include:

• login activity
• resource provisioning and lifecycle actions
• system errors
• infrastructure performance metrics
• security events

Operational logs may be used to maintain the reliability, security, and integrity of the platform.

Customer Content

Customers may store or process their own data within infrastructure resources provided by Firebird Cloud, including virtual machines, storage volumes (disks), and shared file systems. Firebird does not control, monitor, or determine the content of Customer Content. Firebird does not claim ownership of Customer Content stored or processed using the platform. Access to Customer Content by Firebird must be limited and may occur only when necessary for infrastructure maintenance, technical troubleshooting, security incident investigation, or compliance with applicable legal obligations.

Cookies and Tracking Technologies

The Firebird Cloud Console uses session cookies and session tokens solely for Customer authentication and session management. These are strictly necessary for the platform to function. Session cookies expire when the Customer closes their browser or when the session times out.

Third-party analytics tools (Google Analytics, Google Tag Manager), marketing trackers, or non-essential cookies are currently used on the firebird.ai website.

Purposes for Processing

Firebird processes personal data only for the purposes described below.

Data	Purpose
Account Information	Create and manage accounts, authenticate Customers, control access
Compliance / KYC data	Assess eligibility, risk, and regulatory compliance
Billing information	Invoice Customers, collect payment, meet tax obligations
Infrastructure Metadata	Provision, operate, monitor, and maintain the services
Operational Logs	Maintain security, reliability, and integrity of the platform
Customer Content	Provide compute and storage resources to the Customer
Support communications	Respond to and resolve Customer requests
Marketing and non-essential analytics	Improve and promote the services

Firebird does not sell or use personal data other than stated above.

2. Data Storage

Firebird Cloud infrastructure is hosted in Firebird’s own data center located in Republic of Armenia. All above mentioned data Firebird collects is stored and processed exclusively in Republic of Armenia. Firebird may, in its sole discretion, engage third-party service providers (sub-processors) that process data on behalf of Firebird in order to operate the platform.

3. Data Security

Firebird provides Services with strong security features to protect collected information. Firebird works hard to protect Customers and their information from unauthorized access, alteration, disclosure, or destruction of information, including:

• Encrypting information in transit
• Reviewing information collection, storage and processing practices
• Restricting access to information internally. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

4. Data Sharing

Firebird does not share any information outside the company, except:

• With Customer’s prior consent: For example Firebird may share data with marketing and analytics providers (e.g., Google Analytics) to understand and improve how Customer use the Cloud.
• With sub-processors and providers: Firebird engages third-party providers to help deliver Services such as for maintenance, auditing, payment processing, customer support, marketing, and development. These providers may access the personal data they need solely to perform their tasks on Firebird’s behalf, and they’re contractually prohibited from using or disclosing it for any other purpose.
• For legal reasons and cases prescribed by law: Firebird may disclose Customer’s information if it is necessary to:
  • Investigate, prevent, or take action on suspected or actual unlawful activities, or to assist law-enforcement agencies.
  • Enforce agreements with Customers.
  • Defend against third-party claims or allegations.
  • Protect the security or integrity of services.
  • Safeguard the rights, safety, or property of Firebird, Customers, employees, or others.

5. Data Deletion and Retention

The Customer may request closure of their account and deletion of personal data by contacting Firebird by its official contact means. Upon account termination, Customer Content remains available for retrieval during the window stated below, after which it is permanently deleted. Certain data is retained beyond account closure where required to meet legal, tax, or regulatory obligations, and is deleted once those periods expire.

Firebird retains Data for different periods of time as prescribed below depending on what it is, how it is used or how Customer configures settings.

• Account Information: retained 30 days for reactivation after closure, then deleted; billing/tax records retained 5 years for regulatory purposes.
• Compliance Review Data: retained 5 years after account closure.
• Infrastructure Metadata: retained 90 days for billing reconciliation, then deleted.
• Operational Logs: security logs retained 12 months; performance logs retained 30 days.
• Customer Content: 30-day retrieval window after account termination, then permanent deletion within 30 days.

The retention periods above apply to Firebird’s active systems. After deletion, data may persist in encrypted backups for up to 30 days, after which it is permanently overwritten.

6. Customer’s Privacy Rights

The Customer may have the following rights regarding their personal data:

• Access: view the personal data held, through the account profile in the Firebird Cloud Console, or by request to privacy@firebird.ai.
• Correction: update account and profile details directly in the Console, or by request.
• Deletion: request account closure and deletion of personal data by contacting support@firebird.ai, subject to the retention periods above.
• Data export: request a copy of personal data by contacting support@firebird.ai.

Firebird will respond to requests within 30 days.

7. Consent Required by Law

In certain jurisdictions, local laws and GDPR may require an explicit consent before Firebird processes Customer’s personal data. By accessing, browsing, or using Services, Customer agrees to the processing of personal data as outlined in this Privacy Policy. Customer may withdraw consent at any time by withdrawal, which will not affect the legality of any processing carried out before it.

For some jurisdictions no consent needed as Firebird acts strictly as a Processor with respect to all consumer personal information processed under the Terms and conditions.

8. Updates of Privacy Policy

Firebird may update this Privacy Policy from time to time. Firebird will not make any significant changes without notifying Customers in advance by posting a prominent notice on this page describing the changes or by sending a direct communication.

9. Contact Us

If you have any questions or concerns about your privacy, you may contact us by emailing us at security@firebird.ai.