legal

Privacy Policy

Last updated: August 31, 2025

 

Hirundo Ltd. (“we”, “our” or “us”) respect your privacy and recognizes that your privacy is important. Therefore, we are providing this privacy policy ("Privacy Policy") to explain our practices regarding the collection, processing, usage, and transfer of certain data, including Personal Data (as defined below), from Individuals who visit or otherwise interact with our website available at: https://www.hirundo.io/ (“Visitors” and “website”) or customers and users of our Services and Platform (“Users” and together with the Visitors defined as “you” or “your”).

This Privacy Policy is an integral part of our terms of use (“Terms”) or any other agreement referencing this Privacy Policy, and it governs the data collection, process and transfer in respect with our website, all in accordance with the relevant data protection and privacy laws and regulations. Definitions used herein but not defined herein shall have the meaning ascribed to them in our Terms.

 

  • POLICY AMENDMENTS: 

 

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of the Privacy Policy will always be posted on the website and the update date will be reflected in the “Last Modified” heading. In the event of a material change we will make best efforts to send you a written notification. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective within 30 days upon the display of the modified Privacy Policy. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

 

 

  • CONTACT INFORMATION:

 

If you have any questions or comments concerning this Privacy Policy, you are welcome to send us an email at: privacy@hirundo.io and we will make an effort to reply within a reasonable timeframe.

 

  1. DATA SETS WE COLLECT AND FOR WHAT PURPOSE:

In general, we may collect two types of data from you, depending on your interaction with us: 

Non-Personal Data

During your interaction with our website, we may collect aggregated, non-personal non-identifiable information, which may be made available or gathered via your access to and use of the website (“Non-Personal Data “).The Non-Personal Data being collected may include your aggregated usage information and technical information transmitted by your device, such as: the type of browser or device you use, operating system type and version, language preference, time and date stamp, country location, etc.  

We may disclose or share Non-Personal Information with third parties as specified below and solely if applicable.

Personal Data

We may also collect from you, during your access or interaction with the website and Platform, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data” or “Personal Information”). 

For the avoidance of doubt, if we combine Personal Information with Non-Personal Information, the combined information will be treated as Personal Information for as long as it remains combined.

We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person's health or data concerning a person’s sex life or sexual orientation (“Special Categories of Personal Data”). 

The table below details the processing of Personal Data we collect, the purpose, lawful basis, and processing operations:

 

DATA SETS PURPOSE OF USE LAWFUL BASIS UNDER THE GDPR
Online Identifiers and Telemetry Data When you interact with the website and Platform, we collect and generate online identifiers such as your IP address and online behavior data (pages viewed, clickstream, access timestamps, etc.).

We use this information:
1. To understand usage and improve the website and Platform.
2. To troubleshoot, analyze operations, maintain, innovate, and develop the Platform.
3. To resolve technical issues and provide assistance. 		Legitimate interest (operation and security).
Contact Information If you contact us, you may provide your name, email, etc.
Used to respond to inquiries, provide support, and improve customer service.
Stored as needed for assistance or dispute handling. 		Legitimate interest (responding to inquiries).
Account Information Required to create an account (name, email, supporting docs).
May also register via Google account.
Used for account setup, management, support, service delivery, communications, and authentication. 		Performance of contract (provide services and designate account).
Payment Information Includes billing details (name, address, phone, payment info).
Collected by third-party processors.
Used for billing, enabling use of services, and transaction records. 		Performance of contract; subject to legal obligations.
User Content Users may upload or share content, which may include Personal Data.
Processed solely to provide the Services, under user instructions.
Users are the data controllers. 		Processed solely subject to user instructions (Data Processing Agreement applies).

 

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in the “Cross-Border Data Transfer” Section below, is based on the same lawful basis as stipulated in the table above. 

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the website and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests. 

 

 

  • HOW WE COLLECT YOUR INFORMATION: 

 

Depending on the nature of your interaction with the Services, we may collect information as follows:

  • Automatically – we may collect directly or indirectly as part of using our website and Platform to gather information automatically, such as Non-Personal Information as well as Online Identifiers.
  • Provided by you voluntarily – we will collect Personal Data if you choose to contact us.

 

 

 

  • COOKIES & TRACKING TECHNOLOGIES

 

We use “cookies” (or similar tracking technologies) when you access or interact with the Services or the website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, for statistical purposes, as well as for advertising purposes. We only use Cookies which are necessary for the operation of the website and Platform.

 

 

  • DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:

 

We may disclose your information to the following parties for the following purposes: 

CATEGORY OF RECIPIENT DATA THAT WILL BE SHARED PURPOSE OF SHARING
Service providers All types of Personal Data Perform functions on our behalf (communications, data analysis, error detection, CRM, training). Limited use only for requested services.
Compelled disclosure Subject to your request Shared if requested by you, subject to third-party policies. May also be disclosed to comply with laws, regulations, legal processes, or governmental requests.
Enforcement of rights & security All types of Personal Data To enforce policies and agreements, defend rights, investigate violations, prevent fraud/security issues.
Affiliated Companies & Acquirer All types of Personal Data Shared in corporate transactions (merger, acquisition, asset sale). Affiliates may also process to improve services.

 

When we share information with third parties, we ensure they only have access to such information that is strictly necessary for us to provide the services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).

 

 

  • USERS RIGHTS:

 

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what Personal Data we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your Personal Data. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed. 

In the table below you can review your choices depending on your interaction with us, how you can exercise them, and appeal a decision we take in this regard. Any specification per geo-location or territory are available below the table:

RIGHT DESCRIPTION
Right to be informed Information regarding data collection and privacy practices is detailed in this Privacy Policy.
Right to access You can confirm whether we hold Personal Data, know what we hold, and receive a copy. Contact: privacy@hirundo.io.
Right to rectify You may correct inaccuracies in your data. Contact: privacy@hirundo.io.
Right to deletion You can request erasure of Personal Data under certain conditions. Exceptions include legal obligations, legitimate interests, transactions, warranties, fraud/security needs, or research. Contact: privacy@hirundo.io.
Right to data portability Obtain your Personal Data in a portable, usable format to transfer to another entity. Contact: privacy@hirundo.io.
Right to opt out We do not sell or share Personal Data in exchange for money or similar payment.
Right to appeal or lodge a complaint If we decline your request, we’ll provide justification and instructions for appeal. Additional information in section 12 (US jurisdictions).
Non-discrimination We do not discriminate against users. If you believe discrimination occurred, contact: privacy@hirundo.io.

 

 

 

  • CROSS-BORDER DATA TRANSFER:

 

Transfers of your Personal Data will be made in accordance with applicable laws. When Personal Data is transferred outside the country where it was originally collected, we will take the steps necessary (and to the extent required by applicable laws) to ensure that sufficient safeguards are provided to such data during its transfer and processing. Some of the measures implemented to safeguard your Personal Data include ensuring that the recipient is bound by specific contractual clauses approved by relevant data protection authorities to provide adequate protection for Personal Data. Where applicable, you can request a copy of the relevant contractual safeguards that we have put in place.  

 

 

  • DATA RETENTION:

 

Unless you instruct us otherwise, we retain the data we collect for as long as needed to provide the applicable services and to comply with our legal obligations. We believe in data minimization and only keep the information we truly need and only for the period of time required.

 

 

  • SECURITY MEASURES: 

 

We take great care in implementing and maintaining the security of your Personal Data. We employ industry standard procedures and policies to ensure the safety of individuals’ information and prevent unauthorized use of any such.

We have implemented technical, physical and administrative security measures to protect the Personal Data we process. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our website, and we make no warranty, express, implied or otherwise, that we will always be able to prevent such access.

Please contact us at: privacy@hirundo.io if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

 

 

  • ELIGIBILITY AND CHILDREN PRIVACY:

 

The website is not intended for use by children (the phrase "child" shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 18, and with respect to the US, under the age of 13), and we do not knowingly process children's Personal Data. We will discard any data we receive from a user that is considered a "child" immediately upon discovering that such a user shared information with us. Please contact us at‎: privacy@hirundo.io ‎if you have reason to believe that a child has shared any information with us. 

 

 

  •  ADDITIONAL PRIVACY NOTICE FOR CERTAIN UNITED STATES RESIDENTS:

 

Residents of certain U.S. states (depending on the applicable state law, acting as an individual or in the household context only and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context or as representative of a business), may have additional rights under applicable privacy laws and be entitled to additional disclosures

Personal Data” under applicable US privacy laws, generally means any information that is linked or reasonably linkable to an identified or identifiable individual (and usually does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the states laws scope.

Sensitive Data” includes data revealing racial, ethnic or national origin; religious beliefs; information regarding an individual’s medical history, mental or physical health condition, diagnosis or medical treatment; neural data; status as transgender or non-binary; sex life or sexual orientation; status as a victim of a crime; citizenship or immigration status; genetic or biometric data; Personal Data collected from a known child; and precise geolocation data. 

We are required to provide you with a clear and accessible privacy notice that includes the categories of Personal Data processed, including any Sensitive Data, the purpose of processing, the categories of Personal Data shared with third parties, the categories of third parties with whom Personal Data is shared, the categories of Personal Data that is sold or used for targeted advertising, if any, the categories of third parties to whom the Personal Data is sold, if any, a list of your data rights and instructions for exercising those rights and appealing decisions, and out contact information. This information is detailed under this Privacy Policy and further below.

Categories of Personal Data & Categories of Third Parties with Whom Personal Data is Shared:

Under the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent, unless we are otherwise entitled, required or permitted under applicable laws. 

Additionally, this Privacy Policy, details and discloses the categories of third parties we share Personal Data with for a business purposes. 

 

“Sale” of Personal Data:

Under US privacy laws, in principle, the term “sale” refers to disclosing or making available Personal Data to a third-party in exchange for monetary or other valuable consideration, including for targeted advertising purposes. We do not “sell” information as this term is commonly understood, meaning - we do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment. 

 

Consumer Rights Related to Their Personal Data:

Residents of certain U.S. states may have additional rights under applicable privacy laws, subject to certain limitations, which may include:

Access – the right to confirm whether we are processing their Personal Data and to obtain a copy of their Personal Data in a portable and, to the extent technically feasible, readily usable format.

List of Third Parties – the right to receive a list of the specific third parties to which we have disclosed either your Personal Data or any Personal Data.

Delete – the right to request us to delete their Personal Data provided to or obtained by us.

Correct – the right to request us to correct inaccuracies in their Personal Data, taking into account the nature and purposes of the processing of the Personal Data.

Opt-Out – the right to opt out of certain types of processing, including: (i) to opt out of the “sale” of their Personal Data; (ii) to opt out of targeted advertising by us; and (iii) to opt out of any processing of Personal Data for profiling in furtherance of making decisions that produce legal or similarly significant effects. However, as noted above, we do not engage in profiling in furtherance of legal or similarly significant decisions.

Appeal – the right to appeal if we decline to take action in response to your exercise of a privacy right.

Non-Discrimination – the right to not be discriminated against for exercising your privacy rights.

 

Exercising Consumer Privacy Rights:

You may submit a request to exercise most of your privacy rights under U.S. state privacy laws by sending an email to: privacy@hirundo.io

For certain rights, we will take steps to verify your identity and your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial and how to remedy any deficiencies, where applicable.

Authorized agents may initiate a request on behalf of another individual, provided that they provide proof of their authorization, and we may also require that the individual directly verify his/her identity and the authority of the authorized agent.

We will respond to your request within the timeframe required under applicable law, and we reserve the right to extend the response time subject to applicable law requirements. If we refuse to take action on a request, we will notify you and our notification will include a justification for declining to take action and instructions on how you may appeal. Within the timeframe set out under applicable law of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority or Attorney General of your jurisdiction.

 

Sale of Personal Data: We do not sell Personal Data. 

 

Consumer Rights:

Residents of certain U.S. states, including Colorado, Connecticut, Florida, Montana, Nevada, Oregon Texas, Virginia, and Utah, may have additional rights under applicable privacy laws, subject to certain limitations, which may include:

  • Access. The right to confirm whether we are processing their Personal Information and to obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format.
  • Delete. The right to delete their Personal Information provided to or obtained by us.
  • Correct. The right to correct inaccuracies in their Personal Information, taking into account the nature and purposes of the processing of the personal information.

 

You may submit a request to exercise most of your privacy rights under U.S. state privacy laws by emailing us. When you submit a request, we will take steps to verify your identity and your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial and how to remedy any deficiencies, where applicable.

 

Authorized agents may initiate a request on behalf of another individual by contacting us at privacy@hirundo.io; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.