Privacy Policy MemBirds

Version: 1.1

Effective date: August 13, 2025

1. Introduction

MemBirds values your privacy highly. We only process personal data that is necessary for (improving) our services and handle the information we collect with care. Your data is never sold to third parties for commercial purposes.

This policy applies to all processing of personal data through our website, application, and related services. In this document we explain:

  • Which personal data we process
  • For what purpose and on which legal basis
  • Which sub-processors we use
  • Where your data is stored
  • Which rights you have under the General Data Protection Regulation (GDPR)

If you have any questions about this policy, you can contact us using the details at the bottom of this document.

2. Roles and responsibilities

In most cases, MemBirds is the data controller within the meaning of the GDPR. When we process personal data on behalf of our customers (for example, within their online learning environments), we act as a data processor and only process data according to their instructions. We enter into a Data Processing Agreement (DPA) with our customers in accordance with Article 28 GDPR.

3. Personal data we process

Depending on your use of our services, we may process the following data:

  • Name and contact details (email address, phone number, address)
  • Company information (company name, role, VAT number)
  • Payment details (bank account number, credit card information)
  • Usage data (IP address, browser information, login details, timestamps)
  • Communication content (messages, support requests)

4. Purposes and legal bases

We process personal data for the following purposes:

  • Service delivery: performing the agreement with our customers
  • Customer support: answering questions and providing technical assistance
  • Administration: invoicing, complying with legal obligations (accounting and tax requirements)
  • Security: protection, fraud prevention, access control
  • Marketing: only with prior consent or within existing customer relationships in accordance with the law

Legal bases: performance of a contract, legal obligation, legitimate interest, or consent.

5. Sub-processors and processing locations

We work with carefully selected sub-processors to provide our services. These parties only process personal data on our behalf under a data processing agreement.

  • Mailgun – Transactional email delivery (EU / US servers)
  • Mollie – Payment processing (EU servers)
  • ActiveCampaign – Marketing automation and email campaigns (US servers)
  • Amazon AWS – Hosting and data storage (EU / US servers)
  • Cloudflare – Security, CDN, DDoS protection (global servers)
  • Google Analytics (GA4) – Anonymous web statistics (EU / US servers)
  • Meta (Facebook Pixel) – Advertising optimization, only with consent (US servers)
  • Moneybird – Accounting and invoicing (EU servers)
  • Snelstart – Accounting and invoicing (EU servers)
  • Resend – Email delivery and notifications (EU / US servers)

Transfers outside the EEA
When personal data is transferred outside the European Economic Area (EEA), we use Standard Contractual Clauses (SCCs) approved by the European Commission and additional safeguards. This applies to sub-processors such as Mailgun, ActiveCampaign, Cloudflare, Meta, Resend, and Google Analytics.

6. Retention periods

We do not retain personal data longer than necessary for the purposes for which it was collected, unless we are legally required to retain it longer (for example, the 7-year tax retention requirement for invoicing data).

7. Security

We take appropriate technical and organizational measures to protect personal data, including:

  • SSL/TLS encryption for data transmission
  • Limited access rights for employees
  • Regular security updates and penetration testing

8. Your rights

Under the GDPR, you have the following rights:

  • Access to your data
  • Rectification of incorrect data
  • Erasure of your data (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing (including direct marketing)
  • Withdrawal of consent

You can submit a request via info@membirds.nl. We will respond within 30 days.

9. Cookies and tracking

We use functional, analytical, and (with consent) marketing cookies.

  • Google Analytics (GA4): anonymous statistics, no cross-device tracking
  • Facebook Pixel & Conversion API: only with consent, for advertising optimization

For more information or to change your preferences, see our cookie policy.

10. Data Protection Officer (DPO)

Based on our processing activities, we are not required to appoint a DPO. We reassess this periodically.

11. Changes

We may update this privacy policy. The most recent version is always available on our website. In case of significant changes, we will inform you by email.

Contact
MemBirds B.V.
Keizersgracht 520h
1017 EK Amsterdam
info@membirds.nl

Start your 14-day free trial

Discover why so many other entrepreneurs choose MemBirds to create and sell their (digital) products. Click the button below to get started.

Start free trial