Effective date: June 8, 2026
For purposes of this Privacy Policy, "Birch" means Birch Team, Inc. (a Delaware corporation) together with its EU establishment Revealbot S.L. (Spain). References to "we", "us", or "our" refer to both entities jointly, except where the context indicates a specific entity. The terms "Personal Information" and "Personal Data" are used interchangeably and have the same meaning as "personal data" under the EU General Data Protection Regulation (GDPR) and "personal information" under the California Consumer Privacy Act, as amended by the CPRA (CCPA/CPRA).
Birch knows that you care about how your Personal Information is used and shared. Please read the following to learn more about Birch Privacy Policy (“Privacy Policy”). This Privacy Policy also tells you about your rights and choices with respect to your Personal Information and how you can reach us to update your contact information or get answers to questions you may have about our privacy practices.
By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you acknowledge that Birch will collect, use, and share your information in the following ways. Remember that your use of Services is at all times subject to the Terms as set forth at https://bir.ch/legal/terms/, which incorporate this Privacy Policy. Any terms Birch uses in this Privacy Policy without defining them have the definitions given to them in the Terms.
This Privacy Policy covers Birch’s treatment of personally identifiable information (“Personal Information”) that Birch gathers when you are accessing or using Services. Birch gathers various types of Personal Information from users of Birch, as explained in more detail below, and Birch uses this Personal Information internally in connection with Services, including to personalize, provide, and improve your use of Birch and your experience of Services, to allow you to set up a user account and profile, to contact you and allow other users to contact you, to fulfill your requests for certain products and services, and to analyze how you use Services. In certain cases, Birch may also share some Personal Information with third parties, but only as described below.
This Privacy Policy covers Birch’s processing of Personal Information as a controller — that is, when we determine the purposes and means of processing (for example, when you visit our Website, create an account, or contact customer support). When Birch processes data on behalf of enterprise customers as a processor, that processing is governed by our Data Processing Agreement, available at https://bir.ch/legal/data-processing.
As noted in the Terms, Birch does not knowingly collect or solicit Personal Information from anyone under the age of 18. If you are under 18, please do not attempt to register for Services or send any Personal Information yourself to Birch. If Birch shall learn that it has collected Personal Information from a child under age 18, Birch will delete that information as quickly as possible. If you believe that a child under 18 may have provided Birch Personal Information, please contact Birch at privacy@bir.ch.
Birch is constantly trying to improve Services, so it may need to change this Privacy Policy from time to time as well, but Birch will alert you to changes by placing a notice on the Website, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from Birch (or you haven’t provided Birch with your email address), those legal notices will still govern your use of Services, and you are still responsible for reading and understanding them. If you use Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Use of information Birch collects now is subject to the Privacy Policy in effect at the time such information is collected.
Personal Information is all information that directly or indirectly (i.e. together with other information) may identify an individual. This means that a wide range of data, such as names, contact details, IP addresses, and behaviour and choices made online can be Personal Information.
Data processing is any operation or set of operations performed upon Personal Information, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, blocking, erasure or destruction of Personal Information.
We obtain Personal Information relating to you from various sources described below. Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to benefit from our Service if that information is necessary to provide you with the service or if we are legally required to collect it.
If you desire to have access to certain restricted sections of the Site or request to receive marketing materials, you may be required to become a registered user, and to submit the following types of Personal Information to Birch: your name, email address, phone number, full user name, password, city, and time zone.
We may collect information through your communications with our customer support team or other communications that you may send us and their contents.
When you make payments through the Service, you will need to provide Personal Information such as your credit card number and billing address.
In order to allow you to manage your social media ad platforms, we may ask you to provide your username, account ids, social handle, time zones, email address, and other information. This data will only be used by Birch to provide you with the Service you expect and will not be shared with any third parties.
Birch may allow you to connect a Meta page or profile to your Birch account, in which case we will access certain information from Meta regarding your account. This data will only be used by Birch to provide you with the Service you expect and will not be shared with any third parties.
We may also collect your contact details when you provide them in the context of our customer, vendor, and partner relationships.
When you use our Service, our servers automatically record information that your browser sends whenever you visit a website (“Log Data”). This Log Data may include information such as your IP address, browser type or the domain from which you are visiting, the web-pages you visit, the search terms you use, and any advertisements on which you click.
Like many websites, we also use “cookie” technology to collect additional website usage data and to improve the Site and our Service. A cookie is a small data file that we transfer to your computer’s hard disk. A session cookie enables certain features of the Site and our service and is deleted from your computer when you disconnect from or leave the Site. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Site. Persistent cookies can be removed by following your web browser's help file directions. Most Internet browsers automatically accept cookies. Birch may use both session cookies and persistent cookies to better understand how you interact with the Site and our Service, to monitor aggregate usage by our users and web traffic routing on the Site, and to improve the Site and our Service.
We may also automatically record certain information from your device by using various types of technology, including “clear gifs” or “web beacons.” This automatically collected information may include your IP address or other device address or ID, web browser and/or device type, the web pages or sites that you visit just before or just after you use the Service, the pages or other content you view or otherwise interact with on the Service, and the dates and times that you visit, access, or use the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message, to the extent permitted under applicable law.
You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Please note that if you delete, or choose not to accept, cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential.
Please review the Cookies Policy, available at https://bir.ch/legal/cookies/, and incorporated herein by reference, for a more detailed description of Birch' usage of Cookies
The placement and reading of cookies on your device is governed by Article 22.2 of Spain’s LSSI-CE (Ley 34/2002), implementing ePrivacy Directive 2002/58/EC. Strictly necessary cookies are exempt from consent. All other cookies require your prior consent via our cookie banner. The subsequent processing of any personal data collected through cookies is based on your consent under Article 6(1)(a) GDPR. You may withdraw consent at any time via Cookie Settings.
There is no uniform or consistent standard or definition for responding to, processing, or communicating Do Not Track signals. At this time, the Services do not function differently based on a user’s Do Not Track signal. For more information on Do Not Track signals, see All About Do Not Track.
Where required by applicable law, Birch recognizes and processes Global Privacy Control (GPC) browser signals as opt-out requests for the sale or sharing of Personal Information.
When you connect a third-party advertising platform (such as Meta or Google Ads) to the Services, we receive campaign performance data, advertising metrics, and account information from those platforms. This data is provided by the platform at your direction, and we process it solely to operate the Services. We inform you of this processing at the time you connect the platform and through this Privacy Policy.
Our Site contains links to other websites. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation with that third party. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. Other sites follow different rules regarding the use or disclosure of the Personal Information you submit to them. We are not responsible for the content, privacy, and security practices, and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to read the privacy policies or statements of the other websites you visit.
We may display third-party content on the Service, including third-party advertising. Third-party content may use cookies, web beacons, or other mechanisms for obtaining data in connection with your viewing of the third party content on the Service. Additionally, we may implement third party buttons, such as Meta “share” buttons, that may function as web beacons even when you do not interact with the button. Information collected through third-party web beacons and buttons is collected directly by these third parties, not by Birch. Please consult such third party’s data collection, use, and disclosure policies for more information.
We may use the Personal Information we obtain about you to:
If you are in the EEA, we process your Personal Information on the following legal bases: (a) Performance of contract (Art. 6(1)(b)): providing the Services, payment processing, customer support; (b) Legitimate interest (Art. 6(1)(f)): service improvement, security (including essential cookies necessary for website functionality), fraud prevention, enforcing our Terms, audience-matching with advertising platforms (see Advertising Partners section); (c) Consent (Art. 6(1)(a)): marketing communications (email — you may withdraw at any time by unsubscribing) and cookie-based advertising and remarketing (via cookie preferences — you may withdraw at any time through our cookie settings); (d) Legal obligation (Art. 6(1)(c)): tax, accounting, regulatory compliance.
We may disclose the Personal Information we collect about you as described below or otherwise disclosed to you at the time the data is collected, including the following:
Data obtained from Google API services is used exclusively for the purpose of facilitating file uploads to Meta for our users. This data is not used for advertising, analytical purposes, or shared with third parties.
We differentiated the sources of our data collection. Data collected from public visitors to our website may be used for targeted advertising and analytics. However, data obtained through Google API services on our authenticated platform will not be used for these purposes and is strictly limited to improving the file upload service to Meta.
We engage certain third parties to perform functions and provide services to us, including hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer relationships, database storage and management, and direct marketing campaigns. We may share your Personal Information with these third parties, but only to the extent necessary to perform these functions and provide such services. We also contractually require these third parties to maintain the privacy and security of the Personal Information they process on our behalf.
To deliver advertising for Birch’s own services, we share certain Personal Information with advertising platforms used for our own marketing; the current list of such platforms is maintained in our Cookie Policy. This sharing includes hashed email addresses uploaded for audience-matching programs and conversion or pixel data tied to identifiable users. Hashed identifiers remain personal data under GDPR where re-identification is reasonably possible. In the EEA, the uploading of email addresses to these audience-matching programs is based on our legitimate interest in marketing our services to existing and prospective users (Art. 6(1)(f) GDPR); you may object at any time by contacting us at privacy@bir.ch, through our cookie preferences, or by using the opt-out mechanisms described below. Cookie-based conversion and pixel tracking requires your prior consent under applicable ePrivacy rules, which is collected through our cookie banner. Under the California Consumer Privacy Act (as amended by the CPRA), this activity constitutes “sharing” for cross-context behavioral advertising. You may opt out of this sharing at any time by using the “Do Not Sell or Share My Personal Information” link on our Website, by adjusting your cookie preferences, or by contacting us at privacy@bir.ch.
Advertising platforms as independent controllers. When you instruct us to upload hashed customer contact data to advertising platforms (Meta, Google, TikTok, Snapchat) for audience matching, those platforms receive and process that data under their own terms and for their own purposes as independent third-party controllers; the specific platforms are listed in our Cookie Policy. Where a platform’s own terms characterize a particular feature as joint controllership, that arrangement is governed by the platform’s terms directly between you and the platform. You may exercise your GDPR rights against Birch (privacy@bir.ch) or directly against the platform using the contact details in its privacy policy.
Birch cooperates with government and law enforcement officials or private parties to enforce and comply with the law. To the extent permitted under applicable law, we may disclose any information about you to government or law enforcement officials or private parties as we believe is necessary or appropriate to investigate, respond to, and defend against claims for legal process (including subpoenas), to protect the property and rights of Birch or a third party, to protect Birch against liability, for the safety of the public or any person, to prevent or stop any illegal, unethical, fraudulent, abusive, or legally actionable activity, to protect the security or integrity of the Service and any equipment used to make the Service available, or to comply with the law.
Birch may sell, transfer or otherwise share some or all of its assets, including Personal Information, in connection with a merger, acquisition, reorganization, sale of assets, or similar transaction, or in the event of insolvency or bankruptcy. We will notify you of any such transfer in accordance with applicable law.
Data obtained from Google API services will not be shared with our headquarters, affiliates, or business partners and is exclusively used for the service it is intended for.
We may share Personal Information with our headquarters and affiliates, and business partners to whom it is reasonably necessary or desirable for us to disclose your data for the purposes described in this Privacy Policy. We may also make certain non-personal Information available to third parties for various purposes, including for business or marketing purposes or to assist third parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and functionality available through the Service.
We employ administrative and electronic measures designed to appropriately protect your Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. Please be aware that no security measures are perfect or impenetrable. We cannot guarantee that information about you will not be accessed, viewed, disclosed, altered, or destroyed by breach of any of our administrative, physical, and electronic safeguards, subject to requirements under applicable law to ensure or warrant information security.
We will make any legally required disclosures of any personal data breach affecting your Personal Information to you via email or conspicuous posting on our Site without undue delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system, and any other disclosures that may be required under applicable law.
We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
The following retention periods apply to Personal Information Birch processes as a controller (account profiles, usage logs, support records, and payment information). Account Data: for the duration of the account and for no longer than necessary thereafter to meet legal, accounting, and dispute-resolution obligations. Payment Records: as required by tax/accounting laws (typically 7 years). Log and Usage Data: retained as long as necessary for product improvement and security. Marketing Consent Records: duration of consent plus a reasonable compliance period. Customer Support Records: retained as long as necessary to resolve disputes or as required by applicable law (retention aligned with applicable statutes of limitations). Partner/Affiliate Data: duration of the partner agreement plus a reasonable post-termination period aligned with applicable statutes of limitations. For Personal Information processed on behalf of enterprise customers, retention and deletion are governed by the Data Processing Agreement.
Birch Team, Inc., our primary data controller, is based in the United States; our EU establishment, Revealbot S.L., is based in Spain. Personal Information that we collect may be transferred to and stored at any of our affiliates, partners, or service providers, which may be inside or outside the European Economic Area (“EEA”) and Switzerland, including the United States. Personal Information you provide directly to Birch Team, Inc. in the United States (for example, when you register for or use the Services) is collected under Article 3 GDPR and does not constitute an international data transfer under Chapter V GDPR (see EDPB Guidelines 05/2021). The intra-group flow between Revealbot S.L. and Birch Team, Inc. operates in the context of S.L.'s EU establishment under Article 3(1) GDPR; where Standard Contractual Clauses apply as an additional safeguard, Module 4 (Processor-to-Controller) is the mechanism. Onward transfers from Birch Team, Inc. to service providers located outside the EEA rely on an adequacy cascade: where the recipient is self-certified under the EU-U.S. Data Privacy Framework (and, where applicable, the Swiss-U.S. Data Privacy Framework), that certification is the primary transfer mechanism; otherwise, the European Commission's Standard Contractual Clauses (Decision 2021/914) apply. For transfers subject to UK or Swiss data protection law, the UK International Data Transfer Addendum (IDTA) or Swiss-adapted Standard Contractual Clauses, as applicable, apply. You may request information about the applicable safeguards by contacting privacy@bir.ch.
In certain jurisdictions, you have the right to request access and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or object to the processing of your Personal Information, to have the information blocked, anonymized or deleted, as appropriate, or to exercise your right to data portability to transfer your Personal Information to another company. Those rights may be limited in some circumstances by local law requirements. In addition to the above-mentioned rights, you also have the right to lodge a complaint with a competent supervisory authority subject to applicable law. Where the GDPR applies to a particular request, Birch responds without undue delay and in any event within one (1) month of receipt of the request; this period may be extended by two further months where necessary, taking into account the complexity and number of requests, and Birch will inform you of any such extension within one (1) month of receipt together with the reasons for the delay.
Right to object to direct marketing (Art. 21(2) GDPR). You have the absolute right to object at any time to processing of your Personal Information for direct marketing purposes, including any related profiling by our advertising partners. Once you object, we will cease further uploads and request removal from active audiences as permitted by the platform. You can exercise this right by using the opt-out mechanisms described in the Advertising Partners section or by emailing privacy@bir.ch. Opting out will not affect your access to the Services; you may still see non-personalized Birch advertising.
Where required by law, we obtain your consent for the processing of certain Personal Information collected by cookies or similar technologies, or used to send you direct marketing communications or when we carry out other processing activities for which consent may be required. If we rely on consent for the processing of your Personal Information, you have the right to withdraw it at any time and free of charge. When you do so, this will not affect the lawfulness of the processing before your consent withdrawal.
To update your preferences, ask us to remove your information from our mailing lists, delete your account, or submit a request to exercise your rights under applicable law, please contact us at privacy@bir.ch.
Depending on your state of residence, you may have the right to opt out of the “sale” of your personal information, “sharing” for cross-context behavioral advertising, and the use of your personal information for “targeted advertising” (as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) and similar US state privacy laws). Birch treats Customer Match and Custom Audience uploads as activity that may fall within these categories and offers a single opt-out mechanism covering all of them. We also honor the Global Privacy Control (GPC) browser signal as a valid opt-out request for users in states that recognize universal opt-out mechanisms. To exercise other rights granted by applicable US state privacy laws — including access, deletion, correction, and portability — see the rights section above.
The California Consumer Privacy Act ("CCPA") provides you with rights regarding how your Personal Information is collected, used, and shared. Birch Team, Inc. ("Birch") is committed to ensuring your data privacy in compliance with the CCPA.
If you are a California resident, you have the right to:
Rights available to you depend on your state of residence and applicable law; California residents additionally retain a private right of action for certain data breaches under the CCPA.
You may exercise your right to opt-out of the sale or sharing of your Personal Information by contacting us at privacy@bir.ch or using the “Do Not Sell or Share My Personal Information” link on our Website. Where required by applicable law, if your browser sends a Global Privacy Control (GPC) signal, we will treat it as a valid opt-out request.
To exercise your CCPA rights, contact us using the following methods:
Please include "CCPA Request" in your email subject line and provide sufficient information to verify your identity. We will respond to verifiable requests within 45 days, as required under the CCPA.
The categories of Personal Information we may collect include:
You may designate an authorized agent to make a CCPA request on your behalf by providing written permission or proof of power of attorney. We may require verification of your identity and confirmation of the agent's authority.
Birch is responsible for processing your Personal Information. If you have any questions or comments regarding this Privacy Policy, or if you would like to exercise your rights to your Personal Information, you may contact us by emailing us at privacy@bir.ch or by writing to us at:
440 N Barranca Ave #3223Covina, CA 91723UNITED STATES
If you are in the EEA, the UK or Switzerland, you may also contact our EU establishment:Revealbot S.L.Corsega 211, 08036 Barcelona, Spain