Applybird is fully committed to compliance with the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA), the UK GDPR for individuals in the United Kingdom, and the California Consumer Privacy Act (CCPA) for California residents.
We treat data privacy not as a compliance checkbox but as a core product principle. Our index is sourced from publicly available, professionally relevant information, and every individual has the right to have their data removed at no cost.
Applybird processes personal data for the purpose of fraud detection and prevention on the basis of legitimate interests (Article 6(1)(f) GDPR). Our legitimate interest, and that of our customers, is preventing fraud and protecting businesses and their customers from financial and identity-related harm.
We conduct and document a Legitimate Interests Assessment (LIA) on a regular basis. We process only the minimum personal data necessary for the purpose, and we always balance the individual's privacy interests against our customers' legitimate business needs.
For individuals who have opted out or submitted a removal request, we cease all processing and suppress the record to prevent re-ingestion.
You may request a copy of all personal data we hold about you in our index and in our customer systems.
You may request deletion of your personal data at any time. We will process your request within 72 hours and confirm by email.
If data we hold about you is inaccurate or incomplete, you may request that we correct it.
You may ask us to temporarily stop processing your data while a dispute or removal request is being resolved.
You may request a machine-readable export of the personal data you have provided directly to Applybird (account data).
You may object to our processing of your data based on legitimate interests. We will cease processing unless we can demonstrate compelling grounds that override your interests.
When Applybird acts as a data processor on behalf of a customer (e.g. when a customer submits data for fraud screening), we enter into a Data Processing Agreement (DPA) that meets GDPR Article 28 requirements. Enterprise customers can request a DPA by contacting legal@applybird.co.
Our sub-processors (AWS, Stripe, SendGrid) are listed in our DPA and are themselves GDPR-compliant. We conduct due diligence on all sub-processors before engaging them.
Applybird's infrastructure is hosted in the European Union (AWS eu-west-1, Ireland). Where data is transferred outside the EEA β for example, to US-based sub-processors β we rely on the EU Standard Contractual Clauses (SCCs) as the legal mechanism for transfer, in accordance with GDPR Chapter V.
Applybird has appointed a Data Protection Officer (DPO). You can contact our DPO at:
To submit a data access, removal, rectification, or any other privacy request, use our dedicated form:
We will acknowledge your request within 48 hours and respond in full within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your national supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.