Skip to main content
Privacy

How Hummingbird handles your data

Hummingbird App Inc. ("Hummingbird", "we") builds release automation tooling. We collect only the data we need to provide and improve Hummingbird. This Privacy Notice explains what we collect, how we use it, how long we keep it, and the choices available to you.

We comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial laws, and U.S. state privacy laws when they apply to our processing. Where other jurisdictions grant additional rights, you can exercise those through the contact methods on this page. Questions? Email privacy@hummingbird-app.com.

Effective January 1, 2026

Personal data we collect

  • Account & workspace information. Names, work emails, role selections, authentication identifiers, billing contacts, and subscription history supplied during signup, waitlist requests, and onboarding.
  • Product artifacts. URLs monitored, device scope, visual captures, diff labels, narrative drafts, reviewer captions, run telemetry (timestamps, diff scores, adapter status), and evidence bundles generated by the service.
  • Communications. Support tickets, sales conversations, survey responses, and marketing preferences submitted through our forms or email.
  • Usage analytics. Event logs, feature flags, and cookie-based insights about how users navigate the app and marketing site. We never collect sensitive biometric, health, or government identifier data.

How and why we use personal data

We process personal data for purposes permitted under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), relevant provincial laws, and other applicable regulations. Depending on context, our legal bases include consent, performing a contract, and legitimate interests balanced against your rights.

  • Delivering the service. Authenticate users, provision workspaces, run captures, generate artifacts, and provide customer support.
  • Product improvement. Analyse aggregated telemetry to maintain adapter accuracy, detect abuse, and improve stability guardrails. We use de-identified or aggregated information wherever possible.
  • Sales & marketing. Honour waitlist requests, send onboarding emails, and measure campaign performance when you opt in. You can unsubscribe at any time.
  • Compliance. Maintain audit logs, respond to lawful requests, enforce our Terms, and protect Hummingbird, our customers, and the public from fraud or security threats.

Sharing & international transfers

  • Service providers. We rely on vetted vendors such as hosting (currently AWS Canada & AWS USA regions), analytics, and customer relationship tools to operate the platform. Vendors only access personal data to perform services on our behalf and must observe contractual confidentiality and security requirements.
  • Cross-border processing. Data may be stored or accessed outside your province or country, including the United States. We implement contractual safeguards (such as Standard Contractual Clauses) and technical controls to protect the data, and we remain accountable for onward transfers under PIPEDA.
  • Legal obligations. We may disclose information if required by law, to respond to lawful requests, or to protect rights, safety, or property.
  • Business changes. If we undergo a merger, acquisition, or asset sale, we will notify you and ensure equivalent protections continue to apply.

Retention & deletion

Hum artifacts and telemetry are retained for 30 days by default. Workspace admins can delete individual hums at any time. Enterprise plans allow custom retention schedules and regional storage. Waitlist and marketing records are erased upon request or when they are no longer needed. When we delete data, we follow documented procedures to remove it from live systems and scheduled backups within a commercially reasonable timeframe.

Security safeguards

  • Encryption. All data is encrypted in transit (TLS 1.2+) and at rest using managed keys.
  • Access controls. Role-based access, audit logging, and least-privilege practices govern employee and vendor access.
  • Operational safeguards. Security reviews, incident response playbooks, and ongoing control checks help us maintain resilience. We will notify affected customers and regulators as required by law if a breach occurs.

Your rights & choices

  • Access & correction. Request a copy of the personal data we hold about you, or ask us to update inaccurate information, by emailing privacy@hummingbird-app.com.
  • Deletion. Remove individual hums in product or ask us to delete your account or marketing profile. Subject to legal obligations, we will comply within 30 days.
  • Preferences. Update marketing consent through unsubscribe links or workspace notification settings. Cookie controls are available in your browser and within the app where required.
  • Global rights. If you are in the EU/EEA, UK, or other jurisdictions with specific privacy rights, you may exercise portability, objection, or restriction rights by contacting us. We will honour those requests in line with local law.

Contact & complaints

Hummingbird App Inc. is the data controller. Email our Privacy Officer at privacy@hummingbird-app.com. If we cannot resolve a concern, Canadian residents may contact the Office of the Privacy Commissioner of Canada or their provincial regulator, and EU/UK residents may contact their supervisory authority. U.S. residents may raise privacy complaints with their applicable state authority; we will cooperate with those regulators as required.

We will update this Notice when practices change and will notify workspace owners before material updates take effect. Contains information adapted from open policies dedicated to the public domain (CC0).