Privacy And Data Protection
BabelBird Enterprise Drive may involve account information, organization information, files, access logs, device information, sync information, third-party login information and administrator settings. Privacy and data processing are governed by the official privacy policy, service terms, customer contract, third-party integration terms and applicable law.
Data Types
| Type | Examples |
|---|---|
| Account and identity | Name, mobile number, email, employee ID, department, role, third-party account identifier |
| Enterprise files | Files and metadata uploaded, created, edited, annotated, shared and archived by users |
| Usage and logs | Login logs, access logs, operation logs, sharing logs, sync and download records |
| Device and network | Client version, device identifier, IP, browser, operating system and sync status |
| Third-party integration | Necessary fields returned by WeCom, DingTalk, Feishu, AD/LDAP, OAuth2.0 SSO or OA systems |
Principles
- Process data as needed for service delivery, account management, security audit, troubleshooting, customer support and legal compliance.
- Access to enterprise file content should be limited by customer authorization, administrator configuration, permissions and legal requirements.
- Disclosure of customer data usually requires customer authorization or a lawful request from competent authorities.
- In private deployment, files and business data are usually stored in the customer's specified environment; the customer is responsible for infrastructure security, backup, permissions and third-party account management.
- In public cloud service, BabelBird should take reasonable technical measures to protect data; customers must manage accounts, passwords, administrators and member behavior.
Third-Party Services
When customers enable SSO, address-book sync, SMS, email, AI APIs, object storage, cloud services, payment or other integrations, third parties may process necessary data under their own terms and privacy policies. Customers should assess compliance, data scope, cross-border transfer, permissions and log-retention requirements.
Export And Deletion
At expiry, termination, migration or private-delivery completion, customers should export required data according to the contract or product rules. Public cloud retention, deletion and recovery follow the official rules, privacy policy, service terms or contract. Private-deployment deletion, backup and destruction are usually performed by customers in their own environment.