coldBirds is a cold email infrastructure provider that provisions isolated mailboxes from Azure, Google Workspace, and Microsoft Outlook with dedicated IPs (1 per 3 mailboxes), auto-configured DNS, 6-hour health monitoring, and a free dedicated virtual assistant per account.

How does coldBirds isolation model work?

coldBirds uses a 1:1:1:3 isolation model — 1 workspace, 1 domain, 1 dedicated IP per 3 mailboxes. If something goes wrong, it affects only 3 mailboxes instead of your entire infrastructure.

Does coldBirds include a dedicated account manager?

Yes. Every coldBirds account gets a free dedicated VA (virtual assistant) who handles onboarding, DNS setup, troubleshooting, and ongoing support — included at no extra cost.

Privacy Policy — coldBirds

Name: coldBirds Cold Email Infrastructure
Brand: coldBirds

1. Introduction

This Privacy Policy ("Policy") is published in compliance with the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), the Digital Personal Data Protection Act, 2023 ("DPDP Act"), and — where applicable to our customers and their recipients — the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and similar data protection laws.

Elitale Softwares Private Limited (CIN: U62013RJ2023PTC089483), a company incorporated under the Companies Act, 2013, having its registered office at D2 121 A, Near Ballabh Garden, Bikaner, Rajasthan, India ("Company", "coldBirds", "we", "us", or "our"), operates the website https://www.coldbirds.com, the coldBirds web application at https://app.coldbirds.com, and the coldBirds Sequencer at https://sequencer.coldbirds.com (collectively, the "Platform"). coldBirds is a product operated by Elitale Softwares Private Limited.

This Policy describes our practices regarding the collection, use, storage, disclosure, and protection of personal data when you access or use the Platform and our cold email infrastructure services ("Services"). By accessing or using the Platform, you consent to the practices described in this Policy.

2. Definitions

Personal Data means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act, 2023 and equivalent laws.
Sensitive Personal Data or Information ("SPDI") means personal information as defined under Rule 3 of the SPDI Rules, including passwords and financial information.
Data Principal / Data Subject means the individual whose personal data is collected and processed.
Data Fiduciary / Controller means coldBirds, where we determine the purpose and means of processing personal data of our customers and visitors.
Data Processor means coldBirds, where we process personal data on behalf of a customer (for example, when the customer uploads recipient lists for their own outreach campaigns).

3. Data We Collect

3.1 Information You Provide Directly

Category	Examples	Purpose
Account & identity	Full name, business email, phone number, company name, role, country	Account creation, authentication, support, billing
Billing & financial	Billing address, GSTIN / VAT ID, transaction amount, plan details. Card / UPI / bank credentials are handled by our PCI-DSS payment processors and are not stored on our servers.	Subscription billing, tax compliance, fraud prevention
Infrastructure data	Sending domains, DNS records, mailbox provider credentials (where you grant us delegated access), IP allocations, deliverability metrics	Provisioning mailboxes, configuring DNS, monitoring health, applying auto-suspend rules
Customer content	Lead / recipient lists, campaign metadata you sync to the dashboard, support tickets, chat messages	Delivering the Services, providing analytics and support
Communications	Emails, sales-call notes, demo bookings, support correspondence	Responding to enquiries, scheduling demos, account management

3.2 Information Collected Automatically

Category	Examples	Purpose
Device & technical	Device model, OS version, browser type, screen resolution, IP address	Service optimisation, security monitoring
Usage	Pages viewed, features used, session duration, clicks, navigation paths	Product improvement, analytics, personalisation
Crash & performance	Error logs, stack traces, app performance metrics	Debugging and reliability improvements

3.3 Recipient Data Processed on Behalf of Customers

When a customer uploads or syncs recipient information (name, business email, company) to use the infrastructure we provision, coldBirds acts as a Data Processor for that recipient data. The customer is the Data Fiduciary / Controller and is responsible for having a lawful basis to contact those recipients. We process recipient data only as instructed by the customer and only for the purposes of delivering the Services.

4. Legal Basis for Processing

We process personal data on the following legal grounds, as permitted under the DPDP Act, the IT Act, GDPR, and equivalent laws:

Consent: You consent when you create an account, submit forms, subscribe to newsletters, or accept cookies.
Performance of contract: Processing necessary to provide the Services you have subscribed to.
Legal obligation: Compliance with tax, accounting, and regulatory requirements.
Legitimate interest: Fraud prevention, security monitoring, abuse detection, service improvement, and direct B2B marketing — where such interests are not overridden by your rights.

5. How We Use Your Data

Service delivery: To provision mailboxes, allocate dedicated IPs, configure DNS, monitor deliverability, and operate your dashboard.
Account management: To create and authenticate your account, manage user roles, and provide customer support.
Billing: To process subscription payments through our payment partners and issue invoices.
Communications: To send transactional notifications, health alerts, billing reminders, and (where you have not opted out) product updates and educational content.
Product improvement: To analyse aggregate usage patterns, diagnose technical issues, and improve our infrastructure and dashboards.
Security & abuse prevention: To detect spam, fraud, account compromise, and policy violations across our shared infrastructure.
Legal compliance: To comply with applicable laws and respond to lawful requests from competent authorities.

6. Third-Party Services and Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

6.1 Mailbox & Infrastructure Providers

To provision the Services we share necessary configuration data with upstream providers including Microsoft Azure, Google Workspace, Microsoft 365 / Outlook, domain registrars, and dedicated IP providers. These providers are independent controllers / processors of the data they receive and have their own privacy terms.

6.2 Service Providers (Sub-processors)

Provider	Purpose	Data shared
Amazon Web Services (AWS)	Cloud infrastructure and data storage	All Platform data (primarily ap-south-1, Mumbai)
Stripe / Razorpay	Payment processing	Billing details, transaction amount; card / bank credentials handled directly by the processor
HubSpot	CRM and marketing automation	Lead form submissions, demo bookings, sales communications
PostHog	Product analytics	Anonymised usage events, device type, session data
Sentry	Error and performance monitoring	Error logs, stack traces, browser information
Cal.com	Demo and meeting scheduling	Name, email, calendar availability, meeting metadata
Google Analytics	Website analytics	Anonymised browsing data, page views, device info
Meta & LinkedIn (Pixel)	Advertising measurement	Page views, conversion events; no financial or recipient data shared

6.3 Legal Disclosure

We may disclose personal data where required by law, or in good-faith belief that such action is necessary to: (a) comply with a legal obligation or lawful request by public authorities; (b) protect and defend our rights or property; (c) prevent fraud or illegal activity; or (d) protect the personal safety of users or the public.

6.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of substantially all of our assets, your personal data may be transferred to the successor entity, subject to the same protections described in this Policy.

7. Data Storage and Security

7.1 Storage Location

Primary customer data is stored on AWS infrastructure in the ap-south-1 (Mumbai) region. Some operational data (analytics, error monitoring) is processed by sub-processors in other regions including the EU and the United States, under the safeguards described in Section 10.

7.2 Security Measures

Encryption of data in transit (TLS 1.2 or higher).
Encryption of data at rest (AES-256).
Provider credentials and secrets stored in dedicated secret management services with strict access control.
Role-based access control limiting internal access to personal data on a need-to-know basis.
Regular security assessments, dependency scanning, and vulnerability monitoring.
Continuous abuse and intrusion monitoring.

While we implement industry-standard safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Data Retention

Data category	Retention period	Reason
Account & profile data	Duration of your account + up to 3 years	Re-activation, dispute resolution, audit
Billing & tax records	Up to 8 years from the date of transaction	Compliance with the Companies Act 2013 and tax law
Mailbox configuration & deliverability metrics	Duration of subscription + 90 days, unless deleted earlier on request	Service continuity and dispute resolution
Customer-uploaded recipient lists	Until you delete them or your account is closed	You remain in control of your lead data
Crash logs and error reports	90 days	Debugging and stability
Marketing analytics	Up to 26 months	Aggregate trend analysis

When data reaches the end of its retention period, it is securely deleted or irreversibly anonymised.

9. Cookies and Tracking Technologies

Our Website uses the following categories of cookies:

Essential cookies: Required for the Website and Platform to function (session management, authentication). Cannot be disabled.
Analytics cookies: Google Analytics and PostHog collect anonymised usage data. You can opt out via your browser cookie settings or the Google Analytics Opt-out Browser Add-on.
Advertising cookies: Meta Pixel and LinkedIn Insight Tag are used for ad measurement. Manage preferences via Meta Ad Preferences and your LinkedIn ad settings.

10. Cross-Border Data Transfers

Primary customer data is stored within India. Certain sub-processors (PostHog, Sentry, Google Analytics, Meta, LinkedIn, HubSpot, Stripe) may process limited operational data on servers located outside India, including in the European Economic Area, the United Kingdom, and the United States. Such transfers are made subject to appropriate safeguards, including Standard Contractual Clauses where required by GDPR, and only to jurisdictions or providers that maintain adequate protection standards.

11. Your Rights

Subject to applicable law (DPDP Act, GDPR, UK GDPR, and equivalent laws), you have the following rights regarding your personal data:

Right to access: Request a summary of the personal data we hold about you.
Right to correction: Request correction of inaccurate or incomplete personal data.
Right to erasure: Request deletion of your personal data, subject to legal retention obligations (Section 8).
Right to data portability: Request a structured, machine-readable export of your account data.
Right to withdraw consent: Withdraw consent at any time. Withdrawal does not affect the lawfulness of prior processing.
Right to object: Object to processing based on legitimate interests, including direct marketing.
Right to grievance redressal: File a complaint with our Grievance Officer (Section 13) or with the Data Protection Board of India / your local supervisory authority.
Right to nominate: Under the DPDP Act, nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, contact us at privacy@coldbirds.com. We will respond within 30 days.

12. Children's Privacy

coldBirds is a B2B service intended for use by businesses and their authorised representatives. The Platform is not directed at children under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@coldbirds.com and we will take steps to delete such data promptly.

13. Grievance Officer

In accordance with Section 5(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDP Act, 2023, the details of the Grievance Officer are:

Name: Dharmendra Soni
Designation: Grievance Officer
Company: Elitale Softwares Private Limited
Address: D2 121 A, Near Ballabh Garden, Bikaner, Rajasthan, India
Email: privacy@coldbirds.com

The Grievance Officer shall acknowledge your complaint within 24 hours and resolve it within 15 days from the date of receipt, in compliance with applicable laws. If you are unsatisfied with the resolution, you may escalate to the Data Protection Board of India under the DPDP Act, 2023, or to your local supervisory authority.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make material changes, we will:

Update the "Last updated" date at the top of this page.
Notify you via email or in-app notice where a material change affects your rights.
Where required by law, obtain fresh consent before processing your data under the updated terms.

15. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Elitale Softwares Private Limited
D2 121 A, Near Ballabh Garden, Bikaner, Rajasthan, India
CIN: U62013RJ2023PTC089483
Email: privacy@coldbirds.com