Last Updated: December 2, 2025

This Privacy Policy explains how Convoia Chat (Convoia.) collects, uses, discloses, and protects personal data in connection with your use of the Convoia Chat service (“Service”). We are committed to safeguarding your privacy and ensuring compliance with global data protection laws, including the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). By using Convoia Chat, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

Our Privacy Policy is designed to be clear and transparent. We encourage you to read this document carefully to understand what information we collect and how we handle it. If you have any questions, you can contact us using the information provided at the end of this Policy.

Definitions

For clarity in this Privacy Policy, here are some key terms (capitalized) and their meanings, consistent with usage in relevant privacy laws:

• “Personal Data” (or “personal information”) means any information that relates to an identified or identifiable individual. This includes obvious identifiers like name and email, as well as information that can be linked to a person such as an IP address or user ID.
• “Service” refers to Convoia Chat, including our website, app, and related services operated by Convoia for live chat support. It also encompasses the Convoia Chat dashboard and any content, features, or communications provided through it.
• “User”, “you”, or “your” refers to the individual or entity using Convoia Chat. For example, if you sign up on behalf of a company to embed the chat widget on your site, you includes both you as an individual user of the dashboard and your organization.
• “Customer” or “End-User” refers to individuals who interact with the Convoia Chat widget on your website e.g., your site visitors or customers who initiate chats with you. In many cases, you, as a business, are the data controller for your customers’ data, and Convoia acts as a data processor handling that data on your behalf.
• “Convoia”, “Company”, “we”, “us”, or “our” means Convoia,, doing business as Convoia Chat, located at 600 Broadway Suite 320C, Seattle, WA 98122, USA. We are the provider of the Service and the entity responsible for the processing of personal data as described in this Policy.

Any other terms that are defined in the Terms and Conditions or applicable data protection laws (such as “processor,” “controller,” etc.) shall have the same meaning when used in this Privacy Policy.

Information We Collect

We collect several types of information from and about users of the Service, including:

2.1 Personal Data You Provide Directly

Account Registration Data: When you sign up for Convoia Chat, we ask you to provide certain Personal Data to create an account. This typically includes:

• Name: Your first and last name or the name of a representative of your business.
• Contact Information: An email address required and optionally a phone number. We use your email for login, account verification, and communication purposes. We may use your phone number if provided for support or verification we do not send promotional texts unless separately agreed.
• Account Credentials: A password that you create. Note: passwords are stored in hashed form and not visible to us. We may also log your password reset questions or hints if you use such features.
• Organization Details: If you register on behalf of a company or team, we may collect the company name, your role/title, and the number of agents or team members you plan to use on the platform. This helps us tailor the service to your needs.
• Profile Details: You may have the option to add a profile photo or avatar and other preferences in your account settings. Providing these is optional. We consider this information necessary to provide you with an account and a personalized experience on Convoia Chat. Examples of personally identifiable information we collect include your email address, name, and phone number, as well as any profile details you choose to provide.
• Chat Content and Communications: The Service involves real-time messaging. When you or your agents use Convoia Chat to communicate with your end-users customers/visitors, the content of those chat conversations will be processed through our systems and stored in our databases to power features like conversation history, offline message delivery, and analytics. This content may include Personal Data if you or your customers choose to share such information during chats. For instance, a customer might provide their name, email, order number, or other personal details in the conversation. Similarly, any notes or tags you attach to conversations, and any files or images shared via the chat if that functionality is available, are collected and stored. We treat chat content as confidential and use it only to provide the Service, as described in Section 4 below. If you contact us directly e.g., through a support email or phone call, we will receive whatever information you choose to provide during that interaction. For example, if you email support, we’ll collect your email address and the contents of your message to assist you.
• Payment Information: Currently, Convoia Chat’s core features are free to use. If you opt for a paid subscription or service, we or our third-party payment processor will collect payment details such as your credit card number, billing address, and other necessary information to process transactions. We do not store full credit card numbers or CVV codes on our systems; such data is handled by our PCI-compliant payment partners. We will retain records of your transactions date, amount, service purchased for financial and auditing purposes.
• Optional Information: We may offer features that allow you to submit additional information. For example, participating in a survey, beta program, or promotional offer might require providing your feedback, testimonials, or other details. These are voluntary. If you submit a testimonial or review and allow us to post it on our site, we may display your name and any other content of your testimonial with your consent.

2.2 Information We Collect Automatically (Usage Data)

When you interact with Convoia Chat whether via our web dashboard, mobile app, or the chat widget embedded on your site, we automatically collect certain information about your device and usage of the Service. This Usage Data may include:

• Device and Technical Information: We collect data about the devices used to access the Service, such as your device type laptop, smartphone, operating system and version, browser type and version, screen resolution, and language settings. For example, we might record that a user accessed the dashboard using Chrome browser version X on Windows 10. If you use our mobile app or a tablet, we may collect device identifiers or model information.
• IP Address: We log the Internet Protocol address of the device you use to connect to the Service. This can indicate your general location (city, country). IP addresses are used for security, and to provide analytics on where our users are coming from. They may also be used to derive approximate geolocation for visitor insights in the chat.
• Service Usage Details: We record information about your activity on Convoia Chat, such as pages or screens you view, features you use, time spent on various parts of the Service, the links or UI elements you click, and the dates/times of your interactions. For instance, we might log that you viewed the “Analytics” page of the dashboard at 3:00 PM, or that you toggled a particular setting. Similarly, for chat widget interactions, we might log when a chat conversation started and ended, how many messages were exchanged, etc.
• Crash and Debug Information: If the app or site encounters an error or crash, we may collect a crash report or error log, which could include information about the state of the application at the time of the error, device identifiers, and possibly user IDs to diagnose the issue. These logs are used only to fix bugs and improve stability.
• Cookies and Tracking Technologies: Like most online services, we use cookies and similar tracking technologies such as web beacons, pixels, local storage to collect information. Cookies are small text files stored on your browser or device that help us recognize you and remember your preferences. We use cookies for purposes such as authentication to keep you logged in, tracking your session, and remembering your chat widget customization choices. We may also use cookies to gather analytics about usage or to test variations of features. You can instruct your browser to refuse cookies or delete them, but note that some Service features may not function properly without cookies.
• Example of Usage Data: If you visit our website, our servers automatically log that action. Usage Data may include information such as your IP address, browser type, the pages of our Service that you visit, the time and date of your visit, and the time spent on those pages. If you access Convoia Chat by or through a mobile device, we might collect unique device IDs, your mobile operating system, and mobile network information

2.3 Information About End-Users (Your Customers)

In providing the Service to you, we also process certain information about your end-users the individuals who chat with you via the Convoia Chat widget on your site. It’s important to note that you are responsible for ensuring your customers are informed about and consent to this data collection as required by law, since in this context you are the data controller and Convoia is a data processor/ service provider.

For each chat session initiated by a visitor on your website, Convoia Chat may collect:

• Chat Metadata: The date and time the chat started, the pages on your site where the chat was initiated, the duration of the chat, and chat ID numbers.
• Visitor Device and Location Info: Similar to the Usage Data described above, we collect the visitor’s browser type, OS, IP address, and possibly geolocation derived from the IP to show you approximate visitor location. Convoia Chat might show you in the dashboard that “Visitor 123 is from New York, using Chrome on Windows”, for example. We also capture whether the visitor is new or returning (via a cookie) and any custom attributes you configure for instance, if you integrate Convoia Chat with your site’s login, you might pass us the visitor’s name or account ID to display to your agents.
• Chat Content: All messages sent by the visitor and by your agents in the conversation, as well as any files or images exchanged, are stored. If your chat pre-form or offline message form asks the visitor to provide their name, email, phone, or other contact info, that information is collected and attached to the conversation.
• Offline Messages: If a visitor sends a message while your agents are offline utilizing an offline contact form, we collect whatever data is submitted e.g., the message content, name, email, etc. so you can respond later.

We process end-user data solely to provide the Service to you, the business user. That means we use this data to transmit the messages, display them to you, and for features like chat history search, analytics like showing you chat volumes and response times, and improving the service (e.g., to troubleshoot issues. We do not use your end-users’ data for our own independent purposes like marketing to them, nor do we “sell” it to third parties.

If an end-user of yours has privacy inquiries or requests like accessing or deleting their chat data, we will assist you in fulfilling those requests as described in Section 8 (Data Subject Rights).

2.4 Information from Third Parties

Currently, Convoia Chat does not pull in personal data about you from third-party sources since we have no third-party integrations by design. All the data we have about you should come either directly from you or from your use of our Service. However, in the future, if you choose to integrate Convoia with another service for example, connecting a CRM to import customer info, and you give us access, we may receive information from that third party as directed by you. In such cases, we will clarify in the integration setup what data is fetched and how it will be used.

We may also receive basic information from third-party identity providers if you use a single sign-on (SSO) or social login feature to register or log in for instance, if we allow “Sign in with Google,” we would receive your name and email from Google to create your account. We will only request the minimum information needed from such providers and will ask your consent at the time of using such a login method.

Finally, we might obtain contact information from public sources or marketing partners for business prospects (not for existing users) for example, acquiring a list of businesses in a certain sector to invite them to try Convoia Chat. Such information is not tied to usage of our Service and is handled separately under applicable direct marketing laws.

How We Use Your Information

We use the collected information for various purposes to operate, maintain, and enhance the Service. Under data protection laws like GDPR, we need a lawful basis to process personal data. Our use of your data is primarily based on (a) fulfilling our contract with you to provide the Service you’ve requested, (b) our legitimate interests to run and improve our Service, communicate with you, secure our platform, etc., and in some cases (c) your consent for example, if you opt in to marketing emails or (d) compliance with legal obligations. Below we outline the specific purposes:

• To Provide and Maintain the Service: We use your personal data to deliver Convoia Chat’s functionality to you. This includes using registration data to create and authenticate your account, allowing you to log in and use the dashboard. It also includes processing chat messages and related data so that you and your customers can communicate in real time. For example, we use Personal Data like your email and password to log you in, and your chat content to route messages between you and your website visitors. Without collecting and using this information, we cannot provide the core service.
• To Manage Your Account: We process personal information to manage your user account and provide you with access to features available to you as a registered user. This allows us to differentiate feature access (e.g., free vs premium features) and personalize your experience. For instance, knowing your account tier or settings helps us display the correct interface and limits. We also use your email to send important account communications like welcome emails, password reset links, or notices of essential updates. Managing your account also entails using data to handle billing if you are a subscriber, and to maintain your account preferences like notification settings, saved canned responses, etc.
• For the Performance of a Contract (Subscription Management): When you subscribe to a paid plan, we use your information to process transactions, provide the paid features, and carry out our contractual obligations to you. This can include sending payment receipts, auto-renewal notices, or assisting with any issues fulfilling the service.
• To Provide Customer Support: If you reach out to us with questions or issues, we will use your contact information and any relevant data about your use of the Service to help resolve your inquiry. For example, if you email support about a chat issue, we might look at your chat logs with your permission to troubleshoot. We may also use your feedback to improve the platform, but in doing so we would anonymize it if we share it internally beyond the support team.
• To Communicate With You: We use your contact information to send administrative or account-related communications. These include confirmations e.g., confirming account creation or changes, technical notices, security alerts like if we detect suspicious login attempts, and important Service updates. We may also send you product announcements, newsletters, or promotional communications to the extent you have not opted out. If you are in a jurisdiction that requires opt-in for marketing, we will only send you promotional emails with your consent. We may also send in-app or push notifications for certain events for example, a notification on your phone when a new chat is waiting, if you use our mobile app. You can adjust your notification preferences in your account settings.
• To Monitor, Analyze, and Improve the Service: We are continuously working to make Convoia Chat better. We use Usage Data and feedback to understand how our service is used and to identify areas for improvement. For instance, we analyze usage trends and performance metrics like average chat duration, feature utilization rates to improve functionality and user experience. We might use aggregate usage data to decide which new features to develop or to optimize the user interface. We also use data including logs and error reports to debug software issues, monitor uptime, and enhance security. Internal analytics help us ensure the Service is scalable and reliable. In certain cases, we may use third-party analytics tools like Google Analytics to assist with this, which would involve sharing some usage data but this will be covered in Section 5 (Cookies & Tracking) and we will ensure such data is de-identified where feasible.
• To Develop New Features and Services: The information we collect can inform the creation of new functionality. For example, if we notice many users manually performing a task, we might automate it. Chat transcripts in anonymized form might be reviewed to develop improved AI suggestions or training modules though currently we do not use third-party AI on your data, we might develop in-house assistive features consistent with privacy. User feedback and support inquiries often drive new feature development.
• To Enforce Our Terms and Policies: We may use data to enforce our Terms of Service and Acceptable Use Policy. This could include monitoring for fraudulent, illegal, or abusive activity. For instance, we might use automated tools to detect spam being sent through the chat and take action. We also reserve the right to review logs or content if we suspect violations of our terms while respecting user privacy and following due process. If necessary, we will use the data to investigate and mitigate misuse of the Service.
• For Legal Compliance: We will use or disclose your information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. For example, we may retain and produce certain data to respond to subpoenas or court orders if properly issued or to comply with audit obligations such as tax records for payments. Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities. Additionally, we may process your data to exercise or defend legal claims.
• To Protect Your Rights, Our Rights, and Safety: We may use and share data when we believe it’s necessary to protect the rights, property, or safety of you, Convoia, or others. For instance, we might disclose information to prevent harm or financial loss, or in connection with investigating suspected or actual illegal activity. If someone’s activities pose a threat to our systems or other users, we might use relevant data to mitigate that threat and inform affected parties or authorities consistent with applicable law.
• To Inform You of Related Services: We may use your information to inform you about services, features, or promotions that are directly related to Convoia Chat or that you have already shown interest in. For example, if you are using Convoia Chat, we might send you information about Convoia Docs another product in our portfolio or invite you to webinars on customer support best practices. We will do so in accordance with marketing laws if opt-in consent is needed, we will obtain it first. You can always opt out of such communications.
• With Your Consent, For Other Purposes: If we ever need to use your Personal Data for a purpose not covered by the above, we will ask for your consent. For instance, if we wanted to feature your success story as a case study on our website, we’d seek your permission to use your company name or logo. You have the right to withdraw consent at any time for such additional uses. We make sure that any use of personal data is proportionate and necessary for the intended purpose. We do not use personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you, without your knowledge or consent.

How We Share and Disclose Information

Convoia respects the confidentiality of your personal information. We will not sell your personal data to third parties. We only share information in the following circumstances, and always with appropriate safeguards:

• With Service Providers (Processors): We may share personal data with third-party vendors and service providers who perform services on our behalf to help run our business and provide the Service to you. These providers are bound by contractual obligations to process personal data only under our instructions and for the purposes we designate, and to protect the data appropriately. Examples of service providers include:
  • Hosting and Infrastructure: We use reputable cloud hosting providers such as Amazon Web Services or similar to store databases and run our application. Personal Data is stored on their secure servers on our behalf.
  • Email and Communication Services: We might use an email delivery service like SendGrid or Mailgun to send transactional emails verification codes, notifications to you. They would handle your email address and message content for that purpose.
  • Analytics and Monitoring: We may employ analytics services or crash reporting services to help us understand usage or troubleshoot problems. These services may receive usage data or diagnostic information. We would typically use mostly aggregated or pseudonymized data for analytics. If any personal data is sent, it’s limited to what is necessary for analysis.
  • Payment Processors: If you are on a paid plan, we use third-party payment processors to handle credit card transactions (e.g., Stripe). They receive your payment card details and billing information to process payments securely. We share the minimal information required like your email or customer ID and the transaction amount.
  • Customer Support Tools: If we use a customer support ticketing system or live chat to assist you, some of your data like contact info and support history may pass through that tool.
  • Other Contractors: In some cases, we might engage independent contractors or consultants in areas like software development, security, or compliance, who may have access to certain data in the course of their work for us. They are under NDAs and data protection obligations.

In all such cases, service providers are not allowed to use your data for their own purposes and must delete or return data to us upon our request as per our agreements with them.

• Within Our Corporate Group (Affiliates): If Convoia has affiliates, parent companies, or subsidiaries for example, if Convoia Docs is a division of a larger company, we may share your information with them if needed to operate the Service or for corporate governance. Any affiliate will uphold privacy protections equal to those of Convoia, and use of data will remain subject to this Policy. Should our corporate structure change (e.g., through a merger or acquisition), we may share information within our new group, still under this Policy’s principles.
• Business Transfers: If Convoia is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be disclosed or transferred as part of that transaction. We would only transfer what is necessary and ensure the recipient respects your Personal Data in a manner consistent with this Privacy Policy. For example, if another company acquires Convoia Chat, user data would likely be one of the transferred assets. In such an event, we will notify you for example, via email or a notice on our website of any change in ownership or use of your personal data, as well as any choices you may have regarding your personal data.
• With Business Partners (for offers you engage in): We do not currently have third-party business partners with whom we share data for joint marketing or promotional activities. If this changes for instance, a co-sponsored webinar or an integration partnership, we would only share your contact information with a partner if you choose to participate or opt-in. For example, if we co-host an event with a partner and you register, we might share your name and email with that partner for event administration. We will require such partners to respect your information and give you an opportunity to opt out of further communications from them. We will not arbitrarily give your data to advertisers or unrelated businesses.
• In Chats, With Other Users: By the nature of the Service, some information gets shared when you use Convoia Chat to communicate. If you are an agent/user on a team account, your name and possibly email may be visible to other team members in your organization’s account e.g., in agent management screens or internal notes. When you chat with a customer via the widget, that customer will see whatever profile information you choose to display for instance, if the chat interface shows the agent’s first name or avatar. If there is a group chat feature not currently, but if in future, chat content would be visible to participants. Also, any information you deliberately share with other users or on public forums like posting on our community forum or social media pages can, of course, be seen by others. We advise caution in sharing personal data in these contexts.
• With Your Consent: We may share your personal information for any other purpose you specifically consent to. If, for instance, you ask us to integrate with a third-party or provide data to a third-party service, we will do so at your direction. Another example: if we were to publish customer testimonials or case studies, we would only include identifying information with your explicit approval. You are free to revoke such consent at any time though that would not undo any sharing that has already happened, but we would cease future sharing.
• Aggregated or De-Identified Data: We may share data that has been aggregated or anonymized, so it no longer identifies you personally, with any third parties. This type of data is not considered Personal Data under this Policy because it cannot be used to identify an individual. For example, we might publish trends or insights such as “X% of Convoia Chat users are in Europe” or average response times across all users. Or we may share aggregated usage statistics with prospective customers or researchers. We ensure that such data cannot be re-linked to individuals by the recipient.
• Legal Compliance and Protection: If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, we may do so. This includes responding to lawful requests by public authorities like subpoenas, court orders, or government demands. We will evaluate each request to ensure it has a valid legal basis and only provide the minimum data necessary. We may also disclose your information to enforce our terms, investigate or defend against third-party claims or allegations, address security or technical issues, or protect the rights, property, or safety of Convoia, our users, or the public. For instance, if we believe that a user is engaged in illegal activity, we might notify law enforcement and provide relevant logs or account information.
• Important: We will not share your personal information in ways not covered by this Privacy Policy without informing you and obtaining your consent if required. Convoia does not give any third party access to your chats or account data for their own purposes. We do not sell, rent, or trade email lists or other user data with third parties for promotional purposes.

Cookies and Tracking Technologies

Convoia uses cookies and similar technologies to provide, personalize, and improve our Service, as well as to protect our users. Here we explain how we use these technologies and the choices you have.

What Are Cookies? Cookies are small text files placed on your computer or mobile device when you visit a website. Cookies serve various functions: enabling the website to remember your actions and preferences such as login, language, and other display preferences so you don’t have to re-enter them whenever you come back; helping us understand how our site is being used; and assisting in security measures. We also use other tracking technologies like web beacons tiny image files embedded in a webpage or email that track if it’s been viewed and device identifiers in our mobile app, which function similarly to cookies.

Types of Cookies We Use:

• Essential Cookies: These are necessary for the Service to function and cannot be switched off in our systems. They include, for example, authentication cookies that keep you logged in as you navigate between pages, or cookies that remember your session ID. Without these, you would have to log in repeatedly during one session, and certain features like loading your chat dashboard may not work. These cookies help authenticate users and prevent fraudulent use of accounts. Essential cookies are generally session cookies which expire when you close your browser rather than persistent cookies.
• Preferences Cookies: We use these to remember your choices and preferences, to give you a more personalized experience. For instance, if you select a language, or mute a notification sound, or collapse a menu, we might store that preference so it remains on your next visits. These cookies can also remember other customization settings in your dashboard or widget. They provide a more personal experience by remembering your preferences such as login details or UI settings to avoid re-entering them every time.
• Analytics Cookies: These cookies collect information about how users interact with our Service pages viewed, time spent, features used, etc. We use this information in aggregate form to understand usage patterns and improve our Service performance and content. For example, we may use Google Analytics or our own internal analytics to track which docs pages are most visited or how users flow through our onboarding. The data collected is typically aggregated and pseudonymized. You can opt out of Google Analytics as described below.
• Security and Performance Cookies: We may use cookies to help identify and prevent security risks. For example, we might use a cookie to determine if you are logged in from multiple devices or to throttle request rates. Performance cookies might track uptime or load times for users.
• Third-Party Cookies: Convoia Chat’s website and app currently do not serve third-party ads, and we limit third-party cookies. However, if we embed content from third-party sites like a YouTube video in a tutorial or use third-party services like our payment processor’s script, those third parties may set cookies on your browser. We aim to keep such third-party scripts minimal. Also, if you use certain integrations or social login, those providers might set cookies. We will inform you when that is the case. For instance, if we allow “Sign in with Google,” Google may set cookies to remember you.
• Web Beacons and Pixels: In addition to cookies, we may use small transparent image files or lines of code called web beacons or pixels in emails or on our site. For example, our marketing emails might contain a beacon that tells us if you opened the email, or our site might use a pixel to track a conversion like if you signed up after clicking a certain ad. This helps us gauge the effectiveness of our communications and campaigns.
• Your Choices: When you first visit our website, you will see a cookie notice if required by law (like in the EU) letting you know that we use cookies and, in some cases, giving you the option to accept or reject certain non-essential cookies. Even if not required, we provide ways to control cookies:

• Browser Controls: Most web browsers are set to accept cookies by default, but you can usually modify your browser settings to decline cookies or alert you when a cookie is being set. Use your browser’s “help” function to learn how to manage cookies. Please note: if you disable cookies entirely, the Convoia Chat website and many other websites may not function properly. At a minimum, blocking or deleting cookies might prevent you from staying logged in or using features of the Service. If you do not accept cookies, you may not be able to use some parts of our Service. We therefore recommend allowing at least essential cookies.
• Analytics Opt-Out: To opt out of Google Analytics, you can install the Google Analytics Opt-Out Browser Add-on, which prevents Google Analytics from collecting information on your visits. For our own analytics, since it’s first-party and essential to service improvement, we currently do not offer an opt-out, but rest assured we use this data responsibly and mostly in aggregate. If we use any other analytics providers, we will update this policy with opt-out links.
• Do Not Track (DNT): “Do Not Track” is a preference you can set in your browser to signal to websites that you do not want to be tracked. The web industry is currently still working on DNT standards, and there is no common understanding of how to interpret DNT. At this time, our Service does not respond to DNT signals. We will update our practices if an official standard emerges.
• Cookie Preferences on Our Site: If applicable, our site may feature a cookie consent tool where you can set preferences for different categories of cookies (like “Necessary,” “Analytics,” “Personalization”). You can revisit that tool at any time (often via a “Cookies” link in the footer) to adjust your settings.
• Local Storage: In addition to cookies, we might use local storage like your browser’s local storage or IndexedDB to store certain data e.g., caching interface preferences, storing large data for performance. This is typically used to speed up the application and reduce server load. Local storage data stays on your device. You can usually clear it by clearing your browser’s cache.
• Behavioral Targeting: Convoia Chat does not display third-party advertisements within the Service. We also currently do not engage in retargeting advertising using your data. If this changes for example, we decide to run ads on other platforms targeting Convoia users or lookalike audiences, we will update this section and ensure compliance with relevant laws including obtaining consent if needed. As of now, any advertising about our service is generic and not based on individual tracking.

We strive to be transparent about our use of cookies and tracking. If you have any questions or concerns about our cookie practices, feel free to contact us at Privacy@convoia.com.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law or legitimate business needs.

• User Account Information: If you have an account with Convoia Chat, we will retain your account information while your account is active and for a reasonable period thereafter in case you decide to reactivate the Service. Specifically, we retain your personal data for the duration of your contract or subscription with us, and afterward, we may retain certain data for a limited time. For instance, if you cancel or your account becomes inactive, we generally retain data for at least 6 months in case you return, to allow you to pick up where you left off including your chat history, settings, etc. After such period, or at your request, we will either delete or anonymize your personal data, or if neither is feasible for example, because the data is stored in backup archives, we will securely store the data and isolate it from any further use until deletion is possible.
• Chat Transcripts: The content of chats between you and your end-users is stored so that you can access past conversations and for our internal uses as described above. By default, we intend to retain chat transcripts indefinitely for your reference unless and until you delete them or request deletion, or until your account is deleted. However, we recognize indefinite retention might not always be desired by you or compliant with certain regulations, so we are building features to let you configure retention periods. If you require old chat data to be deleted, you can contact support or use any provided tools like a “Delete Conversation” function. Note that once you delete a chat transcript from your dashboard, it is permanently erased from our production systems; it may persist for a short time in our backups which are then purged on a rolling basis. We generally retain backup snapshots for disaster recovery for up to 30-60 days, after which deleted content should no longer exist even in backups.
• Transactional Records: Records of financial transactions payments, invoices are kept as long as required by accounting/tax laws typically 7 years in many jurisdictions. These records minimally include your contact info and payment amounts; sensitive payment details are not stored by us.
• Logs and Analytics: Server logs and analytics data are usually retained for a shorter period. We might keep detailed logs with IP addresses, device info, etc. for a few months up to a year for troubleshooting and security analysis. Aggregated analytics may be kept longer without personal identifiers to understand long-term trends.
• Legal Holds: If we are under a legal obligation to retain data due to an investigation, litigation, or law enforcement request, or if retention is mandated by applicable law such as records required to be kept for regulatory compliance, we will retain the data for as long as required. We will retain and use Personal Data as necessary to comply with our legal obligations for example, retaining transaction records for tax/audit purposes, resolve disputes, and enforce agreements. Once the retention period expires or the purpose for collection is fulfilled, we will either securely delete the personal data or anonymize it so it can no longer be associated with an identifiable individual.
• Data Deletion Requests: You have the right to request deletion of your personal data. Upon such request, and provided we do not have a legal obligation or overriding legitimate interest to keep the data, we will take steps to delete your personal data. There may be some latency in deleting data from our servers and backup storage, but we aim to complete requests within 30 days. If complete deletion is not possible e.g., data stored in archived backups, we will ensure it is isolated and protected until deletion is possible. Keep in mind that removal of data from our live systems does not necessarily mean that data will be deleted from all backup or archival systems immediately, but it will not be used for any active purpose moving forward.
• Usage Data: Usage Data (like site analytics) that is not tied to personal identifiers may be retained longer for historical analysis, without notice, since it doesn’t identify users. We periodically review the data we have and either delete or anonymize information that is no longer needed. Our goal is to minimize data retention to only what is necessary and beneficial to you and us.

International Data Transfers

Convoia is based in the United States, and the information we collect is stored on secure servers in the U.S. However, we serve users around the world. If you are located outside the United States, be aware that your personal data will likely be transferred to, stored, and processed in the United States and possibly other countries. These countries may have data protection laws that are different from (and possibly less stringent than) the laws of your country.

EEA/UK Users: If you are in the European Economic Area (EEA) or the United Kingdom, and we transfer personal data from the EEA/UK to a country not deemed by the European Commission (or UK authorities) to provide an adequate level of data protection (such as the U.S.), we will ensure appropriate safeguards as required by GDPR/UK GDPR are in place. Typically, this means we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (and the UK’s International Data Transfer Addendum, as applicable) to legally transfer data, along with additional technical and organizational measures as needed. We are also monitoring developments such as the EU-US Data Privacy Framework; if applicable, we may participate or use it as a basis for transfers in the future once fully in force.

Your Consent or Other Legal Bases: In some cases, international transfers may be necessary to provide the Service you’ve requested (contract performance). In other cases, we may ask for your consent for certain cross-border transfers if no other legal mechanism applies. By using Convoia Chat or providing us with your information, you consent to the transfer of your personal data to the United States and to other jurisdictions as described in this Policy. We will, however, always handle your personal data in accordance with this Policy wherever it is processed, and we will take steps to ensure it is protected in line with EU/UK standards or other applicable standards.

Service Providers and Sub-processors: As mentioned, we use cloud service providers and partners that may be based in various countries. Whenever we share EEA/UK personal data with such third parties, we contractually require them to uphold privacy protections equivalent to those under European law. For example, if our cloud provider is in the U.S., we sign SCCs with them and ensure they implement robust security. We maintain a list of sub-processors which we can provide on request, which includes their locations and the safeguards for transfer.

Data Location: Currently, our primary data storage and processing takes place in the United States for all users. We do not yet have regional data centers that keep EU data solely within the EU, for instance. If this is a concern for you or your organization, please let us know user feedback influences our roadmap, and we may consider regional hosting options in the future.

Acknowledgement: By consenting to this Privacy Policy and using our Service, you acknowledge that your information may be transferred to our facilities and those third parties with whom we share it as described, even if they are located in other countries. We take your privacy seriously and will continue to implement measures to ensure any cross-border data transfers comply with applicable privacy laws.

If you have questions about our data transfer mechanisms or need more info (e.g., want a copy of the SCCs we use), you can contact us at the email provided in the Contact section.

Your Rights and Choices

Depending on your jurisdiction and subject to applicable law, you have certain rights regarding the personal data we hold about you. We are committed to honoring your rights and have processes in place to enable you to exercise them. Below, we outline various privacy rights and how you can use them. These include rights provided under the GDPR for EU/EEA (and UK) individuals, and under the CCPA/CPRA for California residents, among others. We extend many of these rights to all our users, regardless of location, as a matter of good practice (to the extent feasible and legally permissible).

• Access Your Information: You have the right to request confirmation of whether we are processing your personal data, and if so, to request access to that data. This is commonly known as a “Data Subject Access Request.” Upon request, we will provide you with a copy of the personal data we have about you in a portable format, subject to some exceptions. In many cases, you can directly access certain information via the Service e.g., you can view your profile info and account settings, and see your chat history in the dashboard. For anything not readily available, you can contact us to request it.
• Rectification (Correction): We strive to keep your information accurate and up to date. If you believe that any personal data we are holding about you is incorrect or incomplete, you have the right to request that we correct or update it. For example, if you change your name or email address, you can usually update that in your account settings. If you have trouble, contact us and we will help make the correction. Under CPRA (California) there’s also a specific right to request correction of inaccurate personal info, which we honor similarly.
• Deletion: You have the right to request the deletion of your personal data the “right to be forgotten”, subject to certain exceptions. You may delete certain information via your account, or you can ask us to delete all personal data we hold about you. We will honor a deletion request unless we have a legitimate reason to retain the data for example, to comply with a legal obligation or for a legal claim defense, or certain business needs as allowed by law. If you request deletion, we will also instruct our service providers to delete your data from their records, as applicable. Note: deleting your data means you will lose access to the Service and your account may be closed. There are certain data we may not be able to fully delete if required to keep by law like transactional records or if stored in backups, but we will isolate and secure that data and not actively use it.
• Restriction of Processing: In some cases like if you contest the accuracy of your data or object to our processing, you have the right to request that we restrict processing of your data. This means we will stop active use of your data while the issue is resolved. For instance, if you contest some data’s accuracy, we’ll refrain from using it until we verify and correct it if needed.
• Data Portability: To the extent required by law, you have the right to obtain your personal data from us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller where technically feasible. In practice, this often overlaps with the access right. We can provide your data in a CSV or JSON file, for example, which you could then import to other services.
• Object to Processing: You have the right to object to certain types of processing. For example, if we process your data based on our legitimate interests, you can object to that and we will consider your objection. If you object to direct marketing communications, we will cease using your data for that purpose immediately we generally rely on consent for marketing anyway. If you object to processing for analytics or improvement, we will evaluate if our interest in processing outweighs your privacy rights; if not, we’ll cease the processing.
• Automated Decision-Making: We do not make any decisions about you that have legal or similarly significant effects based solely on automated processing of personal data without human involvement. If that changes, affected individuals will have the right to request human review of any such decision.
• Withdraw Consent: Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time. For example, if you consented to receive our newsletter, you can unsubscribe via the link in the email or in your account settings, or by contacting us, and we will stop sending you newsletters. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
• Non-Discrimination: If you exercise any of these privacy rights, we will not discriminate against you, deny you services, or provide you a different quality of service solely for exercising your rights. However, please note that requesting deletion of necessary data or objecting to certain processing may affect our ability to provide the Service; e.g., if you ask us to delete all your data, we cannot really continue to offer you an account.
• Exercising Your Rights: To exercise any of the rights described above, please contact us at Privacy@convoia.com or use any self-service tools we provide in your account interface. We may need to verify your identity before fulfilling certain requests for example, we might ask you to confirm from the email address associated with your account or provide some identifying info. This is to ensure that we do not grant these rights to the wrong person. We will respond to your request within the timeframes required by law typically within 30 days for GDPR requests, and 45 days for CCPA requests, with possible extension. For California residents, if we cannot fulfill a request, we will explain the reasons e.g., we do not have data on you, or an exemption applies.

Security Measures

We understand the importance of protecting your personal data and have implemented appropriate technical and organizational security measures to safeguard it against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure, so we cannot guarantee absolute security. We continually work to protect your information and regularly review and update our security practices.

• Technical Safeguards: We utilize industry-standard encryption protocols to protect data in transit and at rest. For example, our website and APIs are served over HTTPS/TLS connections, ensuring that personal data (like login credentials and chat content) is encrypted when transmitted between your device and our servers. We encrypt sensitive data at rest where appropriate. Passwords are hashed and salted using modern cryptographic algorithms, not stored in plain text. Our databases are protected by firewalls and network access controls. We employ measures such as intrusion detection systems and continuous monitoring to alert us to potential security issues.
• Access Controls: Access to personal data within our organization is restricted on a need-to-know basis. Only authorized personnel and service providers who require access to operate, develop, or support the Service have such access, and they are bound by confidentiality obligations. Internally, we use role-based access controls so that, for instance, a support agent can only access data necessary to help you and only if you permit it, whereas engineers have controlled access to systems for maintenance but not carte blanche to view user data. We train our employees about the importance of privacy and security.
• Organizational Measures: We have policies and procedures dealing with data protection and security. For example, we have incident response plans for handling potential data breaches, and we conduct periodic risk assessments and security audits. We are aiming to adhere to relevant security standards and best practices for example, if we seek any certifications or compliance frameworks, we will mention them here.
• User Responsibilities: You also play a role in keeping your data secure. We encourage you to choose a strong password and keep it confidential. Do not share your account credentials with others. If you suspect any unauthorized access to your account or any security vulnerabilities, please notify us immediately at Privacy@convoia.com. We also recommend that you keep your devices and software updated and use security features available like enabling 2-factor authentication on your email, etc. When you use our Service in a public setting like a shared computer, be mindful to log out and not save login information on the browser.
• Third-Party Services: If we integrate with third-party services for example, if you connect Convoia Chat with another app via API, the security of your data in those third-party systems is outside our control and governed by those third parties’ policies. We vet our sub-processors for their security posture, but you should also ensure you trust any service you integrate with.
• Data Breach Response: In the unlikely event of a data breach that affects your personal data, we will act promptly to identify the cause, mitigate harm, and notify affected users and relevant authorities as required by law. We have a breach response plan that includes investigating the incident, closing any security gaps, and communicating with transparency.

If you have any questions about the security of your data or wish to report a potential vulnerability, please contact us at Privacy@convoia.com.

Children’s Privacy

Convoia Chat is not intended for use by children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you are under 18, please do not use or access the Service at any time or in any manner. If we learn that we have inadvertently gathered personal information from a child under 18, we will take appropriate steps to delete it.

For users in the European Union or other jurisdictions with stricter age limits: our Service is not directed to children under the age of 16 where GDPR applies, or such other age as may be stipulated by applicable data protection law. If you are between 13 and 16 or the relevant minimum age in your jurisdiction you should only use Convoia Chat under the supervision of a parent or guardian, and with their consent.

We encourage parents and guardians to be aware of and supervise their children’s online activities. If you believe that a child under the applicable age has provided us with personal data, please contact us at Privacy@convoia.com so we can investigate and delete the information if necessary. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers.

Some aspects of our Service may involve communications or content that are not suitable for children even those above 18 without adult supervision. We expect our business users to also handle any personal data of children e.g., if a minor initiates a chat on your website in compliance with laws like COPPA Children’s Online Privacy Protection Act or similar. If you as a user integrate Convoia Chat in a service directed to children under 18, you must obtain verifiable parental consent before allowing children to use the chat, and you should not provide us with personal data of children without such consent.

If we need to rely on consent as a legal basis for processing a child’s personal data and the child is under the age where they can lawfully give consent themselves, we will require the parent’s consent and may ask for proof of age or parental authority. If your country requires parental consent for users under a certain age such as under 16 in some EU countries, we may refuse to collect or use personal data from those users until consent is obtained.

Third-Party Links and Services

Our Service may contain links to websites or services operated by third parties, or allow you to integrate or interact with third-party services. For example, our website’s blog might link to external articles, or we might offer an integration with a third-party platform. This Privacy Policy applies only to Convoia Chat and Convoia Docs’ handling of personal data. When you click on a third-party link or use a third-party service, you will be directed to that third party’s site or service. We do not control the content, privacy policies, or practices of any third-party sites or services.

We strongly encourage you to review the privacy policy of every site or service you visit or integrate with. Third-party sites may have their own cookies, data collection, and data use practices. We are not responsible for the privacy practices or content of those external sites or services.

For example, if you follow a link from our FAQ page to a tutorial on an external site, any data they collect from you by visiting that site would be governed by their policy, not ours. Similarly, if you use a third-party single sign-on to log in, the authentication and any data that provider shares with us is subject to their policy.

• Social Media and Widgets: Our Service may include social media features, like a Facebook “Like” button or Twitter widget. These features might collect your IP address and set a cookie to function properly. They are either hosted by a third party or hosted directly on our Service. Interactions with these features are governed by the privacy policy of the company providing them. We sometimes share content or posts on social networks; however, any information you provide via those official Convoia social media pages (like commenting or messaging us on Facebook, Twitter, LinkedIn, etc.) is also subject to those networks’ privacy policies.
• Third-Party Integrations: If Convoia Chat offers integrations or plug-ins that you choose to enable for instance, connecting to a CRM or Slack, etc., we may share certain data with that service per your request, as described earlier. Any data that goes to that third party is out of our control and subject to that party’s policy. We will make clear what data is shared during the setup of an integration.

In summary, this Policy does not cover any third-party websites, services, or applications. We provide links and integrations for your convenience or to enhance your experience, but it’s up to you to review their terms.

If you believe a third party linked from our Service is misusing your personal data or has an inadequate privacy practice, please let us know, but understand we may not have the ability to address it directly beyond perhaps removing the link if appropriate.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we update the policy, we will revise the “Last Updated” date at the top of this page. If the changes are significant, we will provide a more prominent notice (such as by email to account owners or by placing a notice on our website or in the product).

We will not reduce your rights under this Privacy Policy without your consent. For substantive changes (for example, if we were to start using personal data for a new purpose not previously identified, or if we change how we handle international transfers), we will either notify you and obtain your consent if required, or provide an opportunity to opt out before the changes take effect.

Any changes will become effective on the date indicated in the notice or the updated Privacy Policy. After that date, continued use of Convoia Chat by you will be taken as acceptance of those changes. We encourage you to review this Privacy Policy periodically for any updates. If you do not agree with the changes, you should deactivate your account or reach out to us to express your concerns.

For minor updates or clarifications that do not materially change your rights, we may not send out mass notifications, so please check back occasionally.

If you have any questions about changes to the Privacy Policy, you can contact us using the information below.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please feel free to contact us. We’re here to help and address any privacy or data security questions you may have.

Contact Information:

• Email: You can reach our privacy team at Privacy@convoia.com. This is the best way to contact us for privacy-related inquiries or to exercise your rights described above.
• Support: For general support questions, you may contact Privacy@convoia.com, but please use the privacy email for anything sensitive regarding your personal data.
• Phone: You may call us at (206) 787-0784. Note that phone support may be limited and not specifically for privacy queries, but we will direct you to the right channel if needed.
• Postal Mail: If you prefer, you can write to us at:
  Convoia (Convoia Chats)
  600 Broadway Suite 320C
  Seattle, WA 98122
  United States

When contacting us with a privacy question or request, please include sufficient detail for us to understand and respond (for example, the email associated with your account, and the specific request you have).

Data Protection Officer: While we may not be legally required to appoint a formal Data Protection Officer (DPO) under GDPR due to the nature of our processing, we do have a team responsible for privacy compliance. If you wish to contact our team or our designated privacy lead, you can use the Privacy@convoia.com email above and mention that it’s for the attention of the privacy team lead.

We will endeavor to respond to your inquiries as quickly as possible, typically within a few business days. For formal requests under Section 8 (Your Rights), we will acknowledge and respond within the timeframe required by law.

Thank you for trusting Convoia Chat with your communication needs. We value your privacy and work hard to protect it.