Privacy Policy

Last Updated: February 10, 2026

WELCOME TO CONVOV! THIS PRIVACY POLICY ("POLICY") OUTLINES HOW WE COLLECT, PROCESS, SHARE, AND PROTECT YOUR PERSONAL DATA WHEN YOU USE OUR WEBSITE HTTPS://CONVOV.COM ("WEBSITE") AND OUR RELATED SERVICES ("SERVICES"). THIS POLICY APPLIES TO BOTH USERS OF OUR SERVICES AND INDIVIDUALS WHOSE DATA MAY BE PROCESSED THROUGH OUR PLATFORM. PLEASE READ THIS POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR PERSONAL DATA AND YOUR RIGHTS REGARDING IT.

1. Personal Data We Collect

1.1. Personal Data You Provide:

Account Information: When you create an account, we collect your name, email address, password, and organization details to maintain your account.

Contact Information: Any Personal Data you provide through emails, contact forms, or other communications.

Demo Requests: When you submit a demo request, we collect the information you provide (e.g., name, email, company) to fulfill your request. We may contact you regarding the demo and related follow-up. We process and store this information using our systems and service providers.

Support Information: Details provided when requesting technical support.

Financial Information: If you purchase a subscription, we collect payment information through secure providers like Stripe. New accounts may receive a limited number of complimentary calls before charges apply; we track call usage to determine when the complimentary allotment is exhausted and billing begins. The number of complimentary calls is subject to change at Convov's discretion.

Integration Credentials: Authentication tokens for third-party services you connect (such as CRM platforms) which are securely encrypted.

1.2. Information Collected Automatically:

Cookies and Similar Technologies: We use essential cookies for platform functionality, analytics cookies to improve our services, and may use marketing cookies with your consent.

Device and Usage Information: Information about your device, browser, IP address, and how you use our Services.

Meeting Metadata: Information about sales calls including participant names, meeting titles, dates, and durations from connected platforms.

Call Transcripts: Text transcripts from sales calls that we temporarily process to extract CRM data.

Log Data: Server logs recording technical information, error messages, and system performance data.

2. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds:

  • Contractual Necessity: To provide our Services, manage your account, and fulfill our contractual obligations.
  • Legitimate Interests: For business operations, platform improvement, security monitoring, and customer support.
  • Consent: For marketing communications and non-essential features (which you can withdraw at any time).
  • Legal Obligations: To comply with applicable laws, regulations, and legal processes.

3. How We Use Your Personal Data

We use your data for the following purposes:

  • To Operate and Administer Services: Manage your account, process call transcripts, extract CRM data, and sync with your chosen CRM systems.
  • To Improve and Personalize Services: Analyze usage patterns, develop new features, and enhance Platform security and performance.
  • For Marketing: Send promotional materials about our Services. You can opt out of marketing communications.
  • For Legal Compliance: Fulfill legal obligations and protect our rights and interests.
  • For Security: Monitor for fraud, abuse, and security threats to protect our Platform and users.

4. Third-Party Service Integration and Data Protection

We integrate with various third-party services to provide our core functionality and comply with strict data protection standards.

Strict Usage Guidelines

When accessing data through third-party APIs (e.g. CRM platforms, meeting and transcript services, and AI processing services), we follow strict usage policies. This data is used strictly to power user-facing features that are visible and prominent within our platform interface, such as CRM data extraction, meeting analysis, and automated data synchronization. These features are core to our Services and cannot function without this data.

Data Sharing Restrictions

  • Your data is never sold to any party
  • Advertising networks have no access to your data
  • External service access is limited strictly to what's required for platform operations
  • Usage is restricted to essential platform functions that enable CRM automation

We do not allow human access to your call transcripts or CRM data except:

  • With your affirmative consent for specific use cases (e.g., manual support troubleshooting),
  • When required to investigate technical issues or bugs,
  • To comply with applicable law,
  • Or in aggregate form for internal operations that meet privacy requirements.

All such access, if necessary, is logged and strictly limited to authorized personnel.

We do not:

  • Use your data for ad targeting, retargeting, or personalized advertising.
  • Sell or transfer your data to advertising platforms, data brokers, or information resellers.
  • Use your data for determining credit-worthiness or for lending purposes.

AI Training Restrictions

Your call transcripts and CRM data are protected from AI/ML training applications. We never use them for:

  • Training or enhancing AI/ML models of any kind
  • Building or improving general AI systems
  • Analytics or data mining beyond essential platform operations

Third-Party API Access and Usage

Our service integrates with various APIs to provide core functionality. Here's how we use specific integrations:

Meeting Platform Integration

Meeting platform and recording access: We access meeting recordings and transcripts to:

  • Extract structured CRM data from sales call content
  • Analyze conversations for sales insights
  • Automatically populate CRM fields with relevant information

CRM System Integration

Salesforce/HubSpot Access: We use this integration to:

  • Synchronize extracted meeting data with your CRM
  • Update contact and deal information
  • Create and modify CRM records based on call insights

AI Processing

AI Processing Services: Used to:

  • Process call transcripts and extract structured data
  • Analyze conversation content for CRM-relevant information
  • Generate insights and summaries from meeting content

Important Note About Call Transcript Data:

While we process your call transcripts to provide our services, we:

  • Never store complete transcript content long-term
  • Do not share your transcripts with third parties beyond authorized CRM integrations
  • Only process transcript data temporarily for the explicit purpose of CRM data extraction
  • Automatically delete transcripts after processing is complete

AI Processing Limitations: Our AI processing may occasionally produce inaccurate or incomplete results. You are solely responsible for reviewing and verifying all AI-extracted data before using it for business decisions. We disclaim liability for business decisions made based on AI-processed information.

5. Data Storage and International Transfers

Your data is stored primarily in the United States through our service provider Supabase. We may transfer data to other jurisdictions as necessary to provide our Services.

When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by relevant authorities
  • Adequacy decisions by applicable data protection authorities
  • Other legally recognized transfer mechanisms

Data Processing Roles: Convov acts as a data processor when handling call transcripts and meeting data on your behalf. You remain the data controller and are responsible for lawful data collection and obtaining necessary user consents for call recording and processing.

6. Data Retention

We retain personal data for specific periods based on the type of data and legal requirements:

  • Account and Profile Data: Duration of active subscription plus 30 days after termination
  • Call Transcripts: Processed temporarily and automatically deleted after CRM data extraction (typically within 24 hours)
  • Meeting Metadata: Retained for billing and service provision purposes, including tracking call usage against any complimentary allotment, for 12 months after account termination
  • Billing Records: 7 years for tax and accounting compliance
  • Support Tickets and Communications: 3 years after resolution
  • Usage Logs and Analytics: 12 months in identifiable form, indefinitely in anonymized form
  • Legal Hold: Data may be retained longer if required for legal proceedings or regulatory compliance

Upon account termination, all customer data is immediately and permanently deleted from our systems, except as specified above or required by law.

7. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for platform functionality, account authentication, and security.
  • Analytics Cookies: Help us understand how users interact with our Platform to improve services.
  • Marketing Cookies: Used with your consent for promotional communications and advertising.

You can manage cookie preferences through your browser settings. Disabling essential cookies may limit platform functionality.

Third-Party Cookies: Our Platform may include cookies from integrated services (e.g. CRM and analytics providers). These are governed by the respective providers' privacy policies.

8. Your Privacy Rights and Choices

8.1. General Rights:

  • Access: Request copies of your personal data
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request your data in a portable format
  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Marketing Communications: Opt out of promotional emails and communications
  • Integration Management: Connect, disconnect, or modify third-party integrations

8.2. California Consumer Privacy Rights (CCPA/CPRA):

If you are a California resident, you have additional rights including:

  • Right to know what personal information is collected and how it's used
  • Right to delete personal information (with certain exceptions)
  • Right to correct inaccurate personal information
  • Right to limit the use and disclosure of sensitive personal information
  • Right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising CCPA rights

8.3. European Privacy Rights (GDPR):

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights including all those listed in Section 8.1 above, plus:

  • Right to lodge a complaint with your local supervisory authority
  • Right to withdraw consent for consent-based processing
  • Right to data portability in machine-readable format

8.4. Exercising Your Rights:

To exercise any of these rights, contact us at legal@convov.com with "Privacy Request" in the subject line. Include:

  • Your full name and email address associated with your account
  • Specific request (access, deletion, correction, etc.)
  • Verification information to confirm your identity

We will respond to privacy requests within 30 days (or as required by applicable law) and may request additional verification for security purposes.

9. Children's Privacy

Our Services are not intended for children under 18. We do not knowingly collect any personal data from children. If we learn that we have collected data from a child, we will take steps to delete it immediately and terminate any associated account.

10. Data Security

We implement comprehensive physical, technical, and administrative safeguards to protect your personal data, including:

  • Encryption of data in transit and at rest using industry-standard protocols
  • Access controls and multi-factor authentication for system access
  • Regular security assessments, monitoring, and vulnerability testing
  • Employee training on data protection practices and confidentiality obligations
  • Incident response procedures and security breach protocols

However, no online transmission or storage is completely secure. You are responsible for maintaining the security of your account credentials, using strong passwords, and enabling two-factor authentication where available.

Data Breach Response: In the event of a data security incident affecting personal information, we will notify affected users and relevant authorities within 72 hours as required by law, providing details about the incident, data involved, and remedial steps being taken.

11. Third-Party Services and Limitations

Our Services integrate with third-party platforms such as CRM and meeting or communication services. We are not responsible for their privacy practices, data security, or service availability. Review their privacy policies before connecting these services.

Third-Party Service Risks: Our Platform depends on third-party services for core functionality. Service interruptions, data loss, security incidents, or changes in terms at these providers may affect Platform functionality. We disclaim liability for issues arising from third-party service problems.

We do not transfer your data to third parties except:

  • For core functionality that is visible and prominent in the application
  • With your explicit consent through integration authorization
  • As required by law or valid legal process
  • To authorized service providers under strict confidentiality and data protection agreements

12. Geographic Restrictions and Compliance

Our Services may not be available in all jurisdictions due to local laws or regulations. Users are responsible for ensuring their use of our Services complies with applicable local data protection and privacy laws.

We reserve the right to restrict access from jurisdictions where providing our Services would violate local laws or our ability to comply with legal obligations.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will:

  • Post the updated Policy on our Website
  • Send notification to your account email address at least 30 days before changes take effect
  • Maintain a version history showing material changes between policy versions

Your continued use of our Services after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you may terminate your account before the effective date.

14. Data Protection Officer and Contact Information

For privacy-related inquiries, data subject requests, or concerns about our data practices:

  • Privacy Requests: legal@convov.com
  • Data Protection Officer: legal@convov.com
  • General Inquiries: support@convov.com

Emergency Privacy Contacts: For urgent privacy matters requiring immediate attention, contact legal@convov.com with "URGENT PRIVACY" in the subject line.

Convov, Inc.
1111B South Governors Ave STE 28793
Dover, DE 19904
United States

legal@convov.com

We will acknowledge receipt of privacy requests within 5 business days and provide a substantive response within 30 days (or as required by applicable law).

15. Supervisory Authority Contact

EU/UK residents may contact their local data protection authority if they have concerns about our data processing practices that we have not adequately addressed.

Effective Date: February 10, 2026

For questions about this Privacy Policy or our data practices, please contact our privacy team at legal@convov.com.