Legal

Privacy Policy

Your privacy matters to us. This policy explains how Convify.Ai collects, uses, stores, and protects your information when you use our platform.

Last updated: May 2026

1. Information We Collect

1.1 Account Data

When you register for a Convify.Ai account, we collect your name, email address, password (stored as a secure hash), organization name, and any other information you voluntarily provide in your profile. If you sign up via a third-party authentication provider (such as Google), we receive your basic profile information from that provider.

1.2 Usage Data

We automatically collect information about how you interact with our Service, including pages visited, features used, actions taken, timestamps, IP address, browser type and version, operating system, device information, and referring URLs.

1.3 Chatbot Training Content

When you create a chatbot, we collect and process the content you provide for training purposes. This includes website URLs you submit for crawling, documents you upload (PDFs, text files, etc.), custom Q&A pairs, and any other training materials. This content is used to generate vector embeddings that power your chatbot's responses.

1.4 Visitor Interaction Data

When end users interact with your embedded chatbot, we collect conversation data (messages sent and received), visitor metadata (IP address, browser, device, referrer page), timestamps, and any information the visitor voluntarily provides during the conversation (such as name or email in a lead capture form).

1.5 Payment Information

When you subscribe to a paid plan, payment information (such as credit card details, billing address, and transaction history) is collected and processed by our payment provider, Razorpay. We do not store full payment card details on our servers. We retain only a transaction reference, plan details, and billing status.

2. How We Use Information

We use the information we collect for the following purposes:

  • Service delivery: To create and manage your account, provide chatbot functionality, process content for training, generate AI-powered responses, and deliver the core features of the platform.
  • Billing and payments: To process subscriptions, issue invoices, and manage your billing relationship.
  • Communication: To send you service-related notifications, updates, security alerts, and support messages. With your consent, we may also send marketing communications.
  • Analytics and improvement: To understand usage patterns, monitor performance, diagnose technical issues, and improve our Service.
  • Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
  • Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

We process your data based on the following legal bases: performance of a contract (providing the Service), legitimate interests (improving and securing the Service), consent (marketing communications), and legal obligations.

3. Data Storage & Security

Your data is stored securely using Supabase, which provides a managed PostgreSQL database with enterprise-grade security features. We implement the following security measures:

  • Encryption at rest: All data stored in our database is encrypted at rest using AES-256 encryption.
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Row Level Security (RLS): We use Supabase Row Level Security policies to ensure users can only access their own data at the database level.
  • Access controls: Strict access controls and authentication mechanisms are in place for all system components.
  • Regular backups: Automated database backups are performed regularly to prevent data loss.

While we implement industry-standard security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

4. Third-Party Services

We use the following third-party services to operate our platform. Each has its own privacy policy governing the use of your information:

OpenAI

Powers AI chatbot responses. Chat messages and training content are sent to OpenAI's API for processing. OpenAI does not use this data to train their models when accessed via their API.

Supabase

Provides database, authentication, file storage, and vector search infrastructure. All user data, content, and embeddings are stored in Supabase.

Razorpay

Processes payments and manages subscriptions. Payment card data is handled directly by Razorpay and is never stored on our servers.

Analytics

We may use analytics services to understand usage patterns and improve the Service. These services may collect anonymized usage data and device information.

We only share the minimum data necessary with each third-party service to fulfill its purpose. We do not sell your personal data to any third parties.

5. Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience on our platform. The types of cookies we use include:

  • Essential cookies: Required for the Service to function properly, including session management and authentication. These cannot be disabled.
  • Functional cookies: Remember your preferences, settings, and customizations to provide a personalized experience.
  • Analytics cookies: Help us understand how users interact with our Service so we can improve it. These collect anonymized usage data.

The Convify.Ai chat widget installed on your website may set a cookie to identify returning visitors and maintain conversation continuity. This cookie contains only a randomly generated identifier and no personal information.

You can manage your cookie preferences through your browser settings. Please note that disabling essential cookies may affect the functionality of the Service.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods include:

  • Account data: Retained for the duration of your account plus 30 days after deletion.
  • Chatbot training content: Retained while your chatbot is active. Deleted within 30 days of chatbot or account deletion.
  • Conversation logs: Retained based on your plan settings (default: 90 days). You can configure shorter retention periods or manually delete conversations.
  • Billing data: Retained for 7 years as required by Indian tax and accounting regulations.
  • Usage logs: Anonymized and retained for up to 24 months for analytics purposes.

When data is deleted, we remove it from our active databases and, within a reasonable timeframe, from our backup systems as well.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users regardless of jurisdiction:

Right to Access

Request a copy of the personal data we hold about you.

Right to Correction

Request correction of inaccurate or incomplete personal data.

Right to Deletion

Request deletion of your personal data (subject to legal retention requirements).

Right to Portability

Receive your data in a structured, commonly used, machine-readable format.

Right to Object

Object to the processing of your data for certain purposes, including marketing.

Right to Restriction

Request restriction of processing in certain circumstances.

To exercise any of these rights, please contact us at privacy@convify.ai. We will respond to your request within 30 days. You can also manage many aspects of your data directly through your account settings.

If you are located in the European Economic Area and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to promptly remove that information from our servers.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. Our infrastructure providers (including Supabase and OpenAI) may store and process data in multiple regions.

When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses, data processing agreements, and compliance with applicable data protection laws.

By using the Service, you consent to the transfer and processing of your information in accordance with this Privacy Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting a prominent notice on the Service prior to the change becoming effective. The "Last updated" date at the top of this policy indicates when it was last revised.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data. Your continued use of the Service after changes to this policy constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

Convify Technologies — Privacy Team

Email: privacy@convify.ai

Website: https://convify.ai

Response time: Within 30 business days

← Back to Home