Privacy Policy
Proposed effective date: July 10, 2026
Draft — legal review required before launch. This notice will remain until the policy is approved.
Our role
Convoco helps authorized users prepare for, capture, and reflect on professional relationships. The service provider is the Convoco entity identified in your invitation, order form, or other written agreement. A customer company generally controls the relationship data its accounts place in the service; Convoco processes that data to provide and protect the service.
Information we process
Depending on the features your company enables, the service may process:
- Account details such as name, email address, company membership, role, and preferences.
- Calendar events, meeting participants, contacts, and connected-account identifiers.
- Conversation notes, transcripts, field notes, questions, and review feedback.
- Professional relationship details about people who may not be Convoco users.
- Company, deal, document, and public-web enrichment used to ground relationship context.
- Usage, device, security, support, audit, and AI-provider activity records.
- Billing and subscription status when paid services are enabled. Payment-card details are handled by the payment provider, not stored directly by Convoco.
Sources and purposes
Information may come from you, other accounts in your company, connected Google services, meeting transcripts, customer-configured CRM or provider integrations, public sources, and service providers. We use it to operate and secure the service; prepare and review conversations; create relationship-grounded coaching and documents; synchronize enabled integrations; respond to support and privacy requests; administer access and billing; and monitor reliability, abuse, and cost.
Where applicable law requires a legal basis, processing may rely on performing a contract, the customer's and Convoco's legitimate interests in providing a secure B2B relationship service, consent for an optional connection, or compliance with law. Customer companies are responsible for having an appropriate basis to place third-party relationship data in the service.
AI and service providers
AI features use selected relationship context to produce preparation, analysis, coaching, enrichment, and document assistance. AI output can be incomplete or wrong and must be reviewed by a person. Depending on customer configuration, data may be processed by providers such as Google, Brevo, Apollo, Anthropic, OpenAI, OpenRouter and models reached through it, Moonshot, Perplexity, Stripe, and hosting, storage, database, security, or monitoring providers. Only providers needed for enabled features should receive the relevant data.
Some providers may process information outside your country. Where required, Convoco and its providers use contractual or other recognized safeguards for international transfers.
Sharing and disclosure
We do not sell relationship data. We disclose information to the customer company and its authorized accounts, service providers acting for us, connected services at an authorized user's direction, professional advisers under confidentiality, and authorities or other parties when reasonably necessary to comply with law, protect people or the service, or complete a corporate transaction subject to appropriate safeguards.
Retention, security, and cookies
We retain information while the relevant company account is active and as reasonably needed to provide the service, meet contractual or legal duties, resolve disputes, maintain audit records, and recover from failures. Retention varies by record type and customer settings; backups and security logs may remain for limited periods after primary records are removed.
We use administrative, technical, and organizational safeguards designed to protect data, including access controls, encryption in transit, tenant isolation, and privileged-action audit records. No system can guarantee absolute security.
The application uses cookies or similar storage needed for sign-in, security, company routing, and preferences. Optional analytics may be enabled for some public surfaces. Non-essential analytics must not be enabled where consent is required until an appropriate consent control is available.
Your choices and privacy rights
You can disconnect supported integrations and correct some account or relationship data in the product. Access, correction, export, deletion, objection, restriction, or portability requests are currently handled manually. Email support@convocoai.com with the company and account involved. We may verify identity and coordinate with the customer company before acting. We respond according to applicable law and may retain information when legally required. You may also complain to the privacy regulator where you live.
Children, changes, and contact
The service is for professional use and is not directed to children. We may update this policy as the service or law changes and will revise the effective date and provide additional notice when appropriate. For privacy questions, provider identity or address, subprocessors, transfer safeguards, or data requests, contact support@convocoai.com.