Privacy Policy

Introduction

At ConvoAgent ("we", "our", or "us"), we are committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our conversational AI services, or interact with our platform.

We value transparency and want to ensure you understand what information we collect, how we use it, and the choices you have regarding your personal data. By accessing or using our services, you consent to the practices described in this Privacy Policy.

This Privacy Policy applies to all services offered by ConvoAgent, including our website, AI agents, and related applications. Please read this policy carefully to understand our practices regarding your personal information.

Data Collection Practices

We collect information to provide better services to our users and improve our conversational AI technology. The types of information we collect include:

Information You Provide to Us

Account information: When you create an account, we collect your name, email address, phone number, and company information.
Business information: Details about your business operations, services, and workflows that you share during onboarding or agent configuration.
Communication data: Content of messages, calls, and interactions with our AI agents, including transcripts and recordings.
Payment information: Billing details and transaction history when you subscribe to our services.

Information We Collect Automatically

Usage data: Information about how you interact with our services, including features used, time spent, and actions taken.
Device information: Hardware model, operating system, unique device identifiers, and mobile network information.
Log data: Server logs, IP addresses, browser type, referring/exit pages, date/time stamps, and clickstream data.
Location information: General location based on IP address or more precise location if you enable location services.

Information From Third Parties

Integration data: Information received through authorized integrations with third-party services (CRMs, calendars, etc.).
Partner information: Data shared by our business partners or service providers with your consent.
Public sources: Publicly available information that helps us improve our services and personalize your experience.

Data Collection Principles

We adhere to the principles of data minimization and purpose limitation. We only collect information that is necessary for the specific purpose for which it will be used and retain it only for as long as needed to fulfill those purposes or as required by law.

Use of Information

We use the information we collect for various purposes, including:

Providing Our Services

• Operating and maintaining our AI agents
• Processing and completing transactions
• Facilitating communication with your customers
• Managing appointments and scheduling

Customer Support

• Responding to inquiries and requests
• Troubleshooting problems
• Providing technical assistance
• Training our support team

Improving Our Services

• Enhancing AI performance and accuracy
• Developing new features and services
• Conducting research and analysis
• Measuring service effectiveness

Security & Compliance

• Protecting against fraud and abuse
• Verifying identity and access
• Enforcing our terms and policies
• Complying with legal obligations

Marketing and Communications

With your consent, we may use your information to:

Send promotional materials about new features, special offers, or other information we think you may find interesting
Provide updates about changes to our services or policies
Deliver personalized content and recommendations
Measure the effectiveness of our marketing campaigns

You can opt out of marketing communications at any time by following the unsubscribe instructions included in each email or by contacting us directly.

Data Protection Measures

We implement robust security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our comprehensive data protection program includes:

Security Measure	Description
Encryption	All data in transit and at rest is encrypted using industry-standard protocols (TLS 1.3, AES-256)
Access Controls	Strict role-based access controls, multi-factor authentication, and least privilege principles
Network Security	Firewalls, intrusion detection systems, and regular vulnerability scanning
Physical Security	Secure data centers with 24/7 monitoring, biometric access controls, and redundant power
Monitoring	Continuous monitoring for suspicious activities and automated alerts for potential security incidents

Employee Training and Awareness

All ConvoAgent employees undergo comprehensive security and privacy training. We maintain a culture of security awareness through:

Regular security awareness training
Background checks for all employees
Confidentiality agreements
Ongoing education about privacy best practices

Data Breach Response

In the unlikely event of a data breach, we have a comprehensive incident response plan that includes:

Prompt identification and containment of the breach
Thorough investigation of the cause and impact
Timely notification to affected individuals and relevant authorities as required by law
Implementation of measures to prevent similar incidents in the future

Our Commitment

While no method of transmission over the Internet or electronic storage is 100% secure, we continuously review and enhance our security measures to protect your personal information. We are committed to maintaining the trust you place in us by handling your data with the utmost care and in accordance with our privacy commitments.

Cookie Policy

Cookies are small text files that are placed on your device when you visit our website. They help us provide you with a better experience by enabling certain features and functionality. We use different types of cookies for various purposes:

Essential Cookies

These cookies are necessary for the website to function properly. They enable basic functions like page navigation, secure areas access, and remember your preferences.

Cannot be disabled as they are essential for the operation of our site.

Performance Cookies

These cookies help us understand how visitors interact with our website by collecting anonymous information. We use this data to improve our website and enhance user experience.

Examples: Google Analytics, Hotjar

Functional Cookies

These cookies enable enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.

Examples: Live chat services, preference settings

Targeting/Advertising Cookies

These cookies are used to track visitors across websites. They are set to display targeted advertisements based on your interests and online behavior.

Examples: Facebook Pixel, LinkedIn Insight Tag

Managing Cookies

You can control and manage cookies in various ways. Most web browsers allow you to manage your cookie preferences. You can:

Delete cookies from your device
Block cookies by activating the setting on your browser that allows you to refuse all or some cookies
Set your browser to notify you when you receive a cookie

Please note that if you choose to block or delete cookies, you may not be able to access certain areas or features of our website, and some services may not function properly.

When you first visit our website, you will be presented with a cookie banner that allows you to accept or decline non-essential cookies. You can change your preferences at any time by visiting our Cookie Settings page.

Third-Party Sharing Practices

We may share your information with third parties in certain circumstances. We ensure that any third party with whom we share your data maintains similar levels of security and privacy protection.

Categories of Third Parties

Service Providers

Companies that help us deliver our services, such as cloud hosting providers, payment processors, customer support tools, and analytics services.

Integration Partners

Third-party services that you choose to integrate with our platform, such as CRM systems, calendar applications, and communication tools.

Business Partners

Organizations we collaborate with to offer joint services, promotions, or products.

Legal Authorities

Government agencies or law enforcement when required by law, to protect our rights, or in response to a legal process.

Circumstances for Sharing

We may share your personal information in the following circumstances:

With your consent: When you have explicitly agreed to the sharing of your data.
For service provision: To fulfill the services you have requested, including processing transactions and facilitating integrations.
For legal reasons: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
Business transfers: In connection with a merger, acquisition, or sale of assets, where your data would be transferred as part of the business assets.
Protection of rights: To protect the rights, property, or safety of ConvoAgent, our users, or the public.

Our Commitment to Your Privacy

We do not sell your personal information to third parties. When we share information with service providers, we ensure they use it only for the specific purposes outlined in our agreements and in compliance with our privacy policies.

All third parties with whom we share data are contractually obligated to maintain appropriate security measures and are prohibited from using your personal information for their own marketing purposes without your explicit consent.

User Rights & Controls

We respect your rights regarding your personal information. Depending on your location, you may have various rights under applicable privacy laws. These rights may include:

Right to Access

You have the right to request a copy of the personal information we hold about you and to check that we are lawfully processing it.

Right to Rectification

You have the right to request that we correct any incomplete or inaccurate information we hold about you.

Right to Erasure

You have the right to request that we delete your personal information in certain circumstances, such as when the data is no longer necessary.

Right to Restrict Processing

You have the right to request that we suspend the processing of your personal information in certain circumstances.

Right to Data Portability

You have the right to request that we transfer your personal information to you or to a third party in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to the processing of your personal information in certain circumstances, including for direct marketing purposes.

How to Exercise Your Rights

You can exercise your rights by:

Accessing your account settings to view, update, or delete certain information
Contacting our Privacy Team at privacy@convoagent.com
Submitting a request through our Data Subject Request Form

We will respond to all legitimate requests within the timeframe required by applicable law (typically within 30 days). In some cases, we may need to verify your identity before processing your request.

Please note that there may be circumstances where we cannot fulfill your request, such as when the information is necessary for us to comply with our legal obligations or to exercise or defend legal claims. In such cases, we will explain why we cannot fulfill your request.

Privacy Controls

In addition to your legal rights, we provide various controls that allow you to manage your privacy preferences:

Account Settings

Manage your personal information, communication preferences, and account security options through your account dashboard.

Communication Preferences

Choose which types of communications you wish to receive from us and how frequently.

Cookie Preferences

Manage your cookie settings through our Cookie Consent Manager.

GDPR & CCPA Compliance

ConvoAgent is committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in California.

GDPR Compliance

For users in the European Economic Area (EEA), we serve as both a data controller and a data processor, depending on the context:

As a data controller, we determine the purposes and means of processing your personal data when you interact directly with our services.
As a data processor, we process personal data on behalf of our customers (the data controllers) when our AI agents interact with their customers.

Under the GDPR, we process personal data on the following legal bases:

Contractual necessity: To perform our contract with you
Legitimate interests: To pursue our legitimate business interests in a way that does not override your rights and freedoms
Consent: When you have given us specific consent to process your data
Legal obligation: To comply with legal requirements

For international data transfers from the EEA, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

CCPA Compliance

For California residents, the CCPA provides specific rights regarding personal information. In addition to the rights outlined in the User Rights section, California residents have the right to:

Know what personal information is being collected about them
Know whether their personal information is sold or disclosed and to whom
Say no to the sale of their personal information
Access their personal information
Request deletion of their personal information
Not be discriminated against for exercising their privacy rights

In the past 12 months, we have collected the categories of personal information described in the Data Collection section of this policy. We do not sell personal information as defined by the CCPA. We may share personal information with the categories of third parties described in the Third-Party Sharing section.

California residents can exercise their CCPA rights by contacting us at privacy@convoagent.com or through our Data Subject Request Form.

Other Privacy Regulations

We also comply with other applicable privacy regulations, including but not limited to:

• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
• Brazil's General Data Protection Law (LGPD)
• Australia's Privacy Act
• UK Data Protection Act

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please don't hesitate to contact us.

Email Us

General inquiries: info@convoagent.com

Privacy concerns: privacy@convoagent.com

Data protection officer: dpo@convoagent.com

Our Address

ConvoAgent, Inc.
1234 Innovation Way
Suite 500
San Francisco, CA 94103
United States

Submit a Request

You can also submit privacy-related requests through our online form:

Privacy Request Form

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

Posting the updated policy on our website
Sending an email notification to the email address associated with your account
Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

Contents