Privacy Policy
This policy explains how Convero handles information when people visit our website, use a workspace, communicate with a Convero-powered business, or connect third-party channels and services.
Last updated: July 16, 2026
1. Scope and roles
This Privacy Policy applies to Convero's public website, business workspaces, customer messaging tools, and related support and operational services. It covers information provided by website visitors, workspace users, connected businesses, and people who communicate with those businesses through Convero.
A business normally decides why and how customer information in its workspace is used. Convero processes that information to provide the configured service and according to the business's instructions, applicable agreements, and law. The business remains responsible for its own privacy notices, lawful authority, and customer-facing practices.
2. Information we collect
We collect information that is provided to us, generated through use of the service, or received from services a business chooses to connect. The exact information depends on the features and channels used.
- Account and workspace data, such as names, email addresses, roles, invitations, authentication records, business profiles, team settings, subscription status, and workspace configuration.
- Customer and operational data, such as conversations, message attachments and metadata, contact details, customer records, qualification answers, leads, notes, bookings, service requests, catalog data, and human handoff activity.
- Channel and integration data, such as Facebook Page IDs, Instagram professional-account IDs, WhatsApp Business Account and phone-number IDs, Telegram or Google integration identifiers, granted permissions, connection state, delivery status, and encrypted authorization credentials.
- Usage, device, and log data, such as browser and request information, IP-derived security signals, timestamps, audit activity, errors, job results, delivery attempts, and diagnostic events.
- Website and support data, such as contact forms, service requests, consent choices, support correspondence, locale preference, and essential cookie data.
3. Meta and other connected channels
When an authorized workspace user connects Facebook Messenger, Instagram Messaging, or WhatsApp, Convero receives the identifiers, authorization details, permissions, asset information, messages, attachments, referrals, interactions, and delivery events needed to operate that selected channel. Each selected Page, professional account, WABA, or phone number is treated as a separate connection.
Convero does not ask workspace users to paste Meta access tokens or account passwords into the browser. Server-side credentials are encrypted. Meta and other channel providers process information under their own terms and privacy policies, and disconnecting a channel may not delete information that those providers or a business separately retain.
4. How we use information
We use information to provide and configure the service; authenticate users; route and respond to customer conversations; qualify leads; manage bookings and customer records; deliver notifications and exports; connect selected channels; provide support; administer subscriptions; secure and audit the platform; diagnose failures; improve reliability and usability; enforce agreements; and meet applicable legal obligations.
We may aggregate or de-identify information for operational analysis when the result is not reasonably capable of identifying a person. We do not use customer message content for unrelated advertising.
5. AI processing
If a business enables AI features, Convero may send the business's instructions and relevant conversation, customer, catalog, or booking context to the AI provider configured for that workspace. The service may store prompts, responses, model routing information, usage, and safety or diagnostic results needed to operate and review the feature.
AI output can be inaccurate or incomplete and may be reviewed, corrected, or replaced by authorized people. Businesses should avoid configuring unnecessary sensitive information and are responsible for deciding whether AI use is appropriate for their customers and legal obligations. AI providers handle submitted data under their applicable service terms and configured account settings.
6. Cookies and similar storage
Convero uses cookies and browser storage that are necessary for authentication, session security, language preference, and core site or workspace functions. Connected providers may use their own cookies when their login or embedded experiences are opened. We do not describe those third-party cookies as Convero cookies; their policies govern them.
7. Sharing and subprocessors
We share information only as needed to operate the service, follow a workspace's configured instructions, protect people and the platform, complete a business transaction, or comply with valid legal requirements. Recipients may include authorized workspace users; hosting, database, authentication, email, monitoring, logging, security, and AI providers; Meta and other connected communication channels; and customer-selected delivery destinations such as Google Sheets, Telegram, email, external CRMs, or webhooks.
These vendors and subprocessors receive information relevant to their functions and may process it in other countries. The providers used can change as the service evolves. For current information relevant to a workspace, contact contact@convero.tech. We do not sell customer conversation data.
8. Security
We use measures designed to protect information, including role-based access, tenant separation, encrypted stored credentials, transport encryption, audit records, webhook verification, and operational monitoring. No online service can guarantee absolute security. Users must protect their credentials, use authorized devices, assign appropriate roles, and promptly report suspected unauthorized access.
9. Retention
We retain information for as long as reasonably needed to provide the service, maintain account and transaction records, secure and troubleshoot the platform, follow workspace settings and contractual instructions, resolve disputes, and meet legal, financial, fraud-prevention, or security requirements. Retention varies by data type, workspace configuration, connected service, and the reason the information is held.
After deletion, limited copies may remain temporarily in protected backups or logs until they are overwritten through normal system cycles. We do not promise a single fixed retention or deletion period that applies to every category.
10. International processing
Convero, its service providers, and connected channels may process information in countries other than the country where it was collected. Where applicable law requires safeguards for a transfer, the responsible party will use an available lawful mechanism appropriate to the relationship and transfer.
11. Choices and rights
Depending on where you live and the nature of the relationship, you may have rights to ask for access, correction, a copy, restriction, objection, withdrawal of consent, or deletion. These rights can have legal exceptions. Workspace users should first use available workspace controls or contact their workspace owner. A customer who communicated with a Convero-powered business may also contact that business because it controls the customer relationship.
You may send a privacy request to contact@convero.tech. Include enough information for us to identify the relevant account, workspace, business, or channel interaction. We may verify identity, authority, and scope before acting.
12. Deletion and disconnection
Instructions for requesting deletion are published at convero.tech/data-deletion. Deleting an account or disconnecting a channel is not always the same as deleting every workspace record. A request can specify accounts, workspace data, connected authorizations, conversations, leads, bookings, or customer records.
We may retain minimal information where required for legal, financial, fraud-prevention, dispute, or security purposes. A business, Meta, an AI provider, or another connected destination may hold separate copies that must be requested from that party.
13. Children
Convero is a business service and is not directed to children. Businesses must not knowingly use the service to collect children's information unless they have the authority, notices, safeguards, and consents required for their use case. If you believe information about a child was provided improperly, contact contact@convero.tech.
14. Changes and contact
We may update this policy when the service, providers, or legal requirements change. The current version and last-updated date will remain available at convero.tech/privacy. Material changes may also be communicated through the service or by email when appropriate.
For privacy questions or requests, email contact@convero.tech. Do not send passwords, access tokens, app secrets, or other authentication credentials.