Convobase

Privacy Policy

Last updated: December 14, 2024

Introduction

At Convobase, we believe your privacy matters. This policy explains what information we collect, how we use it, and what choices you have. We've written this in plain language because legal documents should be readable by humans, not just lawyers.

What Information We Collect

Account Information

When you sign up, we collect your email address, name, and the password you create. We also store your workspace settings and preferences to give you a personalized experience.

Conversation Data

We store all chat conversations between your AI assistant and your customers. This includes messages, timestamps, and conversation outcomes. We need this to train your AI, provide analytics, and help you improve your support quality.

Visitor Information

When someone uses your chat widget, we collect their browser type, operating system, and approximate location based on their IP address. This helps us provide relevant support and detect potential issues. We don't collect precise GPS coordinates or track users across websites.

Usage Analytics

We track how you use our dashboard—which features you click, pages you visit, and time spent in different areas. This helps us understand what works and what doesn't, so we can build a better product.

Training Materials

Any content you upload to train your AI assistant—like website URLs, documents, or knowledge base articles—is stored securely in our system.

How We Use AI and Process Your Data

Our platform uses artificial intelligence to power your customer support. Here's how it works:

  • We send your training materials to AI services (OpenAI and OpenRouter) to create embeddings—mathematical representations that help our AI understand your content
  • When a customer asks a question, we search for relevant information and send it to the AI along with the conversation history to generate helpful responses
  • These AI services process data according to their own privacy policies, but they don't use your data to train their general models without permission
  • All AI processing happens in real-time—we don't store unnecessary copies of processed data

Where We Store Your Data

We use trusted third-party services to store and process your information:

  • Supabase: Your account information, conversations, and settings are stored in a PostgreSQL database hosted by Supabase with encryption at rest
  • Pinecone: We store vector embeddings (the AI-friendly versions of your content) in Pinecone's specialized database for fast semantic search
  • OpenAI: We use OpenAI's embedding API to convert your training materials into searchable vectors
  • OpenRouter: Chat messages are sent to OpenRouter's API to generate AI responses

All data transmission happens over encrypted connections (HTTPS/TLS). We've configured our services to meet industry security standards.

How We Protect Your Information

Security isn't just a feature—it's fundamental to everything we build:

  • All passwords are hashed using industry-standard encryption before storage
  • We use row-level security in our database so users can only access their own data
  • Our infrastructure is monitored 24/7 for suspicious activity
  • We regularly update our systems and dependencies to patch security vulnerabilities
  • Employee access to customer data is strictly limited and logged

That said, no system is 100% secure. If we detect a data breach that affects your information, we'll notify you within 72 hours and explain what happened and what we're doing about it.

Cookies and Tracking

We use cookies (small text files stored in your browser) for essential purposes:

  • Authentication cookies: To keep you logged in between sessions
  • Preference cookies: To remember your dashboard settings and theme choices
  • Analytics cookies: To understand how people use our platform

You can disable cookies in your browser settings, but some features might not work properly. We don't use advertising cookies or sell your data to third parties.

Your Rights and Choices

You're in control of your data. Here's what you can do:

Access Your Data

You can view all your conversations, training materials, and account information directly in your dashboard. If you need a complete export, contact us and we'll provide it in a standard format within 30 days.

Correct or Update Information

You can edit your account details and workspace settings anytime. If you notice incorrect data you can't change yourself, let us know and we'll fix it.

Delete Your Data

You can delete your account and all associated data from your account settings. Once deleted, we'll permanently remove your information within 30 days (except what we're legally required to retain for accounting or compliance). Some backups might persist for up to 90 days before being overwritten.

Object to Processing

If you're in the EU, you can object to how we process your data. Contact us to discuss your concerns—we'll work with you to find a solution or stop processing if we don't have a compelling reason to continue.

Opt Out of Analytics

While we use analytics to improve the product, you can request to opt out of non-essential tracking. This won't affect core functionality.

International Data Transfers

Our servers and services are primarily located in the United States. If you're accessing Convobase from another country, your data will be transferred to and processed in the US. We ensure these transfers comply with applicable data protection laws, including GDPR for European users.

Children's Privacy

Convobase is not intended for users under 16 years old. We don't knowingly collect information from children. If you believe a child has provided us with personal data, please contact us and we'll delete it promptly.

Payment Information

We use Dodo Payments to process all billing and payments. We never see or store your full credit card numbers—Dodo Payments handles that securely. We only receive confirmation of successful payments and basic billing information needed for invoices and account management.

When We Share Your Information

We don't sell your data. Period. We only share information in these situations:

  • Service providers: The third-party services mentioned above (Supabase, Pinecone, OpenAI, OpenRouter, Dodo Payments) need access to relevant data to function. They're contractually obligated to protect it
  • Legal requirements: If required by law, court order, or government request, we'll share the minimum information necessary. We'll notify you unless legally prohibited
  • Business transfers: If we're acquired or merged with another company, your data will transfer to the new owner. We'll notify you before this happens
  • With your permission: If you explicitly tell us to share your data with someone, we will

How Long We Keep Your Data

We retain your information as long as your account is active. If you delete your account, we'll remove your data within 30 days, except:

  • Financial records required for tax compliance (up to 7 years)
  • Data needed to resolve disputes or enforce our terms
  • Anonymized analytics that can't identify you personally
  • Information we're legally required to preserve

Changes to This Policy

We'll update this policy occasionally as our product evolves or laws change. When we make significant changes, we'll notify you via email or a prominent dashboard notice at least 30 days before they take effect. Continuing to use Convobase after changes go live means you accept the updated policy.

You can always find the latest version at this URL. The "Last updated" date at the top tells you when we made the most recent changes.

Contact Us

Have questions, concerns, or requests about your privacy? We're here to help:

Email: privacy@supportai.com

We'll respond to all privacy inquiries within 48 hours

If you're in the EU and not satisfied with our response, you have the right to file a complaint with your local data protection authority.

Want to review our terms of service? Read our Terms of Service