Current status and in‑progress programs
Last updated: August 17, 2025
Convo is committed to protecting the security and privacy of our customers’ data. This Trust Center provides an overview of our security controls, compliance posture, data handling practices, and how to contact us for security and privacy matters.
Our AI assists human users and does not autonomously make high-risk decisions. We assess our offering as low risk under the EU AI Act and monitor regulatory updates. We are not engaged in military or defense applications.
We retain customer data only for as long as necessary to provide the service and meet legal obligations. Upon request or contract termination, we delete or anonymize data in accordance with our retention policies.
You may request access, correction, deletion, or portability of your data by emailing[email protected]. We aim to respond within 30 days in accordance with applicable laws.
We engage the following subprocessors to deliver our services. We minimize the personal data shared with these providers and configure EU processing where available.
| Name | Purpose | Data Categories | Region / Notes |
|---|---|---|---|
| Google Analytics | Web analytics | Usage data, device/browser metadata | Configured for minimal data; EU processing where supported |
| OpenAI | AI model inference | Prompt content as provided by users | We minimize sent data; additional provider controls may apply |
| Vercel | Front-end hosting | Application content, logs | EU/Frankfurt configuration where applicable |
| Fly.io | Back-end hosting | Application data and logs | EU/Frankfurt configuration |
| Resend | Transactional emails | Email addresses, message metadata | Provider regional processing policies apply |
| LiveKit | Interviewing agent (realtime media) | Audio/video session data | EU regions where available |
| Gladia | Transcription | Audio snippets for transcription | EU processing where supported |
| Azure | Video/audio file storage | Media files | Frankfurt (EU) storage |
| Supabase | Database & user authentication | Account data, application records | EU/Frankfurt configuration |
If you suspect a security incident affecting Convo or your data, email[email protected]. We triage promptly and will notify affected customers in accordance with applicable laws and contractual obligations.
We welcome responsible disclosure from security researchers. Please email[email protected]. We aim to acknowledge new reports within 3 business days.
Our availability target is currently TBD. We will publish uptime targets and a public status page link here when available.
This page is provided for informational purposes and does not constitute legal advice. Please contact us for specific assurances required for your organization.