Convot Convot
Help What's New Roadmap Book
Back to Security and Privacy
Security and Privacy

How We Handle Your Data

An overview of the technical and organizational measures Convot uses to protect your data and your customers' data.

Updated June 11, 2026

This page describes how Convot handles the data you and your customers send through the platform.

Infrastructure

Convot runs on managed cloud infrastructure. Databases and object storage are hosted with providers that offer:

  • Physical security and ISO-certified data centers.
  • Automated backups and point-in-time recovery.
  • Managed encryption at rest for all stored data.

Encryption

  • At rest - all data in our databases, file storage, and backups is encrypted at rest using AES-256.
  • In transit - all traffic between your browser, the widget, and Convot’s servers uses TLS 1.2 or higher.
  • Sensitive credentials - third-party API tokens (including your Shopify Partner API token) are encrypted at the application layer using an additional encryption key, separate from the database encryption.

Tenant isolation

Convot is a multi-tenant service. Each organization’s data is scoped by organization_id and app_id at the database level. There are no shared conversation lists, contact lists, or article stores between organizations.

Access controls

  • Convot employees have limited, audited access to production systems.
  • No Convot employee can see your conversations or customer data through the admin UI without a specific support reason and your awareness.

Subprocessors

Convot uses a small number of third-party subprocessors: our cloud infrastructure provider, our transactional email provider, and Cloudflare (for custom domain TLS). We do not sell your data to advertising networks or data brokers.

Data retention

Conversation data is retained as long as your account is active. After account cancellation, data is deleted after a grace period. See Cancelling your account for details.

Shopify lifecycle event data (installs, uninstalls) is retained for 12 months and then pruned automatically.

Reporting a security issue

If you find a security vulnerability in Convot, email [email protected] with a description. Do not publicly disclose the issue until we’ve had a chance to investigate. We’ll acknowledge valid reports and keep you updated.

Was this article helpful?

Related articles

Identity Verification Privacy and Compliance Exporting and Deleting Data