Privacy and Compliance

This page gives a general overview of Convot’s approach to privacy and compliance. It is not legal advice.

Data controller and data processor

When you use Convot to support your customers:

• You are the data controller for your customers’ personal data. You decide what data to collect and why.
• Convot is a data processor acting on your instructions to store and process that data.

This means you are responsible for having a lawful basis to collect your customers’ information and for informing them how their data is used (for example, that their support conversations are handled by a third-party tool).

GDPR and UK GDPR

Convot is committed to compliance with the GDPR and UK GDPR. We process data in the EU by default and support Standard Contractual Clauses (SCCs) for international transfers where required.

If you need a Data Processing Agreement (DPA) for your GDPR obligations, email [email protected].

What personal data Convot stores on your behalf

Convot stores whatever your customers share during a support conversation: name, email, message content, and any custom attributes you pass via Convot.identify(). If you integrate with the Shopify Partner API, Convot also stores Shopify merchant data (store domain, subscription plan, transaction data) that your Shopify Partner account has access to.

Data residency

Convot runs on infrastructure in the US and EU. If you have specific data residency requirements, contact us.

Your customers’ right to erasure

If a customer asks you to delete their data, you can delete their contact record in Convot from Contacts. See Exporting and deleting data.

Security measures

For a description of the technical and organizational measures Convot uses to protect data, see How we handle your data.

Questions

For privacy and compliance questions, email [email protected].