Inconvo logo

Privacy Policy

Effective date: 7 October 2025

At Inconvo (“Inconvo,” “we,” “us,” or “our”), we build AI data agents that run on top of your customer data. This Privacy Policy explains how we collect, use, and share personal data when you visit inconvo.com, access the Inconvo application at app.inconvo.ai, interact with our support team, or otherwise engage with us.

By using our services you acknowledge that you have read and understood this Privacy Policy. Your use of Inconvo is subject to this Privacy Policy and our Terms of Service. If you have questions or wish to exercise your privacy rights, contact us at support@inconvo.ai.

What this policy covers

This Privacy Policy describes how we treat “personal data”—information that identifies or relates to an identifiable individual—in connection with our websites, products, and services (collectively, the “Services”). It does not apply to information processed by our customers within their own systems, or to services and websites that we do not control. When we act as a processor on behalf of a customer, our use of data is governed by our agreement with that customer.

Data we collect

We only collect personal data that helps us deliver and improve Inconvo's Services or meet our legal obligations. This includes information you provide directly, data created when you use the product, and limited information from trusted partners that integrate with Inconvo.

  • Account and organisation data. Name, email address, profile image URL, organisation name, plan tier, and access permissions associated with your Inconvo workspace. Authentication is handled by our identity platform; we do not store passwords.
  • Customer content and configuration. Metadata about connected data sources (such as schema details, connector settings, and agent configuration), system prompts, and other context needed to run your agents. We do not copy or store full tables from your systems; query results are processed transiently to power responses.
  • Conversation history. User questions, AI answers, and related context captured in conversation logs so that we can provide continuity, quality assurance, and optional exports. These logs may include snippets of customer data that appeared in a response.
  • Usage, telemetry, and device data. Product usage events (such as feature adoption, page views, button clicks), crash reports, IP address, browser or device type, timestamps, and similar diagnostic information collected through first-party logging and our analytics tooling. We avoid capturing sensitive field values in telemetry.
  • Support and communications. Information you provide when you contact us, including the content of emails or tickets and any files you choose to share for troubleshooting.
  • Data we do not collect. We do not process payment card numbers, government identifiers, or user passwords, and we do not intentionally collect special category data (such as health or biometric data). These categories may appear only if a customer stores them in their own systems and chooses to surface them through the Service, in which case the data is handled transiently.

How we use your data

We use personal data for the following purposes:

  • Provide, configure, and maintain the Services. Deliver conversations, execute queries via connectors, manage user accounts, and fulfill our agreements with customers.
  • Secure and monitor the platform. Authenticate access, prevent abuse, detect incidents, and investigate anomalies using audit logs and telemetry so the Service remains reliable and lawful.
  • Improve the product. Analyse aggregated usage trends, debug issues, and develop new features. We minimise personal data in analytics and allow customers to request analytics opt-outs, balancing innovation with privacy.
  • Communicate with you. Send operational notices, respond to support requests, and share product updates. You may opt out of non-essential communications at any time.
  • Comply with law. Retain records, respond to lawful requests, enforce our agreements, and protect our rights or the rights of others, as required under applicable regulations.

We do not use personal data for third-party advertising or sell or share personal data for targeted advertising under applicable law.

How we share your personal data

We do not sell personal data. We share personal data only with organisations that enable us to provide the Services or where the law requires it. Each recipient must protect the data and use it only for the purpose we specify. The categories of recipients include:

  • Service providers. Vendors that supply cloud hosting, authentication, analytics, communications, customer support, billing, and AI model services we rely on to run Inconvo.
  • Professional advisors. Lawyers, auditors, and other advisors who assist us under confidentiality obligations.
  • Authorities and law enforcement. Government bodies when required to respond to lawful requests or protect rights and safety.
  • Business transfers. Parties involved in a merger, financing, acquisition, or similar transaction involving Inconvo, where they agree to honour this policy.
  • Entities you authorize. Integrations or partners that you or your organisation connect to the Services.

You can contact us at support@inconvo.ai for a current list of subprocessors that act on our behalf.

Cookies and tracking

We use first-party analytics to understand product usage and improve performance. These analytics do not include raw customer query results, and we do not use third-party advertising cookies. You can adjust your browser settings to control cookies, and organisation owners may contact us to disable analytics collection for their workspace.

Data security and retention

We maintain layered security controls aligned with industry best practices. Inconvo is hosted in EU-based cloud infrastructure with encryption in transit and at rest, strict access controls enforced through SSO and multi-factor authentication, continuous monitoring for anomalies, and regular policy, access, and vendor reviews. These measures help protect customer data and surface issues quickly.

We retain personal data only as long as necessary for the purposes described in this policy or as required by law. Active customer data is stored for the duration of your organisation's contract; analytics events are typically retained for up to 12 months; system logs have a shorter retention window; and encrypted database backups are rotated on a rolling basis. When an organisation terminates service or asks us to delete its data, we hard-delete the associated records from our production systems. Residual copies may remain in backups until those backups expire.

You may request deletion of personal data at any time. We generally satisfy verified requests within 30 days and confirm once complete.

International data transfers

We host our primary infrastructure in the European Union. Some service providers we rely on operate from the United States or other regions. When personal data is transferred outside the EU, UK, or Switzerland, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms. We minimise the amount of personal data shared with third-party AI platforms and request EU processing regions whenever they are available.

Your privacy rights and choices

Depending on where you reside, you may have certain rights regarding your personal data. Subject to applicable law, these rights can include:

  • Accessing the personal data we hold about you.
  • Receiving a copy of your data in a portable format.
  • Requesting correction of inaccurate or incomplete data.
  • Requesting deletion of personal data.
  • Restricting or objecting to our processing, including opting out of analytics or non-essential communications.
  • Withdrawing consent where processing is based on consent (without affecting prior processing).
  • Lodging a complaint with your local supervisory authority (for EU/UK users) or the relevant privacy regulator in your jurisdiction.

California residents also have rights to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioural advertising, and we do not process sensitive personal information for purposes requiring a right to limit under California law.

To exercise your rights, email support@inconvo.ai or use any in-product deletion tools. We may need to verify your identity or authority before acting on a request. We aim to respond within 30 days (or the timeframe required by law) and will let you know if additional time is necessary.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page, update the effective date, and notify you by email or through the Service if required by law. Continued use of the Service after an update constitutes acceptance of the revised policy.

Contact information

If you have questions about this Privacy Policy, our data practices, or your privacy rights, please contact our privacy team at support@inconvo.ai. We are also available to discuss custom data processing needs through your Inconvo account representative.