Back to Home

GDPR Compliance

Our commitment to data protection and your privacy rights

ConvoAI is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR).

This page explains your rights under GDPR and how we comply with data protection requirements.

Our Commitment to GDPR

We take data protection seriously and have implemented comprehensive measures to ensure compliance with GDPR. Our practices are designed to protect your personal data and respect your privacy rights.

GDPR Principles We Follow

Lawfulness, Fairness & Transparency

We process data lawfully, fairly, and transparently

Purpose Limitation

Data collected for specific, legitimate purposes only

Data Minimization

We collect only necessary data

Accuracy

Data kept accurate and up-to-date

Storage Limitation

Data retained only as long as necessary

Integrity & Confidentiality

Appropriate security measures in place

Your Rights Under GDPR

As a data subject, you have the following rights:

1. Right to Access

You can request a copy of all personal data we hold about you.

We will provide this information free of charge within 30 days.

2. Right to Rectification

You can request correction of inaccurate or incomplete data.

We will update your information promptly upon verification.

3. Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data.

We will delete your data unless we have a legal obligation to retain it.

4. Right to Data Portability

You can receive your data in a structured, machine-readable format.

We provide data in CSV or JSON format upon request.

5. Right to Object

You can object to processing of your data for marketing purposes.

We will stop processing your data for that purpose immediately.

6. Right to Restrict Processing

You can request limitation on how we use your data.

We will restrict processing while verifying your request.

7. Right to Withdraw Consent

You can withdraw consent for data processing at any time.

Withdrawal does not affect lawfulness of prior processing.

8. Right to Lodge a Complaint

You can file a complaint with your local data protection authority.

We encourage you to contact us first to resolve any concerns.

How to Exercise Your Rights

Contact Our Privacy Team

To exercise any of your GDPR rights, please contact us:

Email: privacy@convoai.com

Subject Line: "GDPR Data Subject Request"

Response Time: Within 30 days

Please include your full name, email address, and specific request. We may ask for identification to verify your identity.

Data Processing Agreement (DPA)

For enterprise clients who deploy ConvoAI and process personal data, we offer a Data Processing Agreement (DPA) that outlines:

  • Roles and responsibilities (Controller vs. Processor)
  • Data processing terms and conditions
  • Security measures and safeguards
  • Sub-processor arrangements
  • Data breach notification procedures
  • International data transfer mechanisms

Download DPA Template

Standard Data Processing Agreement for enterprise clients

Security Measures

We implement appropriate technical and organizational measures to ensure data security:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and authentication
  • Regular security audits and penetration testing
  • Employee training on data protection
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery plans

Learn more on our Security page.

International Data Transfers

When transferring data outside the European Economic Area (EEA), we use:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Appropriate safeguards to protect your data

Related Resources

Privacy PolicyTerms and ConditionsSecurity