GDPR Compliance
ConvoHQ is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Last updated: April 29, 2026
Lawful Processing
We process data only when we have a legal basis
Data Minimization
We collect only necessary data for our services
Transparency
Clear information about how we use your data
Security
Strong technical measures protect your data
Accountability
We demonstrate compliance with GDPR requirements
Privacy by Design
Privacy protection built into our systems
As a data subject under GDPR, you have the following rights regarding your personal data:
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data ('right to be forgotten')
Right to Restrict Processing
Request limitation of how we process your data
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing based on legitimate interests or direct marketing
We process the following categories of personal data:
| Data Category | Examples | Legal Basis |
|---|---|---|
| Account Information | Name, email, company details | Contract performance |
| Usage Data | Login times, feature usage, settings | Legitimate interests |
| Communication Data | Support tickets, feedback | Contract performance |
| Marketing Data | Newsletter preferences, campaign data | Consent |
We implement comprehensive security measures to protect your personal data:
Technical Measures
- End-to-end encryption in transit and at rest
- Regular security assessments and updates
- Access controls and authentication
- Data backup and recovery procedures
Organizational Measures
- Staff training on data protection
- Data processing agreements with vendors
- Privacy impact assessments
- Incident response procedures
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
Account Data
Retained while your account is active and for 3 years after account closure for legal compliance
Usage and Analytics Data
Retained for 2 years for service improvement and analytics purposes
Marketing Data
Retained until you withdraw consent or unsubscribe
To exercise any of your GDPR rights, please contact us using the methods below:
Data Protection Contact
Email: privacy@convohq.com
Subject Line: "GDPR Data Subject Request"
Response Time: We will respond within 30 days
What to Include:
- Your full name and email address
- Clear description of your request
- Proof of identity (if required)
- Any relevant account information
If you believe we have not handled your personal data in accordance with GDPR, you have the right to:
1. Contact Us First
We encourage you to contact us first at privacy@convohq.com so we can try to resolve any concerns.
2. Lodge a Complaint
You can lodge a complaint with your local supervisory authority in the EU/EEA where you live, work, or where you believe the infringement occurred.
We may update this GDPR compliance notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated notice on our website and, where appropriate, by email.