Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your information.
Introduction
Welcome to Convoi AI("Company," "we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our AI-powered conversational agent platform and related services (collectively, the "Service").
1. Information We Collect
1.1 Account Information
When you create an account:
- Email address – Used for account authentication and communication
- Full name – Used to personalize your experience
- Username – Used as your unique identifier
- Password – Encrypted and used for account security
When you sign in with Google:
- Email address – From your Google account
- Full name – From your Google profile
- Profile picture URL – From your Google profile
- Google Account ID – A unique identifier for your Google account
1.2 Google Calendar & Sheets Data
When you connect a Google integration, Convoi AI requests access to specific, limited Google data to enable AI agents to perform automated scheduling and data-logging on your behalf. Here is exactly what we access and why:
Google Calendar (scopes: calendar.readonly and calendar.events):
- Your list of calendars – Accessed once during integration setup so you can select which calendar to use with your AI agent. This data is not stored beyond your session.
- Free/busy availability – During live calls, our AI agent queries the Calendar FreeBusy API to check whether a requested time slot is available. Only busy/free status is read; the content of your individual events is never accessed or stored.
- Event creation – When a caller books an appointment, our AI agent creates a new calendar event on your behalf using the details gathered during the call (date, time, title, description). We do not read, modify, or delete any pre-existing events.
Google Sheets (scope: auth/spreadsheets):
- Spreadsheet metadata – When you connect a spreadsheet, we read its title and sheet names for configuration purposes. This metadata is stored as part of your integration settings.
- Row appending – After a call is completed, our AI agent appends a new row of call outcome data (e.g., caller name, phone number, call result) to the designated Google Sheet. We do not read, modify, or delete any pre-existing rows.
We do NOT:
- Read the content of your existing calendar events
- Read, modify, or delete any existing rows in your Google Sheets
- Store calendar or spreadsheet content beyond what is necessary to complete an active call operation
Google API Services User Data Policy: Convoi AI's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we use Google user data only to provide and improve the features described in this Privacy Policy, and not for any other purpose.
Google Workspace APIs — Use of User Data
Convoi AI accesses data from Google Workspace APIs (specifically Google Calendar and Google Drive) solely to perform the features the user has enabled:
- Google Calendar— reading calendar availability to schedule appointments, and creating, updating, or cancelling events on the user's calendar during voice interactions with callers.
- Google Drive (
drive.filescope) — appending lead records (such as name, contact info, and call metadata) to Google Sheets that the user explicitly selects through the Google Picker. Convoi AIdoes not access any other files in the user's Drive.
Convoi AI does not use any user data obtained through Google Workspace APIs to develop, improve, or train generalized or non-personalized AI and/or ML models. Data accessed through these APIs is used only to deliver the scheduling and lead-logging features the user has enabled, and is not shared with third parties for AI/ML training purposes.
Users can disconnect Convoi AI from their Google account at any time via their Google Account settings at https://myaccount.google.com/permissions, which immediately revokes all access.
1.3 Voice and Call Data
- Call recordings – Audio recordings of conversations with AI agents (with consent)
- Call transcripts – Text transcriptions of voice conversations
- Call metadata – Duration, timestamps, phone numbers, and call outcomes
1.4 Payment Information
Payment processing is handled securely by Stripe. We do not store your full credit card number.
2. How We Use Your Information
- Create and manage your Convoi AI account
- Enable AI voice agents to make and receive calls
- Process and route voice conversations
- Execute Google Calendar and Sheets integrations as described in Section 1.2
- Analyze usage patterns to improve features
- Send important service notifications
- Detect and prevent fraud, abuse, and security threats
We do NOT use your Google data for:
- Advertising or marketing purposes
- Selling to third parties
- Training AI models on your personal content
- Any purpose other than the features explicitly described in this Privacy Policy
3. Data Storage & Security
Infrastructure
- Primary Infrastructure: Amazon Web Services (AWS) US-East-1
- Vector Database: Qdrant Cloud for AI knowledge base
- Real-time Communications: LiveKit Cloud for voice calls
- File Storage: Amazon S3 for recordings and documents
Security Measures
- TLS 1.2+ encryption in transit
- AES-256 encryption at rest
- Google OAuth tokens encrypted with dedicated encryption keys and stored securely in our database; they are never logged or exposed in plaintext
- Passwords hashed using bcrypt with salt
- SOC 2, ISO 27001, and GDPR compliant infrastructure
Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While active + 30 days after deletion |
| Call recordings / transcripts | 90 days (configurable) |
| Usage logs | 12 months |
| Payment records | 7 years (legal requirement) |
| Google OAuth tokens (Calendar & Sheets) | Retained while integration is connected; permanently deleted within 24 hours of disconnection |
| Google Calendar / Sheets data processed during calls | Processed in-memory during the call only; not stored beyond the call outcome log |
4. Data Sharing
We do NOT sell your personal information.
We share data only with trusted service providers:
| Provider | Purpose |
|---|---|
| AWS | Cloud hosting, file storage |
| Stripe | Payment processing |
| LiveKit | Real-time voice communications |
| OpenAI / Deepgram | AI language models and transcription |
| ElevenLabs / Cartesia | Text-to-speech synthesis |
We do not share your Google user data with any third party.
5. Your Rights
- Access: View your data in Settings
- Update: Edit your profile anytime
- Delete: Request deletion via Settings or email
- Export: Request data export at privacy@convoi.ai
- Revoke Google Access: You can disconnect your Google Calendar or Google Sheets integration at any time directly from your Convoi AI dashboard under Settings → Integrations → Disconnect. Disconnecting immediately revokes our access tokens for that integration. You may also revoke access at any time from your Google Account Permissions page.
6. CCPA & GDPR Rights
California Residents (CCPA): Right to know, delete, and non-discrimination.
EU/UK Residents (GDPR): Right of access, rectification, erasure, data portability, and to object.
Contact our Data Protection Officer at dpo@convoi.ai for inquiries.
7. Contact Us
- Email: admin@convoi.ai
- Support: admin@convoi.ai
- Response Time: Within 48 hours