Privacy Policy
Who we are
Convo App, Inc. (“Convo,” “we,” “us”) is a Delaware corporation based in Brooklyn, New York. We operate the Convo platform — software that lets museums, cultural institutions, and tour operators publish multilingual AI-narrated audio tours that visitors can ask questions of. The current sub-processors that help us run that platform are listed on the security page.
Questions about this policy or your data can be sent to legal@convo.app. Postal address: Convo App, Inc., 337 Kent Avenue, 4E, Brooklyn, NY 11249.
What we collect from visitors taking tours
Email address. Visitors sign in to the Convo iOS app and the web visitor app with their email address. We send a one-time passcode (OTP) to that email; there is no password. The email address, the OTP verification timestamp, and an internal account identifier are stored in our authentication database (Supabase).
Tour interaction data. When a visitor takes a tour we record which tour and which stops were played, which questions were asked of the AI guide, which language was selected, and the time those events happened. These records are tied to the visitor’s account so visitors can resume tours across sessions.
Device and connection metadata. Like any web or mobile service, our servers receive standard request metadata (IP address, user-agent, request timestamps). We use it to deliver the service and to diagnose errors via Sentry (see the sub-processor list).
What we don’t collect from visitors. We do not ask visitors for their name, phone number, mailing address, payment details, or government identifiers. The visitor app does not request access to the device’s contacts, calendar, photo library, or precise location.
What we collect from staff using the admin portal
Account details. Email address and OTP verification records (same flow as visitors — no passwords). Staff accounts are scoped to the institution that invited them.
Authoring work product. Reference materials staff upload (text, audio, images), scripts generated from those materials, translations, voice settings, and the published tour configuration. This content belongs to the institution; Convo processes it on their behalf under the DPA.
Activity logs. Records of which staff member made which change, used for audit and support purposes.
What we collect from this marketing site
Contact form submissions. If you fill out the contact form or book a demo, we receive the information you provide (name, email, institution, message). We use it to respond to you.
Marketing-site analytics. We run Google Analytics 4 on this site only. GA4’s default configuration does not store full visitor IP addresses; we do not join GA events to any institutional contact record. The visitor tour experience and the admin portal do not use Google Analytics.
Cookies and similar technologies. The admin portal and visitor apps set authentication cookies/tokens that are necessary for signing in and staying signed in. This marketing site uses GA4’s cookies for the analytics described above.
How we use what we collect
We use personal data to provide the service (sign you in, play your tours, save your work, send transactional email such as sign-in codes), to keep the service running (monitor errors, debug issues, bill institutional customers), and to respond to you when you contact us. We do not sell personal data, we do not share it for cross-context behavioral advertising, and we do not use institutional customer data to train AI models.
Who we share it with
We share personal data with the sub-processors listed on the security page to provide the service — for example, Supabase hosts the database that stores your account, OpenAI generates scripts and audio, Resend delivers transactional email, Sentry receives error reports, and Stripe processes payments from institutional customers. We may also disclose personal data when required by law (subpoena, court order, or similar) or to protect the rights and safety of Convo, its customers, or the public.
How long we keep it
Visitor accounts and tour interaction records: for the life of the institution’s subscription with us, unless the visitor or the institution asks us to delete the account sooner.
Staff accounts and authoring work product: for the life of the institution’s subscription plus 30 days, after which the institution’s data is purged unless the institution requests export or extension.
Error logs: retained by Sentry per its standard plan retention (typically 90 days).
Marketing-site analytics: retained by GA4 per its configured retention period.
Your choices
Visitors can email legal@convo.app to request a copy of the data we hold about them or to ask us to delete their account. We respond promptly.
Staff users should make access, correction, and deletion requests through their institution’s admin contact in the first instance; we will support the institution in fulfilling those requests.
California residents have rights under the California Consumer Privacy Act (CCPA), including the right to know, the right to delete, and the right to opt out of the sale or sharing of personal information. Convo does not sell personal information and does not share it for cross-context behavioral advertising. To exercise any CCPA right, email legal@convo.app.
Children
The Convo visitor app is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has signed up, email us and we will delete the account.
Where we operate
Convo is a US company. All processing happens in the United States today (Vercel and Supabase US-East). EU-region hosting is on the roadmap; institutions whose legal teams require EU-region processing should raise it during procurement so we can confirm timing.
Changes to this policy
We will update this policy when our practices change. If we make material changes that affect the rights of existing institutional customers, we will notify the institution’s billing contact by email. The “Last updated” date at the top of this page reflects the most recent revision.