This Privacy Policy describes how Convoy AI Inc. (“Convoy,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit our websites, create an account, or otherwise use the Convoy batch-inference platform and related services (collectively, the “Service”). It applies to information we receive both directly from you and through your authorized use of the Service. Use of the Service is also governed by our Terms of Service.
1. Information We Collect
1.1 Information you provide
- Account information. Name, email address, organization name, password (hashed by our identity provider, Amazon Cognito), and authentication metadata.
- Billing information. Plan tier, billing email, and payment-method metadata (such as card brand and last four digits) returned by Stripe, Inc., our payment processor. Convoy does not store full payment card numbers.
- Communications. Records of correspondence when you contact support, request a model, or respond to surveys.
- Customer Content. The prompts, files, datasets, and parameters you or your users submit through the Service, together with the model responses we return to you (collectively, “Customer Content”). Customer Content may itself contain personal information that you choose to include.
1.2 Information collected automatically
- Usage metadata. Token counts, request and batch identifiers, model identifiers, timestamps, status codes, latency, and similar telemetry needed to operate the Service and reconcile billing.
- Device and connection data. IP address, browser type, operating system, language, referring URL, and approximate region — used for security, fraud-prevention, and basic operational analytics.
- Cookies and similar technologies. We use a small number of strictly necessary cookies for sign-in and session management (issued by Amazon Cognito), and short-lived preference cookies for the dashboard. We do not use third-party advertising cookies.
1.3 Information from third parties
We may receive information from third parties that help us operate the Service, such as our payment processor (Stripe), our identity provider (Amazon Cognito / AWS), our email provider (Amazon SES), and the Model Providers we route batches to (for example AWS Bedrock, OpenAI, or Anthropic). The categories of information are limited to what is necessary to deliver the Service.
2. How We Use Information
We use the information described above to:
- Provide, operate, secure, and improve the Service;
- Submit your batches to the relevant Model Provider and return the responses to your account;
- Calculate token usage, manage subscription quotas and credit balances, and process payments through Stripe;
- Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service;
- Communicate with you about your account, billing, support requests, security alerts, and material changes to the Service;
- Send transactional emails through Amazon SES (e.g., verification, password reset, invoice receipts);
- Comply with applicable law, respond to valid legal process, and enforce our agreements.
3. Customer Content & Model Training
Convoy does not use Customer Content to train, fine-tune, or evaluate any machine learning model. Customer Content is processed solely to generate responses, deliver them back to your account, and reconcile billing. We retain Customer Content only as long as necessary to provide the Service and to comply with our retention obligations (described below) and will delete it on request, subject to legal retention requirements.
When we transmit Customer Content to a Model Provider in order to fulfill a request, the Model Provider's own privacy and data-handling practices apply to its processing. You are responsible for reviewing each Model Provider's terms before using it through Convoy.
5. Data Retention
We retain account, billing, and usage metadata for as long as your account is active and for a reasonable period afterward to comply with legal, tax, and audit obligations. Customer Content is retained only as long as needed to deliver the Service, support billing reconciliation, and meet contractual or statutory retention requirements, subject to any retention controls you configure in the Service. You may request deletion of Customer Content at any time through the dashboard or by contacting contact@cnvy.ai .
6. Security
We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, encryption at rest for stored Customer Content and credentials, role-based access controls within our team, and tenancy isolation between customer organizations. No system is perfectly secure, however, and we cannot guarantee absolute security. You are responsible for using strong, unique credentials and protecting your API keys.
7. International Data Transfers
Convoy is based in the United States and the Service is currently hosted in AWS regions located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and in any other country where our Model Providers or service providers operate. Where the GDPR or another applicable law requires it, we will rely on appropriate transfer mechanisms such as the European Commission's Standard Contractual Clauses (SCCs); a copy of the SCCs and our Data Processing Addendum is available on request.
8. Children's Privacy
The Service is not directed to children under 13 (or under 16 in the European Economic Area, the United Kingdom, and other jurisdictions where the higher age applies), and we do not knowingly collect personal information from such children. If you believe a child has provided us with personal information, please contact us at contact@cnvy.ai and we will take appropriate steps to delete it.
9. Your Privacy Rights
Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal information, or to object to processing or withdraw consent. You may exercise these rights through the dashboard where available, or by contacting us at contact@cnvy.ai. We will respond within the time period required by applicable law and may need to verify your identity before fulfilling certain requests. You also have the right to lodge a complaint with your local data protection authority.
9.1 California residents (CCPA / CPRA)
California residents have the right to know what personal information we collect, the purposes for which we use it, the categories of recipients with which we share it, and to request deletion or correction. We do not “sell” personal information or “share” it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended (CCPA / CPRA). To exercise your rights, contact us at contact@cnvy.ai .
9.2 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)
If you are in the EEA, the United Kingdom, or Switzerland, our legal bases for processing personal information include performance of a contract with you, our legitimate interests in operating and securing the Service, your consent, and compliance with our legal obligations. You may exercise your rights of access, rectification, erasure, restriction, portability, and objection by contacting us at contact@cnvy.ai .
10. Changes to this Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or in-app notice and update the “Effective date” at the top of this page. Your continued use of the Service after the effective date of any updated Privacy Policy constitutes acceptance of the changes.
11. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at:
Convoy AI Inc.
1209 Orange Street, Corporation Trust Center Wilmington, DE 19801
Email: contact@cnvy.ai