Privacy Policy

ConvoAlly ("we," "us," or "our") operates the ConvoAlly web application and desktop application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2.1 Information You Provide

• Account Information: Name, email address, and password when you register.
• Profile Information: Resume content, job descriptions, cover letters, and other documents you upload to the Knowledge Base.
• Session Data: Company name, role, and interview type you enter when starting a session.
• Payment Information: Billing details processed securely through Stripe. We do not store your full credit card number on our servers.
• Feedback: Ratings, comments, and session outcome data you voluntarily provide.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, session duration, and interaction patterns.
• Device Information: Browser type, operating system, screen resolution, and language preferences.
• Log Data: IP address, access times, and referring URLs.
• Cookies: See Section 7 for details on our cookie usage.

2.3 Audio and Transcript Data

• Audio Processing: During live interview sessions, audio is captured and processed in real-time for speech-to-text transcription. Audio streams are processed transiently and are NOT stored or recorded on our servers.
• Transcripts: Text transcriptions generated during sessions are stored in your account and are accessible only to you. You may delete transcripts at any time.
• Desktop App: When using the desktop application, all audio processing occurs locally on your device. Audio data does not leave your machine.

• To provide, operate, and maintain the Service.
• To personalize AI-generated answers based on your resume, job description, and uploaded documents.
• To generate AI coaching reports and analytics from your session data.
• To process payments and manage subscriptions.
• To send account-related communications (e.g., billing confirmations, security alerts).
• To improve the Service through aggregated, anonymized usage analytics.
• To detect and prevent fraud, abuse, or security threats.

We do NOT use your personal data, documents, transcripts, or session content to train AI models. Your data is used solely to provide the Service to you.

Our Service uses third-party AI providers to generate interview answers and coaching reports. When you use the Service:

• Your interview questions (text only) and relevant document context are sent to AI providers (Anthropic, OpenAI, or other configured providers) for answer generation.
• Audio data is sent to Deepgram for real-time speech-to-text transcription.
• These providers process data according to their own privacy policies and data processing agreements.
• We select providers that do not use customer API data for model training.

We do not sell your personal information. We may share information with:

• Service Providers: Third-party vendors that help us operate the Service (payment processing via Stripe, AI providers, hosting infrastructure).
• Legal Requirements: When required by law, subpoena, court order, or to protect our rights, safety, or property.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to users.
• With Your Consent: When you explicitly authorize sharing.

We implement industry-standard security measures to protect your data:

• All data transmitted between your browser/app and our servers is encrypted using TLS/SSL.
• Passwords are hashed using bcrypt with salt.
• API keys stored on the desktop app are encrypted using OS-level keychain (macOS Keychain / Windows Credential Manager).
• Payment data is processed by Stripe and never touches our servers.
• Database access is restricted and monitored.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We use the following types of cookies:

• Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
• Preference Cookies: Remember your settings (e.g., theme preference, language).
• Analytics Cookies: Help us understand how users interact with the Service to improve functionality.

We do NOT use advertising or cross-site tracking cookies. You can manage cookie preferences through your browser settings.

• Account Data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
• Session Transcripts: Retained until you delete them or delete your account.
• Uploaded Documents: Retained until you delete them or delete your account.
• Payment Records: Retained as required by tax and financial regulations (typically 7 years).
• Server Logs: Retained for up to 90 days for security and debugging purposes.

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate information via your account settings.
• Deletion: Request deletion of your account and associated data.
• Data Portability: Export your transcripts and session data.
• Opt-Out: Unsubscribe from marketing emails at any time.

To exercise these rights, contact us at privacy@convoally.ai.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect and how it is used.
• The right to request deletion of your personal information.
• The right to opt-out of the sale of personal information. We do not sell personal information.
• The right to non-discrimination for exercising your privacy rights.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland:

• We process your data based on: (a) your consent, (b) performance of our contract with you, (c) compliance with legal obligations, or (d) our legitimate interests.
• You have the right to access, rectify, erase, restrict processing, object to processing, and port your data.
• You may withdraw consent at any time without affecting prior processing.
• You have the right to lodge a complaint with your local data protection authority.

The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete that information promptly. If you believe a child has provided us with personal data, please contact us.

Our Service does not respond to Do Not Track (DNT) browser signals. However, we do not engage in cross-site tracking or sell your data to third parties.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@convoally.ai
• Support: support@convoally.ai