Effective Date: June 4, 2025. Last Updated: June 4, 2025
1. Introduction
Welcome to Convogenie! We provide a Software-as-a-Service (SaaS) platform that allows users to customize prompts, add knowledge bases, define abilities, test AI agents in a playground environment, integrate custom tools, and deploy these autonomous AI agents to various third-party messaging and workspace integrations (the "Platform" and "Services").
We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains our practices regarding the collection, use, and disclosure of your information. A core feature of our Platform is its private-per-tenant database architecture, meaning each Tenant receives their own private database connection, and data within that database is encrypted.
2. Company Information
Legal Company Name: Convogenie Technologies Private Limited
Registered Address: No 32, Chhabria Icon, 2nd Floor, 1st Main road, Vasanth Nagar, Bengaluru-560001, Karnataka, India
Contact Information for Privacy Inquiries: For any privacy-related questions or concerns, please contact us at: rahul@convogenie.ai
3. Information We Collect
We collect information to provide and improve our Services. The types of information we collect are:
3.1. Information You Provide to Us (Tenant Data):
Account Information: When you create an account or use our Services, we collect personal data such as your name, email address, company name, and IP address.
Usage Data: We collect information about your use of the Platform, including features used, tokens consumed, credits, prompt content and history, knowledge base storage data (volume and types of files like documents, PDFs, images, text files), playground usage patterns, and integration usage details.
Knowledge Base and Customization Data:
You may upload or connect various types of data to form the knowledge base for your AI agents (e.g., documents, text, FAQs). While we store these files (e.g., on AWS S3) and their embeddings (e.g., in a private Turso database) to enable the Services, you, the Tenant, are solely responsible for the content, legality, and any personal data contained within the knowledge bases you provide. We do not inspect or control the specific data you upload into your private knowledge base.
Similarly, any custom prompts, abilities defined, and configurations for custom tools are provided by you and stored within your private tenant environment. You are responsible for the content and instructions embedded in these customizations.
Payment Information: We use a third-party payment processor (Dodo Payments, acting as our Merchant of Record) to handle payments. We do not directly store your full credit card or financial account information. Dodo Payments will collect and process your payment information in accordance with their own privacy policy and security practices.
3.2. Information Processed by AI Agents on Behalf of Tenants (End-User Data):
When Tenants deploy AI agents to third-party integrations, including but not limited to WhatsApp, Instagram, Facebook Messenger, and Google Workspace (e.g., via Google Sign-In or by authorizing access to Google APIs such as Gmail, Google Docs, or Google Sheets), these AI agents will process data from end-users interacting with them or from the connected Google services.
Nature of Data (including Google User Data): This data may include:
For WhatsApp, Instagram, Facebook Messenger: Mobile number, name, profile picture, message content, and other information provided by the respective platform's webhook.
For Google Workspace:
With end-user consent provided through Google's authorization process, this may include Google profile information (name, email address, profile picture).
Based on the specific Google API scopes authorized by the end-user (e.g., gmail.readonly, drive.readonly, spreadsheets.readonly), the AI agent may access, process, and temporarily store Google user data such as emails, documents, or spreadsheet content to provide the features of the AI agent as configured by the Tenant.
All such Google user data accessed is stored encrypted within your private tenant database.
Our Role (Data Processor): For this End-User Data, including any Google user data accessed with explicit user consent, Convogenie acts as a Data Processor on behalf of the Tenant. Our processing of Google user data is strictly limited to providing and improving the user-facing features of the AI agent deployed by the Tenant.
Tenant's Role (Data Controller): The Tenant is the Data Controller for the End-User Data, including Google user data. This means the Tenant is responsible for:
Ensuring a lawful basis for processing End-User Data (e.g., obtaining necessary consents from end-users, particularly for accessing Google user data via Google's OAuth consent screen).
The privacy, security, and legality of the data processed by the AI agents they configure and deploy.
Managing end-user rights requests related to their data.
3.3. Information from Custom Tools:
If you connect custom tools (e.g., via REST API calls) to your AI agents, these tools may access or process data from external systems. Convogenie does not control and is not responsible for the data practices of these external systems or custom tools configured by you. Your use of custom tools is subject to the terms and privacy policies of those tools.
4. How We Use Your Information
We use the information we collect for the following purposes:
To Provide and Maintain Services: To operate the Platform, provide you with access to its features, manage your account, and ensure the functionality of your AI agents.
To Personalize User Experience: To tailor the Services to your preferences and usage patterns.
For Billing and Account Management: To process payments, send invoices, and manage your subscription.
For Customer Support: To respond to your inquiries, provide technical assistance, and troubleshoot issues.
For Security Monitoring and Fraud Prevention: To protect the security and integrity of our Platform, prevent fraudulent activities, and enforce our terms of service.
For Legal and Regulatory Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
To Improve the Platform: We may use aggregated and anonymized usage data to understand how our Services are used and to improve their functionality and user experience. We do not use your specific prompts, knowledge base content, or your end-users' interaction data to train our general, core AI models. Your AI agent's learning is confined to the knowledge base and instructions you provide within your private tenant environment.
Communication: To communicate with you about your account, service updates, new features, and other relevant information.
4.1. Specific Use of Google User Data (Limited Use):
Notwithstanding any other provision in this Privacy Policy, our use of Google user data obtained through Google APIs (such as Gmail, Google Drive, or Google Sheets data accessed via authorized scopes) adheres strictly to Google's Limited Use requirements. Specifically:
We will only access, use, store, or transfer Google user data to provide or improve user-facing features that are prominent in our Platform's user interface, as deployed and configured by our Tenants.
We will not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
We will not use Google user data for surveillance purposes or to determine credit-worthiness.
We will not transfer Google user data to others unless it is:
Necessary to provide or improve the user-facing features visible within our Platform's user interface (as deployed by the Tenant).
To comply with applicable laws or as part of a merger, acquisition, or sale of assets (as detailed in Section 5).
Explicitly consented to by the user for a specific purpose.
Necessary for security purposes, such as investigating abuse.
We will not allow humans to read Google user data unless:
We have the user's affirmative agreement for specific messages, files, or data.
It is necessary for security purposes, such as investigating a bug or abuse.
It is necessary to comply with applicable law.
The data (including derivations) is aggregated and anonymized and used for internal operations in accordance with applicable privacy and other jurisdictional legal requirements.
All other uses of information outlined in Section 4 apply to Tenant Data and non-Google End-User Data as described.
5. How We Share Your Information
We do not sell your personal data, including any Google user data. We may share your information, including Google user data processed on behalf of a Tenant, only in the following limited circumstances:
With Service Providers (Sub-processors): We engage trusted third-party companies and individuals to perform services on our behalf, such as:
Cloud hosting and storage: Amazon Web Services (AWS)
Private database services: Turso
AI model providers (as directed by your use of the platform): Google Cloud Platform (for Gemini API), Anthropic (for Claude API)
Payment processing: Dodo Payments
These sub-processors are authorized to process your personal information, including any Google user data we process as a Data Processor for our Tenants, only as necessary to provide these services to us and are obligated by contract to implement robust security measures and maintain confidentiality. Specifically for Google user data, sharing with these sub-processors is solely for the purpose of enabling the functionality of the AI agents as configured by the Tenant and in line with Google's Limited Use requirements.
Third-Party Integrations (Including Google): When you (or your end-users via your AI agent) choose to use integrations like Google Workspace, data is inherently exchanged with Google to authenticate, authorize, and provide the requested service. This is based on user consent obtained through Google's OAuth flow. Our handling of Google user data obtained through these integrations is governed by this Privacy Policy and Google's requirements.
Legal Requirements: We may disclose your information, including Google user data, if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with the Services, protect the personal safety of users of the Services or the public, or protect against legal liability.
Business Transfers: In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information, including Google user data processed on behalf of Tenants, may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
At Tenant's Direction: As a Data Processor, we will process and transfer End-User Data, including Google user data, as instructed by the Tenant (the Data Controller) through their configuration and use of the Services, provided such instructions are lawful and consistent with our terms and this policy.
6. Data Security
We implement robust security measures to protect your information, including sensitive data such as Google user data accessed with user consent, from unauthorized access, use, alteration, or disclosure. These measures include:
Private-per-Tenant Database Architecture: Each Tenant has their own private database connection.
Encryption:
Data in your private Turso database is encrypted both at rest and in transit.
Specifically, any Google user data obtained via Google APIs and stored within your tenant's private database is encrypted at rest.
You are responsible for ensuring the security of data you upload to AWS S3, including enabling server-side encryption if desired for data at rest, as standard S3 configurations may vary. Data in transit to/from S3 is typically encrypted via HTTPS.
Credentials and sensitive data related to Google Workspace integrations stored in your private database are encrypted.
Access Controls: We implement role-based access controls and permission management within our systems to limit access to personal data, including Google user data, to authorized personnel who require such access to perform their job duties (e.g., for customer support upon your request, or for security purposes as outlined in Section 4.1).
Data Backup: We maintain regular backups of data, including encrypted Google user data, to prevent data loss.
Secure Development Practices: We follow secure coding practices and conduct regular reviews of our systems.
While we strive to use commercially acceptable means to protect your Personal Information, remember that no method of transmission over the Internet, or method of electronic storage is 100% secure.
7. Data Retention
We will retain Tenant Data for as long as your account is active or as needed to provide you with the Services.
Retention and Deletion of Google User Data:
Data processed by AI agents on behalf of Tenants (End-User Data), which includes any Google user data obtained via Google APIs with user consent, will be retained within our systems only for as long as necessary to provide the Services as configured by the Tenant, or as long as the Tenant maintains an active account and the integration with Google services remains authorized.
Deletion Upon Tenant Request or Account Termination: Upon termination of a Tenant's account, or upon specific request from a Tenant to delete their account or specific data (including Google user data associated with their deployed AI agent), we will take steps to delete such information from our active systems within approximately 30 days. This includes deleting relevant Google user data from the Tenant's private database.
Deletion Upon Revocation of Access: If an end-user revokes Convogenie's access to their Google data via their Google account settings, or if a Tenant de-authorizes the Google Workspace integration for their AI agent, we will cease to access further Google user data. Any previously accessed Google user data stored in the Tenant's private database will be deleted within approximately 30 days from such revocation or de-authorization, or upon the Tenant's instruction if sooner.
Data on Google's Systems: This policy describes retention and deletion on Convogenie's systems. Google user data may still reside on Google's systems subject to Google's own policies.
Retention may be longer if required for legal or regulatory purposes, to resolve disputes, or enforce our agreements, but this will not apply to Google user data in a way that contravenes Google's Limited Use requirements.
8. Your Privacy Rights (For Tenants)
As a Tenant, you have certain rights regarding your personal data, subject to local data protection laws. These may include the right to:
Access: Request access to the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete personal data.
Erasure (Deletion): Request deletion of your personal data, subject to certain conditions.
Restriction of Processing: Request that we restrict the processing of your personal data in certain circumstances.
Data Portability: Request to receive your personal data in a structured, commonly used, and machine-readable format.
Object to Processing: Object to our processing of your personal data in certain circumstances.
To exercise any of these rights, please contact us at rahul@convogenie.ai. We will respond to your request within a reasonable timeframe and in accordance with applicable laws.
9. End-User Rights Management
As noted in Section 3.2, the Tenant is the Data Controller for End-User Data processed by their AI agents. Therefore, end-users should direct any requests to exercise their data protection rights (e.g., access, deletion, correction of their data processed by an AI agent) to the respective Tenant (the business that deployed the AI agent).
Convogenie will assist Tenants in responding to such requests by providing tools or support to access, modify, or delete End-User Data stored within our systems upon the Tenant's instruction. However, Tenants are responsible for managing data on third-party platforms like WhatsApp, Instagram, etc., according to those platforms' functionalities and policies.
10. International Data Transfers
Convogenie Technologies Private Limited is based in India.
Data Localization: We strive to store Tenant Data and End-User Data in the geographical region corresponding to the Tenant's primary location (e.g., data for Indian Tenants in India, data for European Tenants in Europe, data for US Tenants in the US) using our cloud service providers' regional capabilities.
Sub-processor Transfers: Our use of global sub-processors (such as GCP for Gemini API or Anthropic for Claude API) may involve the processing of data in countries other than your country of residence. When such transfers occur, we rely on the contractual commitments and data protection measures provided by these sub-processors, which may include mechanisms like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) where applicable, to ensure an adequate level of data protection.
By using our Services, you acknowledge that your information may be transferred to, stored, and processed in these locations.
11. Children's Privacy
Our Services are not directed to or intended for use by individuals under the age of 16 (or the relevant age of majority in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at rahul@convogenie.ai.
12. Cookies and Tracking Technologies
Currently, Convogenie does not use cookies or similar tracking technologies on its Platform for purposes such as analytics or advertising. If this changes in the future, we will update this Privacy Policy and provide appropriate information and choices regarding cookie usage. Essential session cookies may be used for basic platform functionality.
13. AI Agent Responsibility & Tenant Obligations
The Convogenie Platform allows Tenants to build and customize autonomous AI agents.
Tenant Responsibility: The Tenant is solely responsible for:
The content of the knowledge base provided to the AI agent.
The prompts and instructions configured for the AI agent.
Ensuring the AI agent's behavior, responses, and data processing activities comply with all applicable laws, regulations, and ethical best practices.
Addressing any bias, fairness, accuracy, or transparency concerns related to the AI agent's output based on their specific configuration and use case.
The lawful use of any custom tools integrated with the AI agent.
Convogenie Support: Convogenie will support Tenants by providing guidance on best practices for responsible AI deployment and use of the Platform. However, Convogenie does not control and is not liable for the specific outputs or actions of AI agents as configured and deployed by Tenants.
14. Data Processing Agreement (DPA)
For Tenants where Convogenie acts as a Data Processor for End-User Data (as described in Section 3.2), our relationship will be governed by a Data Processing Agreement (DPA). The DPA will be made available to Tenants and will outline our respective obligations concerning the processing of such personal data, in compliance with applicable data protection laws (such as GDPR). Please contact us if you require a DPA.
15. Third-Party Links and Services
Our Platform may allow integration with or contain links to other websites or services not operated or controlled by Convogenie (e.g., third-party integrations, custom tools). This Privacy Policy does not apply to such third-party services. We recommend reviewing the privacy policies of any third-party services you access or use.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, service offerings, or legal requirements. We will notify you of any material changes by sending an email to the address associated with your account and/or by posting a prominent notice on our Platform prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
17. Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, please contact us at:
Convogenie Technologies Private Limited
No 32, Chhabria Icon, 2nd Floor, 1st Main road,
Vasanth Nagar, Bengaluru-560001, Karnataka, India
Email: rahul@convogenie.ai
