Konvrtd
Sign Up

Privacy Policy

Our privacy policy and how we use your data

Last updated: 3 June 2026

This Privacy Policy explains how Konvrtd Ltd ("Konvrtd", "we", "us", "our") collects, uses, and shares personal data when you use the Konvrtd platform (the "Service").

1. Who We Are

Controller: Konvrtd Ltd (UK)

Contact: arun@konvrtd.com

2. Data We Collect

Depending on how you use the Service, we may collect:

  • Account data: name, email address, authentication identifiers, team membership and roles.
  • Billing data: subscription status and payment metadata from our payment providers (we do not store full card details).
  • Usage data: log and event data about how you use the Service (for example, feature usage, errors, and performance).
  • Domain intelligence data: domains you analyse, market signals and comparison context generated for those domains, and AI-generated analysis or content planning outputs created in the Service.
  • Integration data: when you connect third-party services, we store the connection state and encrypted OAuth tokens required to operate the integration. See section 7 for details.
  • Cookie and local storage data: preferences such as language selection and cookie consent status.

3. How We Use Your Data

We use personal data to:

  • Provide, maintain, and improve the Service.
  • Authenticate users and secure accounts.
  • Operate team workspaces and permissions.
  • Generate domain intelligence, market signal analysis, and content planning outputs based on your inputs and usage.
  • Process subscriptions, manage credits, and keep audit logs of credit operations.
  • Monitor reliability and debug issues.
  • Communicate with you about the Service.

We rely on the following legal bases where applicable:

  • Contract: to provide the Service you request.
  • Legitimate interests: to secure, operate, and improve the Service (for example, preventing fraud and measuring performance).
  • Legal obligations: for accounting, tax, and other compliance requirements.
  • Consent: for non-essential cookies/technologies where required.

5. Sharing and Processors

We may share personal data with trusted third parties who help us provide the Service, such as:

  • Hosting and database providers (for example, Supabase) to store and serve the Service.
  • Payment processors (for example, Stripe or Lemon Squeezy) to handle subscriptions.
  • Error monitoring and performance tooling (for example, Sentry) to diagnose issues.
  • Integration providers you connect to enable requested features.

6. International Transfers

Some processors may be located outside the UK. Where this happens, we use appropriate safeguards required under UK data protection law (such as standard contractual clauses).

7. Integrations

When you connect an optional third-party integration, we request only the permissions needed to provide the feature you choose to enable. The exact permissions are shown during the provider connection flow.

  • Connection state — to know whether the integration is active.
  • Encrypted OAuth tokens — to operate the integration while it remains connected.
  • Provider account identifiers — to display and manage the connected account.

What we store: OAuth connection tokens (encrypted at rest with AES-256-GCM), provider account identifiers, connection status, and limited metadata needed to operate and audit the integration.

What we do not store: unnecessary provider account content, files, or unrelated personal data unless you explicitly choose to use a feature that requires it.

Data retention and deletion: when you disconnect an integration, we revoke access where supported by the provider and delete stored credentials. You may request deletion of related integration data by contacting support or through account settings where available.

8. Security

We implement technical and organisational measures designed to protect personal data. Integration tokens are encrypted at rest using AES-256-GCM encryption before storage. All data in transit is protected by TLS. We enforce Content Security Policy, HTTP Strict Transport Security, and additional security headers on all responses.

9. Retention

Account deletion: when you cancel your account, account data is removed immediately. Any connected integrations are revoked where supported by the provider, and stored credentials are deleted before account deletion. We may retain limited records where required by law (for example, payment records).

Integration disconnect: when you disconnect a third-party integration, we revoke the OAuth token where supported by the provider, delete stored credentials, and remove integration-specific data that is no longer needed. All lifecycle events are recorded in an audit log.

10. Your Rights

Subject to UK GDPR and other applicable laws, you may have rights including access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent.

To exercise these rights, contact arun@konvrtd.com.

11. Complaints

You can lodge a complaint with the UK Information Commissioner's Office (ICO). We encourage you to contact us first so we can try to resolve your concern.

12. Changes

We may update this Privacy Policy from time to time. We will take reasonable steps to notify you of material changes.

13. Google API Services Disclosure

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements. If you connect a Google integration, Konvrtd's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.