Konvrtd
Sign Up

Privacy Policy

Our privacy policy and how we use your data

Last updated: 18 February 2026

This Privacy Policy explains how Konvrtd Ltd ("Konvrtd", "we", "us", "our") collects, uses, and shares personal data when you use the Konvrtd platform (the "Service").

1. Who We Are

Controller: Konvrtd Ltd (UK)

Contact: arun@konvrtd.com

2. Data We Collect

Depending on how you use the Service, we may collect:

  • Account data: name, email address, authentication identifiers, team membership and roles.
  • Billing data: subscription status and payment metadata from our payment providers (we do not store full card details).
  • Usage data: log and event data about how you use the Service (for example, feature usage, errors, and performance).
  • Lead-generation data: domains you analyse/search, contact data you save, and AI-generated insights and drafts created in the Service.
  • Integration data: when you connect third-party services (such as Gmail), we store the connection state and encrypted OAuth tokens required to operate the integration. See section 7 for details on Gmail data specifically.
  • Cookie and local storage data: preferences such as language selection and cookie consent status.

3. How We Use Your Data

We use personal data to:

  • Provide, maintain, and improve the Service.
  • Authenticate users and secure accounts.
  • Operate team workspaces and permissions.
  • Generate insights and outreach drafts (including AI-generated content) based on your inputs and usage.
  • Process subscriptions, manage credits, and keep audit logs of credit operations.
  • Monitor reliability and debug issues.
  • Communicate with you about the Service.

We rely on the following legal bases where applicable:

  • Contract: to provide the Service you request.
  • Legitimate interests: to secure, operate, and improve the Service (for example, preventing fraud and measuring performance).
  • Legal obligations: for accounting, tax, and other compliance requirements.
  • Consent: for non-essential cookies/technologies where required.

5. Sharing and Processors

We may share personal data with trusted third parties who help us provide the Service, such as:

  • Hosting and database providers (for example, Supabase) to store and serve the Service.
  • Payment processors (for example, Stripe or Lemon Squeezy) to handle subscriptions.
  • Error monitoring and performance tooling (for example, Sentry) to diagnose issues.
  • Integration providers you connect (for example, Google/Gmail) to enable requested features.

6. International Transfers

Some processors may be located outside the UK. Where this happens, we use appropriate safeguards required under UK data protection law (such as standard contractual clauses).

7. Gmail Integration & Google API Data

When you connect Gmail, we request the following permissions:

  • gmail.send — to send outreach emails on your behalf.
  • gmail.readonly — to detect when prospects reply to your emails.
  • userinfo.profile and userinfo.email — to identify your account.

What we store: OAuth connection tokens (encrypted at rest with AES-256-GCM), your email address, generated email content you compose through our platform, and reply detection metadata (timestamps and action taken). Gmail message identifiers and reply text are stored temporarily for engagement tracking.

What we do not store: full inbox contents, email attachments, contact lists, calendar data, or any emails not sent through our platform.

Data retention and deletion: when you disconnect your Gmail integration, we immediately revoke our access token with Google and delete stored credentials. Gmail-specific data (reply text, message IDs, thread IDs) is purged from our systems. Your campaign content (email subjects, bodies) is retained as it was generated by our platform, not sourced from Gmail. You may request full deletion of all campaign data by contacting support or through account settings.

8. Security

We implement technical and organisational measures designed to protect personal data. Integration tokens are encrypted at rest using AES-256-GCM encryption before storage. All data in transit is protected by TLS. We enforce Content Security Policy, HTTP Strict Transport Security, and additional security headers on all responses.

9. Retention

Account deletion: when you cancel your account, account data is removed immediately. Any connected Gmail integrations are revoked at Google, and Gmail-specific data is purged from our systems before account deletion. We may retain limited records where required by law (for example, payment records).

Integration disconnect: when you disconnect a Gmail integration, we immediately revoke the OAuth token with Google, purge Gmail-sourced data (reply text, message IDs, thread IDs) from our database, and delete the stored credentials. All lifecycle events are recorded in an audit log.

10. Your Rights

Subject to UK GDPR and other applicable laws, you may have rights including access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent.

To exercise these rights, contact arun@konvrtd.com.

11. Complaints

You can lodge a complaint with the UK Information Commissioner's Office (ICO). We encourage you to contact us first so we can try to resolve your concern.

12. Changes

We may update this Privacy Policy from time to time. We will take reasonable steps to notify you of material changes.

13. Google API Services Disclosure

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements. Konvrtd's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.