Convia

Privacy Policy

Effective date: April 15, 2026

This Privacy Policy explains how Zaftech ("we", "us", "our") collects, uses, and protects personal data when you use Convia ("Service"). We are the data controller for account holders and a data processor for respondent submissions collected on behalf of account holders.

1. Information we collect

Account information

When you create an account, we collect your name, email address, password hash (never the password itself), and the organization you belong to. OAuth sign-ins return a profile from Google or GitHub which we store in the same manner.

Usage data

We log technical data such as IP address, browser type, device identifiers, and interactions with the Service. This powers debugging, security, and product improvement.

Customer Data

Content you create or upload (forms, documents, submissions, chat transcripts) is stored on our infrastructure and processed only to deliver the Service. You control this data.

Respondent Data

When respondents complete a conversational form, we collect the messages they send, the structured answers they provide, and optionally their email (if the form requires it). This data belongs to the account holder who created the form; we process it as their agent.

2. How we use your data

  • Provide, operate, and maintain the Service;
  • Process conversational form submissions with AI models;
  • Generate analytics and summaries for account holders;
  • Send transactional emails (magic links, password reset, invitations, notifications);
  • Prevent fraud, abuse, and security incidents;
  • Comply with legal obligations.

We do not sell personal data. We do not use Customer Data or Respondent Data to train our own AI models.

3. Third-party processors

To deliver the Service we share data with sub-processors under appropriate contracts:

  • Google (Gemini / Gemma AI), for conversational and analytical processing. Data is submitted to the Gemini API under Google's terms, with training opt-out.
  • Email provider (SMTP), for sending transactional emails.
  • Cloud infrastructure, for hosting and storage.

A current list of sub-processors is available on request at contact@zaftech.co.

4. Retention

Account data is retained as long as your account is active. Customer Data and Respondent Data are retained per your configuration (and for at least 30 days after account deletion to allow recovery). Audit logs are retained for up to 24 months for security and compliance.

5. Your rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you may have the right to access, correct, delete, or export your personal data; to object to or restrict processing; and to lodge a complaint with a supervisory authority.

To exercise any right, email contact@zaftech.co. We respond within 30 days.

6. Security

We apply industry-standard measures: encryption in transit (TLS), encryption at rest for secrets, access controls, audit logging, and regular backups. No system is perfectly secure; if you discover a vulnerability, email contact@zaftech.co.

7. Children

Convia is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted data, contact us and we will delete it.

8. International transfers

Data may be processed in countries other than your own. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

9. Cookies and similar technologies

We use strictly necessary cookies for authentication (session, CSRF) and operational preferences. We do not use advertising or cross-site tracking cookies. Analytics events are captured only for aggregate product metrics and are anonymized.

10. Changes to this policy

We may update this Policy. Material changes will be announced via email or in-product notice. The effective date at the top always reflects the current version.

11. Contact

Zaftech · zaftech.co

Email: contact@zaftech.co