Privacy Policy

Conversum AI (“Conversum”, “we”, “our”) operates the Quote Recovery System available at conversumai.com and the related messaging channels we integrate for client businesses. This policy explains what data we collect, how we use it, where it is stored, and what rights you have over it.

This policy is written for two audiences: the businesses that hire us as clients, and the end consumers (their leads) whose messages our system processes on the client’s behalf.

1. Information we collect

1.1 From client businesses (during onboarding)

• Business name, industry, primary contact, email, phone, billing address.
• Operational data needed to configure the system: offers, pricing rules, service area, materials, tone-of-voice, escalation rules, restricted topics.
• Public links (website, Instagram) you choose to share.

1.2 During system operation

• Messages exchanged between end consumers and our system through the channels the client has connected (WhatsApp, Instagram DM, website chat, SMS).
• Message metadata: phone number, channel, timestamps, message type (text, audio, image).
• Automated classifications produced by the system (intent, urgency, qualification stage, estimated job value).

1.3 From this website

• Standard web logs (IP address, user-agent, page, timestamp) generated by our hosting provider.
• We do not use advertising cookies. We do not run any third-party tracker, pixel or session-replay on this site at the time of this policy.

2. How we use the information

• To deliver the service the client business has hired us for — answering inbound messages, structuring intake, handing off briefings, sending follow-ups.
• To improve the system via aggregated analysis. Individual messages are not used to train external AI models (see Section 5).
• To communicate with the client’s primary contact about onboarding, performance reviews, billing, security and feature updates.
• To comply with legal obligations and respond to lawful requests from authorities.

We do not sell, rent or share personal data with third parties for marketing purposes.

3. Where the data is stored

• Cloud servers operated by Google Cloud Platform, protected by authentication, encryption in transit (TLS 1.2+) and encryption at rest.
• Encrypted backups in Google Drive (client-isolated).
• Administrative access is restricted to authorized Conversum personnel, protected by multi-factor authentication and Cloudflare Access on sensitive panels.

4. Retention

• Onboarding briefs: retained while the business is an active client, plus 90 days after the relationship ends.
• Operational conversations: retained for up to 12 months for analysis, quality and audit, plus 30 days in encrypted backup.
• Contact data: retained while there is an active commercial relationship.
• Web logs: retained for up to 30 days.

You can request earlier deletion — see Section 7.

5. Sub-processors

We use the following processors under contracts that require equivalent protection of the information we share with them:

• Google Cloud Platform / Google Workspace — hosting, storage, backup.
• Meta / WhatsApp — messaging channel. Conversations are subject to Meta’s own Privacy Policy in addition to ours.
• OpenAI — language model used to generate responses. Under our API agreement, prompts and completions are not used to train OpenAI’s models.
• Cloudflare — DNS, CDN, edge security, access control.
• Vercel — static hosting for this marketing website.

Some of these sub-processors may transfer data to the United States. Where applicable, transfers are covered by Standard Contractual Clauses or equivalent safeguards.

6. Security

• All traffic encrypted in transit (HTTPS / TLS 1.2+).
• Passwords hashed with bcrypt; sensitive secrets stored in a managed secrets store.
• Administrative panels protected by JWT in HttpOnly + Secure + SameSite=Strict cookies and Cloudflare Access (email-based).
• Daily encrypted backups, with periodic restore testing.
• Per-client isolation: each client’s configuration, conversations and credentials live in an isolated environment.

If we become aware of a security incident that could affect personal data, we will notify the responsible contacts within 72 hours, in line with applicable law.

7. Your rights

Depending on where you live, you may have the following rights regarding the personal information we process about you:

• Right to know / access the personal information we hold about you.
• Right to correct inaccurate or incomplete information.
• Right to delete information that is no longer necessary.
• Right to data portability — receive a copy of your information in a portable format.
• Right to opt out of any sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
• Right to non-discrimination for exercising any of the above.

These rights are recognized under the California Consumer Privacy Act (CCPA / CPRA) for California residents, under the General Data Protection Regulation (GDPR) for individuals in the European Economic Area and the United Kingdom, and under the Brazilian General Data Protection Law (LGPD) for individuals in Brazil. Other U.S. state laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA) provide equivalent or related rights.

To exercise these rights, write to privacy@conversumai.com. We respond within 15 business days, and at most 45 days (extendable once for 45 additional days when reasonably necessary), per applicable law.

8. Children

Conversum AI is intended for businesses and their adult customers. We do not knowingly collect personal information from individuals under 18 without consent from a parent or legal guardian. If you believe a minor has provided us personal information, contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to the primary contact of each client business, with at least 30 days notice when feasible. The “Last updated” date at the top of this page always reflects the current version.

10. Contact

Conversum AI
Email: privacy@conversumai.com
Operations: Miami, FL (USA) and Salvador-BA (Brazil)