Convinco Privacy Policy

Last Updated: 27 April 2026

1. Scope

This Privacy Policy describes how Convinco (legal name "Qspot sp. z o. o."; collectively “Convinco,” “we,” “us,” or “our”) collects, stores, uses and shares personal data when you use our website (convinco.co), our desktop application, and any related services, products, content or applications (collectively, the“Services”). Convinco provides an AI‑powered sales assistant delivered primarily as a desktop application. When you instruct it to do so, the application records the audio input (your microphone) and audio output (the audio your computer is playing, including remote participants on a call), transcribes the conversation in real time, and lets you prompt large language models (currently provided by Anthropic, OpenAI and Google) to receive live guidance, suggested responses and post‑call summaries that help you close more deals. The Services also include optional features such as a Google Calendar widget that displays your upcoming events, and a company‑knowledge upload tool that lets you provide documentation about your organization so that the assistant can ground its answers in your context using retrieval‑augmented‑generation (RAG) and Model Context Protocol (MCP)‑backed pipelines.

This policy applies whether you access the Services directly or through an organizational subscription. It does not apply to third‑party services that we do not own or control (including the underlying model providers, Google Calendar, and any tool you connect via MCP); those services are subject to their own privacy practices.

2. Recording and Transcription

Recording is never automatic. The desktop application captures audio only when you actively start a recording session, and stops when you end it. When you record, both the audio input from your microphone and the audio output played by your computer (including remote participants on a call) may be captured and transcribed. As a result, the recordings and transcripts we process on your behalf may contain personal data of other people in addition to your own. The remainder of this Privacy Policy describes what Convinco does with that information; obligations relating to obtaining consent from call participants are addressed separately, outside this Privacy Policy.

3. Information We Collect

We collect information in four main ways: (A) information you provide directly, (B) information we receive from other sources, (C) information collected automatically, and (D) information we create or infer.

A. Information You Provide

When you interact with our Services, you may provide some or all of the following information:

• Registration information. When you create an account or sign up for Convinco, you provide your name, password, and email address.
  
• Payment, subscription and credit‑balance information. The Services operate on a credit‑based model: you may purchase one‑time credit packs or a recurring subscription that adds a fixed amount of credits to your account each billing period. We do not collect or store full payment card details — these are processed directly by our third‑party payment processor (Stripe), which complies with PCI‑DSS security standards. From Stripe we receive limited billing information (such as the last four digits of the card, card type, billing address and country) and a Stripe customer/payment identifier so we can reconcile transactions. We store your subscription status, your current credit balance, and a history of credit purchases, recurring credit grants, refunds and other balance adjustments.
  
• Audio captured during recording sessions. When you start a recording session in the desktop application, we capture the audio input from your microphone and/or the audio output of your computer, including the voices of other call participants. Audio is transmitted to our backend so that it can be transcribed and processed by AI models.
  
• Transcripts and meeting metadata. We generate text transcripts of the audio you record and store them, together with associated metadata such as the date, time and duration of the session and any title or notes you attach. Transcripts may contain personal data about you and about the other call participants.
  
• Prompts and instructions to AI models. When you ask the assistant for help during or after a call, we collect the prompts, questions and instructions you submit, as well as any portions of the transcript or company‑knowledge files that are sent to the AI provider as context.
  
• Company‑knowledge files and other uploads. You may upload documents, slide decks, scripts, playbooks, product specifications, FAQs and other materials that describe your organization, together with the descriptions you provide for each file. We store these materials and process them (for example by chunking, embedding and indexing) so that the assistant can ground its answers in your context through RAG and MCP‑backed generation pipelines. Uploaded materials may contain confidential business information and personal data of you, your colleagues or third parties.
  
• Third‑party account information. When you link Convinco to another account (for example Google for sign‑in or for the Google Calendar widget, Microsoft, or other connectors), we access the profile information (such as your name, email address and profile picture) and, where applicable, the calendar event data (event titles, times, attendees, locations and descriptions) associated with that account, in accordance with the scopes you authorize.
  
• Customer‑support and feedback content. You may provide textual input through surveys, feedback forms or customer‑support messages. Certain authorized Convinco personnel may access your recordings, transcripts, uploaded files and prompts only where necessary to operate, maintain, secure, or troubleshoot the Services, or to comply with legal obligations. Such access is strictly limited, logged, and governed by internal access‑control policies.
  

B. Information We Receive From Other Sources

We may obtain information about you from:

• Other users. Users may provide your contact information when they invite you to use Convinco or include you in customer‑support inquiries.
  
• Single‑sign‑on and connector providers. If you sign in or connect a third‑party service (e.g. Google for SSO or Calendar, Microsoft), we receive your name, email, profile picture and the additional data covered by the scopes you grant (such as Google Calendar events).
  
• Third‑party partners. We may receive marketing, analytics or demographic information from advertising partners, data providers and analytics providers to better understand our users and improve the Services.
  
• Public sources. We may supplement the information we collect with publicly available information (e.g. company websites or social‑media profiles) for purposes such as verifying your identity or understanding general industry trends.
  

C. Information We Collect Automatically

When you use Convinco, we automatically collect information about your usage and the devices you use to access the Services:

• Usage information. We collect data about when and how you use the Services (e.g. date and time of login, features used, recording sessions started and stopped, prompts submitted, files uploaded, calendar connections made, errors encountered and clicks within the application). For each billable action (such as recording audio or sending a prompt to an AI model), we record the type of action and the number of credits it consumed so that we can deduct them from your balance and provide accurate usage history.
  
• Device and desktop‑application information. We collect information from and about the device(s) you use, such as IP address, device type, operating system and version, application version, browser type and language, device identifiers and locale. For the desktop application we also record which operating‑system permissions you have granted (for example microphone access and system‑audio capture) so that we can deliver the right functionality and diagnose issues. We do not access files on your computer outside of those you explicitly upload through the Services or those that the operating system surfaces as part of the audio you choose to record.
  
• Interactions with other users. If you message or collaborate with others through Convinco, we collect metadata about those interactions (e.g. time and date of messages). We do not read your private messages unless legally required or necessary to investigate security or abuse.
  
• Cookies and similar technologies. On our website, Convinco and our partners use cookies, web beacons and other tracking technologies to recognize you and/or your device. The desktop application itself does not rely on browser cookies, but uses local storage and authentication tokens to keep you signed in and remember your preferences. For more information, see Section 11 (Cookies and Similar Technologies).
  

D. Information We Create or Infer

We generate new information about you by analysing the data we collect. For example, our systems generate transcripts, summaries, highlights, action items, suggested replies, objection‑handling cues and embeddings (numerical representations) of your transcripts and uploaded files for retrieval purposes. We may also infer or derive insights about user interests or segments to personalize features and marketing.

Note: You may refuse to provide certain information, decline to grant specific operating‑system permissions (such as microphone access), or disable automatic collection via browser or operating‑system settings. However, if you decline to provide information that is necessary for particular features (for example, denying microphone permission will disable recording), those features may not be available or fully functional.

4. How We Use Your Information

We use the information collected for the following purposes:

• Provide and deliver the Services. This includes creating and maintaining your account, processing payments through Stripe, applying credit balance changes from one‑time purchases and recurring subscriptions, deducting credits when you record audio or send a prompt to an AI model, authenticating users, capturing audio when you initiate a recording session, transcribing the audio, displaying your Google Calendar events when you connect that widget, indexing your uploaded company‑knowledge files, and routing your prompts (together with the relevant transcript and knowledge‑file context) to AI model providers in order to generate the suggestions, summaries and answers you have requested.
  
• Operate and improve our business. We use data for billing, accounting, product research and development, security, fraud prevention, analytics, and internal administration. We do not use your recordings, transcripts, prompts or uploaded company‑knowledge files to train our own foundation models.
  
• Personalization. We analyze your interactions, your uploaded company‑knowledge and your historical transcripts to tailor the Services (e.g. surfacing the most relevant talking points, objection responses or follow‑ups for the call you are on).
  
• Customer support. We use your information to respond to your questions, troubleshoot problems, and provide assistance.
  
• Communications. We may send transactional or administrative messages (e.g. confirmations, invoices, technical notices, updates, security alerts) and respond to customer inquiries. We also send marketing messages where permitted (see “Marketing and Advertising” below).
  
• Marketing and advertising. If you opt in, we may send you promotional emails or show you targeted advertisements about our Services or those of our selected partners. We and our advertising partners may use your information and cookies to deliver and measure the effectiveness of ads. You may adjust your marketing preferences at any time (see Section 6).
  
• Legal compliance and protection. We process and may disclose information to comply with applicable laws, respond to lawful requests and protect the rights, property and safety of Convinco, our users or the public.
  

5. AI Model Providers and Other Sub‑Processors

To deliver AI‑assisted features, Convinco routes prompts, transcript excerpts and relevant company‑knowledge content through our backend to third‑party large‑language‑model providers. The provider used for a given request depends on the feature, the model you have selected and operational factors such as availability and latency. The current providers are:

• Anthropic (Claude family of models). Data is processed under Anthropic’s commercial terms and is not used to train Anthropic’s models.
  
• OpenAI (GPT family of models). Data submitted via the OpenAI API under our enterprise terms is not used to train OpenAI’s models.
  
• Google (Gemini family of models, accessed through Google’s generative‑AI APIs). Data submitted under the applicable paid‑tier terms is not used to train Google’s models.
  

We also rely on other sub‑processors to operate the Services, including cloud hosting and storage providers, speech‑to‑text providers, embeddings and vector‑database providers, error monitoring and analytics providers, payment processors, email delivery and customer‑support tooling. We require all sub‑processors to handle your data only on documented instructions and in accordance with applicable data‑protection law. An up‑to‑date list of sub‑processors is available on request to contact@convinco.co.

If you connect your own tools through MCP, those tools act as independent third‑party services and process your data according to their own terms and privacy policies; Convinco is not responsible for their practices.

6. How We Share Your Information

We do not sell your personal data, and we do not sell or rent recordings, transcripts or uploaded company‑knowledge files to anyone. We may share your information in the following circumstances:

• Service providers and partners. We engage vendors to help operate and improve Convinco, including the AI model providers and other sub‑processors listed in Section 5, hosting providers, analytics and marketing partners, payment processors, customer‑support providers and disaster‑recovery services. These vendors may receive the information you provide, the information we obtain from other sources and the information we collect automatically; however, they will only use your data as necessary to perform services on our behalf and consistent with this Privacy Policy.
  
• Within our corporate group. We may share information with affiliates or subsidiaries for legitimate business purposes. Convinco employees are authorized to access personal data only to the extent necessary to perform their job functions.
  
• Corporate transactions. If we are involved in a merger, acquisition, financing, sale of assets, insolvency or bankruptcy, your data may be transferred or disclosed as part of that transaction, provided it remains subject to this Privacy Policy.
  
• Legal purposes. We may disclose information to respond to subpoenas, court orders or legal process; to law enforcement or government agencies when required; to exercise or defend legal claims; to enforce our Terms of Use; to protect the rights, safety or property of Convinco, our users or others; or to investigate and prevent fraud or abuse.
  
• With your consent. We may share your information for any other purpose disclosed at the time of collection or with your consent or direction.
  

If you choose to integrate third‑party services (e.g. Google Calendar, Slack, or any tool you connect through MCP), those services may collect your information and usage data subject to their own privacy policies. Likewise, any information you make public (e.g. user feedback or testimonials) may be seen and used by others.

7. Control Over Your Information

Convinco provides the following choices regarding your personal data:

• Access and correction. You can access and update your basic account information directly through your profile settings. For other personal data requests, contact us at contact@convinco.co. We may require you to verify your identity before fulfilling requests.
  
• Deleting recordings, transcripts and uploads. You can delete individual recordings, transcripts and uploaded company‑knowledge files at any time from within the desktop application. When you delete an item we also remove the corresponding embeddings and indexed chunks from our retrieval pipelines. Deletion requests propagate to our backups within the timeframes described in Section 10.
  
• Disconnecting integrations. You can disconnect Google Calendar (or any other connected third‑party service) at any time from within the application. Disconnecting revokes our ongoing access to that service; data we already received before disconnection remains subject to this Privacy Policy until you delete it or it is deleted under our retention practices.
  
• Account deletion. You may request deletion of your personal data or terminate your account by contacting contact@convinco.co. Note that we may retain certain information if required by law or for legitimate business purposes, such as resolving disputes or enforcing agreements.
  
• Portability and consent withdrawal. If our processing is based on your consent or a contract, you may request a portable copy of your data or withdraw consent at any time. Withdrawal of consent will not affect the legality of processing prior to withdrawal.
  
• Advertising and marketing preferences. You can modify your marketing preferences or opt out of targeted advertising by using the “unsubscribe” link in emails, adjusting your cookie settings, or contacting contact@convinco.co. Users in Europe may also object to or restrict certain processing under GDPR.
  
• Requests from third parties. If you are not a Convinco user but believe a recording, transcript or uploaded file held by Convinco contains your personal data (for example, because you were on a call with one of our users), you may contact us at contact@convinco.co. In most cases the Convinco user is the controller of that data and we will direct your request to them; we will, however, take reasonable steps to assist where required by law.
  
• EU/UK/Swiss residents. Individuals residing in the European Economic Area (EEA), United Kingdom or Switzerland have additional rights, such as lodging a complaint with a supervisory authority. We encourage you to contact us first so we can address your concerns.
  

We rely on a combination of legal bases to collect and process your data, including consent, performance of a contract, compliance with legal obligations and legitimate interests. For example, we have a legitimate interest in using your data to operate and improve our AI sales‑assistant platform, run our business effectively and communicate with you.

8. Security

We use commercially reasonable physical, technical and administrative measures designed to protect your information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. These measures include encryption of recordings, transcripts and uploaded files in transit and at rest, scoped access controls and audit logging for personnel access, and isolation of customer data within our retrieval pipelines. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

9. Children

Convinco’s Services are not intended for children under 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will delete such information. Parents who believe their child has provided us with information should contact contact@convinco.co.

10. Data Retention

Recordings, transcripts and uploaded company‑knowledge files are retained for as long as you keep them in your account so that you can review past calls and so that retrieval‑augmented features continue to work. You may delete any of these items at any time as described in Section 7; once deleted they are removed from active systems immediately and from encrypted backups within up to 30 days. Account‑level data and other information are retained for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy. Billing records — including credit purchase history, subscription records, refund records and Stripe customer/payment identifiers — may be retained for as long as required by applicable tax, accounting and anti‑fraud law (typically up to 7 years in most jurisdictions where Convinco operates), even after you close your account. When we have no ongoing legitimate business need to process your data, we will delete or anonymize it.

11. Cookies and Similar Technologies

On our website, Convinco and our third‑party partners use cookies and similar technologies to collect information and enhance the Services:

• Cookies are small text files stored on your device. We use session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted) to remember your preferences, authenticate you, understand usage patterns and deliver relevant advertising.
  
• Web beacons / pixels are tiny images embedded in pages or emails that enable us to track activities (e.g. whether an email has been opened or a page has been visited).
  
• Local storage in the desktop application is used to keep you signed in, cache user‑interface preferences and queue recordings or prompts that have not yet been transmitted to our backend. It is not used for advertising.
  

Most web browsers allow you to control cookies through their settings. You can set your browser to reject cookies or delete cookies. Note that disabling cookies may affect site functionality. For more information about cookies and how to manage your preferences, please contact us at contact@convinco.co.

12. International Data Transfers

Convinco is based in Poland and may process personal data in other countries where we or our service providers operate, including the United States (where several of our AI model providers and cloud sub‑processors are located). These countries may have different data‑protection laws than your country of residence. We take appropriate measures, such as standard contractual clauses, to ensure your data remains protected when transferred across borders.

13. Privacy Policy Changes

We may update this Privacy Policy from time to time. When we do, we will post the revised policy on our website and update the “Last Updated” date at the top of this policy. We may also provide notice through other means if required by law. We encourage you to review the policy periodically. Your continued use of the Services after the effective date of a revised policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: contact@convinco.co

Postal Address: ul. WAWRZYŃCA ENGESTRÖMA, 10, 60-571, Poznań, Poland.

We do not yet have official EU/UK representative details; we are a startup currently based in Poland. Updates to our representative information will be posted here when available.

This Privacy Policy reflects Convinco’s commitment to transparent data practices and our mission to help you close more deals through an AI‑driven sales assistant you can trust.