Preskoči na sadržaj
konvuno

Legal

Privacy & Cookie Policy

Effective 13 July 2026 · konvuno.com

This policy names the implemented data flows and their current limitations. Konvuno does not currently provide a public privacy-request email address or support form; the available controls are stated below.

This policy explains the data processed by Konvuno's marketing site, dashboard, website-assistant widget, loader, database, storage, and server functions. It distinguishes account data that Konvuno controls from visitor data processed for the business that installed the widget.

1. Who does what

Konvuno determines why and how account administration, service security, operational, and billing data is processed and is normally the controller for that data. For visitor messages, leads, handoffs, and widget interaction records collected for a business, that business normally determines the purpose and is the controller; Konvuno processes the data to provide the service.

The business that installed the widget is responsible for its own privacy notice, legal basis, consent choices, and responses to its visitors. If you are a widget visitor, contact that business first about your conversation or lead data.

2. What we collect

  • Account and team data — email address, Supabase authentication identifiers and events, organization name, membership, role, invitations, and timestamps.
  • Business profile and files — business and website details, industry, description, contact details, address, timezone, hours, public logos or widget avatars, and private catalog-import CSVs.
  • Business content and configuration — FAQs, sources, catalogs and product/service fields, allowed domains, published widget versions, browser-local widget drafts and catalog mapping templates.
  • Website analysis — URLs you submit, public pages fetched from those sites, extracted business/contact details, page metadata, generated FAQ candidates, errors, and scan history. Raw crawled page text is used during the scan but is not stored in the completed analysis row.
  • Visitor and conversation data — a randomly generated visitor identifier, host origin and referring/source URL, messages, AI replies, conversation timestamps and status, language, summaries, tags, internal notes, handoff requests, and any lead details submitted, including name, email, phone, company, message, and recorded consent choice.
  • Security and usage data — a salted hash of the client IP address (not the raw IP in application tables), risk score and reasons, rate-limit and abuse events, widget opens, catalog searches/clicks and link clicks, event URLs and item IDs, token counts, provider/model names, estimated costs, allowances, and audit events.
  • Analytics data — if you accept analytics cookies, Google Analytics receives page URLs and titles, referrer information, timestamps, browser and device information, approximate location derived from network data, interaction and campaign-attribution data, and Google Analytics identifiers. Konvuno does not intentionally send names, email addresses, conversation content, FAQ or catalog content, or an authenticated user ID to Google Analytics.
  • Billing data — Stripe customer and subscription identifiers, plan, subscription status and periods, cancellation status, entitlements, and top-up settings. Payment-card details are provided to Stripe and are not stored in Konvuno's database.

The current applications do not include PostHog, Sentry, session replay, or advertising pixels.

3. AI processing

Konvuno currently calls the OpenAI API for chat completions and text embeddings. Depending on the feature, OpenAI receives some or all of: visitor messages and recent conversation history, assistant replies, business profile and widget instructions, matched FAQs, catalog categories and search results, FAQ/catalog text for embeddings, a transcript requested for summarization, and public website text used to generate FAQ suggestions.

Konvuno's code contains no model-training or provider data-sharing opt-in flow. OpenAI states that API data is not used to train its models unless the API customer opts in. Under OpenAI's default API controls, prompts and responses may be retained in abuse-monitoring logs for up to 30 days unless different approved controls apply. See OpenAI's API data controls.

4. How we use data

  • Authenticate users and operate organizations, roles, invitations, settings, content, publishing, export, and deletion.
  • Crawl submitted public sites, generate and store embeddings, retrieve relevant content, generate assistant replies, create optional summaries, and show catalog results.
  • Store conversations, capture leads and consent choices, create handoffs, and email the business when configured.
  • Enforce allowed domains, rate limits, plan allowances, cost ceilings, and anti-abuse controls; investigate failures and protect tenants and the service.
  • Measure business-facing widget outcomes and maintain internal usage, cost, billing, and audit records.
  • Comply with legal obligations and enforce the Terms.

Konvuno does not sell personal data or use it for cross-context behavioral advertising. Where applicable law requires a legal basis, processing is based on providing the service or taking requested pre-contract steps, legitimate interests in operating and securing it, legal obligations, or consent where the business chooses or law requires consent.

5. Providers & disclosures

  • Supabase — authentication, Postgres database, Row Level Security, object storage, and Edge Functions. It receives and stores the account, business, visitor, content, file, usage, security, and billing records described above. See Supabase privacy.
  • OpenAI — chat generation, summaries, website-analysis suggestions, and embeddings, as detailed in section 3. See OpenAI privacy.
  • Google Analytics — consent-based measurement of visits and page use across the Konvuno marketing site and dashboard under measurement ID G-DGFC7E63NX. Google may process the analytics data described in section 2 in the United States and other countries. See Google's Privacy Policy and Google's business-data privacy information.
  • Resend — email OTP/authentication messages when the custom email hook is enabled, invitations, and transactional lead or handoff notifications. Email addresses, names, message content, lead details, or a handoff reason may be included; full conversation transcripts are not sent in lead/handoff notification emails. See Resend privacy.
  • Stripe — payment processing and subscription events if paid billing is used. Stripe receives payment and transaction data and may act as an independent controller for some activities. See Stripe privacy.
  • Cloudflare — delivery of the widget loader and iframe assets from R2/CDN. Asset requests expose ordinary network request data to Cloudflare. The backend also contains an optional Turnstile token verifier, but the shipped widget UI does not currently render or run a Turnstile challenge. See Cloudflare's Turnstile Privacy Addendum if that feature is later activated end to end.

Data may also be disclosed when required by law, to protect rights and security, or in a business transaction, subject to applicable safeguards. Konvuno does not currently publish a separate sub-processor change-notification service.

6. Retention

  • Conversations and messages — a daily database job deletes conversations that started more than 12 months earlier; their messages are deleted with them. The implementation deletes rather than anonymizes them.
  • Records that outlive a transcript — leads remain until a member deletes them or the organization is deleted. Widget event rows, knowledge-gap rows, usage/cost records, and abuse records can remain after a conversation is deleted and may still contain a visitor identifier, event URL, unanswered question, or security metadata. No shorter automatic retention period is currently implemented for those rows.
  • Business data — profiles, members, invitations, content, configurations, allowed domains, website analyses, import history, audit records, subscription records, and other organization rows remain until changed or the organization is deleted.
  • Files — public branding images and private catalog-import CSVs are stored in Supabase Storage. The current organization-deletion and account-deletion workflows delete database rows but do not automatically delete these storage objects.
  • Browser data — retained as described in section 7 and controlled by the relevant browser storage lifetime.
  • Providers — providers keep their own service, security, transactional, and backup records under their terms. OpenAI's default API abuse-monitoring retention is described in section 3.

7. Cookies & browser storage

Konvuno uses cookies and browser storage as follows:

  • Consent choice — the marketing site and dashboard set the first-party cookie konvuno.analytics-consent to remember whether analytics was accepted or rejected. It lasts up to six months, is shared across Konvuno subdomains, and is necessary to honor the choice.
  • Google Analytics — the Google tag is not downloaded and analytics is not activated unless analytics is accepted. After acceptance, Google Analytics may set first-party cookies including _ga and a property-specific _ga_* cookie to distinguish browsers and sessions. Advertising storage and ad-personalization signals remain denied. The choice can be changed at any time through “Cookie settings” in the marketing-site footer; rejecting after acceptance disables further analytics collection and attempts to remove those Google Analytics cookies.
  • Dashboard — local storage holds the Supabase authentication session under konvuno.auth, selected organization, locale, theme preference, unpublished widget drafts, and saved catalog-column mapping templates. These values remain until the application removes or replaces them or the user clears site data; signing out is expected to remove the Supabase session but not every preference or draft.
  • Host website — the loader writes konvuno.visitor to that website's first-party local storage. It is a random identifier with no name or email embedded in it. There is one key per host origin, so the same identifier can be used by multiple Konvuno widgets on that same origin; it is not shared through the loader with unrelated website origins. It persists until the host site or visitor clears it. If storage is blocked, a new page-only identifier is used.
  • Widget iframe — session storage on the widget/CDN origin holds the conversation ID and up to 50 visible visitor/assistant messages, keyed by widget and visitor. The application treats the record as expired after 30 minutes of inactivity and clears stale data when it is read; session storage is also scoped to the browser tab/session.
  • Cloudflare Turnstile — server-side token verification exists but the current widget UI does not load or run the challenge. No Turnstile pre-clearance cookie is implemented.

Because the host-site identifier is persistent local storage used to recognize a returning browser, the business installing the widget must decide whether its law requires prior consent and must describe it in its own notice.

8. Security & international processing

Konvuno uses Supabase Row Level Security for tenant isolation, role checks, server-only secrets and privileged operations, allowed-domain checks, origin-validated iframe messaging, rate limits, salted IP hashing, and restricted storage buckets. Public branding files are intentionally public to render on websites. No internet service can guarantee absolute security.

The providers listed above may process data in the United States and other countries outside the visitor's or account holder's country. Their contractual transfer mechanisms and locations are governed by their own data-processing terms. Konvuno does not currently offer a customer-selectable data-residency region in the application.

9. Choices, export & deletion

Depending on applicable law, people may have rights to access, correct, delete, restrict, object to processing, or receive certain data, to withdraw consent, and to complain to a data-protection authority. Analytics consent may be rejected initially or changed later through “Cookie settings” in the marketing-site footer. Withdrawal does not affect processing that occurred before withdrawal. Widget visitors should contact the business that installed the widget because that business controls the conversation and lead data.

Organization members can edit much of their business data and delete leads. Owners can download the implemented JSON export and delete the organization in the dashboard. The export is capped at 10,000 rows per included collection and excludes embeddings, stored file contents, authentication data, audit logs, billing/entitlement data, usage/cost data, abuse records, and some analytics. Organization deletion removes database rows but not uploaded Supabase Storage objects, member authentication accounts, browser-local data, or data already processed by Google Analytics under a prior consent choice.

Konvuno does not currently expose account deletion in the dashboard and does not publish a privacy-request email address or public support form. Those are current product limitations, not a waiver of rights that apply by law.

10. Children & sensitive data

Konvuno is a business service and is not directed to children. The service does not implement age verification. Businesses must not knowingly configure the widget to collect children's data without the permissions and safeguards required by law.

Do not submit payment-card data, passwords, government identifiers, health records, or other highly sensitive data through chat, lead messages, FAQs, catalogs, imports, website analysis, or free-text fields. The service is not designed for regulated professional advice or storage of special-category records.

11. Changes to this policy

This policy will be updated when the implemented data flows or providers change, and the effective date above will be revised. The repository currently has no automated legal-change email workflow, so account holders should review this page periodically until such a channel is implemented.

See also the Terms of Service.