#convert

Legal

Privacy Policy

Last updated: February 2026

1. Information We Collect

When you create an account, we collect your email address and name. When you connect social media integrations, we store the OAuth access tokens and platform metadata required to operate those integrations on your behalf. When you use the AI chat and content generation features, your messages and generated content are stored to provide the service and to power your AI memory context.

We also collect usage data (number of content pieces created, AI calls made, and posts published) solely to enforce your plan limits and to help us improve the product.

2. How We Use Your Information

  • To provide, operate, and improve the Convert service.
  • To power your AI agents — brand voice, chat history, and content memory are used to personalize AI outputs for your account only.
  • To process billing and manage your subscription via Stripe.
  • To send transactional emails such as daily digests (if you opt in) and password reset links.
  • To detect and prevent abuse, fraud, and security incidents.

We do not sell your personal data to third parties. We do not use your content to train shared AI models.

3. Data Storage and Security

Your data is stored in Supabase-managed Postgres databases hosted on AWS. OAuth tokens and sensitive API keys are encrypted at rest using AES-256-GCM. All data is transmitted over HTTPS. We apply row-level security policies so that your data is never accessible to other users.

We retain session and activity data for up to 90 days. You can request deletion of your account and all associated data at any time by contacting us.

4. Third-Party Services

Convert integrates with the following third-party services to deliver core functionality. Each is subject to its own privacy policy:

  • Anthropic — AI text generation (your Anthropic API key is used on your behalf; requests are subject to Anthropic's usage policies).
  • Stripe — Payment processing and subscription management.
  • Supabase — Database, authentication, and file storage.
  • OpenAI — Text embeddings for AI memory features.
  • Social platforms (X, Instagram, LinkedIn, Google Analytics) — only when you explicitly connect them.

5. Your Rights

You may request access to, correction of, or deletion of your personal data at any time. To exercise these rights, email us at support@getconvert.io. We will respond within 30 days.

6. Cookies

We use a single session cookie (connect.sid) and an httpOnly refresh token cookie (cos_refresh) strictly for authentication. We do not use tracking or advertising cookies.

7. Changes to This Policy

We may update this policy periodically. When we make material changes, we will update the "Last updated" date at the top and notify active subscribers by email.

8. Contact

Questions about this policy? Email us at support@getconvert.io.