🔒

Convay Privacy Policy

This Privacy Policy explains how Convay (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use our websites, desktop/mobile applications, and all related services (collectively, the “Service”).

Convay is operated by Synesis IT PLC, headquartered at 12, BDBL Bhaban (3rd Floor), Kawranbazar, Dhaka, Bangladesh. Our Trade License Number, VAT Registration Number, E-TIN, and BIN are displayed on our website/app in compliance with the Digital E-Commerce Policy 2021.

Privacy Last Updated: 26 November 2025

This Privacy Policy works together with our Terms & Conditions and Refund Policy.

Controller Information

Service Name

Convay – Secure, AI-powered video conferencing & collaboration

Operator

Synesis IT PLC

Head Office

12, BDBL Bhaban (3rd Floor), Kawranbazar, Dhaka-1215, Bangladesh

Contact

info@convay.com | +880-2-8189479

1.1 Who Controls Your Data

Depending on how Convay is deployed:

Convay Cloud (Hosted by Synesis IT PLC)

  • Synesis IT acts as Processor for Customer Content (meetings, files, chat, recordings).
  • Synesis IT acts as Controller for account data, billing data, usage logs, and operational analytics.

On-Premise, Sovereign Cloud, or Air-Gapped Deployments

  • Your organization acts as the Data Controller.
  • Synesis IT acts as a support vendor / processor, according to the MSA or Data Processing Agreement (DPA).

1.2 Where This Policy Applies

This Privacy Policy applies to:

  • convay.com and any Convay-associated website;
  • Convay desktop/mobile applications;
  • APIs and integrations;
  • Support channels;
  • Any Convay service that links to this Policy.

Separate agreements (MSA, DPA, Order Forms) may override sections of this Policy for enterprise/government customers.

Convay collects several categories of information to deliver secure, high-performance communication.

2.1 Account & Billing Information

  • Name, email, phone;
  • Organization and department;
  • Login credentials (encrypted);
  • SSO identifiers (SAML/LDAP/IdP);
  • Billing and payment details (via gateway; Convay only receives masked data).

2.2 Technical & Usage Information

  • Device type, operating system, browser;
  • IP address, location approximation (based on IP);
  • Application logs (login attempts, admin actions);
  • Call quality metrics (latency, jitter, bandwidth, packet loss);
  • Security logs (MFA usage, suspicious sign-ins).

2.3 Customer Content

Customer Content includes:

  • Audio/video during meetings;
  • Transcripts, subtitles, and AI summaries;
  • Chat messages and reactions;
  • Files shared inside meetings or chat;
  • Whiteboards, polls, Q&A;
  • Meeting metadata (ID, title, timestamps, participants).

Convay does not access encrypted End-to-End Encrypted (E2EE) content unless explicitly configured by your organization.

2.4 Cookies & Local Storage

We use cookies and similar technologies to:

  • Authenticate users;
  • Maintain sessions;
  • Detect fraud or unusual activity;
  • Save preferences (language, layout);
  • Improve site/app performance.

A cookie banner is shown where legally required.

3.1 Deliver & Operate the Service

We use data to:

  • Authenticate users and manage sessions;
  • Deliver meetings, messages, files, and collaboration features;
  • Process recordings, transcripts, and captions;
  • Provide customer support;
  • Maintain service uptime and reliability.

3.2 AI-Assisted Features

Convay may process meeting content to:

  • Provide real-time subtitles and translations;
  • Generate summaries, minutes, and action items;
  • Enable search across transcripts and chat;
  • Improve internal models (only if your organization participates in an opt-in program).

Convay never uses Customer Content to train third-party AI models.

3.3 Security, Fraud Prevention & Abuse Detection

We process data to:

  • Enforce meeting access controls (passwords, lobby, domain lock);
  • Prevent account takeover attempts;
  • Detect spam or harassment;
  • Apply DLP and content protection policies;
  • Protect system integrity (rate-limiting, replay protection, anomaly detection).

3.4 Compliance, Audits & Operations

We use information to:

  • Meet legal obligations;
  • Respond to lawful data requests;
  • Conduct audits and maintain logs;
  • Improve product performance and user experience;
  • Perform capacity planning and system optimization.

We rely on the following legal bases (where applicable):

  • Contract performance – to provide and operate the Service you have requested;
  • Legitimate interest – including security, fraud prevention, and analytics;
  • Consent – where required by law, for example for certain cookies, marketing, or recordings in some jurisdictions;
  • Legal obligations – including government, regulatory, or tax compliance.

Convay does not sell personal data.

5.1 Within Your Organization

Depending on your organization’s configuration, admins may access:

  • User lists;
  • Meeting logs;
  • Recordings, chats, transcripts (depending on configuration);
  • Audit logs and settings.

5.2 Sub-Processors

We use trusted, vetted sub-processors for:

  • Hosting & storage;
  • Security & logging;
  • Analytics & monitoring;
  • Customer support.

All sub-processors operate under strict contractual and DPA obligations.

5.3 Third-Party Integrations You Enable

If you integrate Convay with platforms such as:

  • Cloud storage providers;
  • SSO (Google Workspace, Azure AD, SAML IdPs);
  • Streaming platforms (YouTube/RTMPS);

Data may be shared as needed to enable that integration. Those platforms’ own privacy policies apply.

5.4 Legal & Regulatory Requirements

Convay may disclose data if required to:

  • Comply with a lawful request;
  • Respond to a court order or subpoena;
  • Prevent harm or protect safety;
  • Detect or investigate fraud or abuse.

5.5 Business Transfers

If Synesis IT undergoes a merger, acquisition, or restructuring, personal data may be transferred to the new entity under similar protective terms.

Convay supports:

  • Fully localized data hosting;
  • Sovereign cloud deployments;
  • On-premise and air-gapped installations;
  • Region-specific cloud hosting.

For cloud deployments requiring international transfers, we use:

  • Standard Contractual Clauses (SCCs);
  • Equivalent legal safeguards where applicable.

We prioritize data sovereignty for government, BFSI, and other regulated entities, and align with local regulatory requirements where deployments are made.

Convay implements layered, enterprise-grade security including:

  • TLS 1.3 for APIs and signaling;
  • DTLS-SRTP for media encryption;
  • AES-256 encryption at rest;
  • Optional End-to-End Encryption (E2EE);
  • MFA, SSO, RBAC;
  • Watermarking & leak tracking;
  • Audit logs for admin and security events;
  • Rate limiting, session hardening, replay protection;
  • Continuous security patching and monitoring.

While no system is 100% secure, Convay follows industry best practices and continuously improves its security posture.

Convay retains data for 30 days for free accounts and for the subscription period for paid accounts. For on-premise deployments, retention is under the control of the organizational admin.

This retention is necessary to:

  • Provide the Service;
  • Meet legal and regulatory requirements;
  • Comply with contractual obligations;
  • Resolve disputes and ensure safety.

For organization accounts, admins can configure:

  • Retention for recordings and transcripts;
  • Chat and file retention;
  • Log retention (depending on deployment).

Additional immutability and archiving options are available for regulated environments, subject to contractual agreement.

Depending on your jurisdiction, you may have the right to:

  • Access your personal data;
  • Correct inaccurate data;
  • Request deletion (subject to legal exceptions);
  • Restrict processing;
  • Object to processing (e.g., marketing);
  • Request data portability.

For Customer Content controlled by your organization, please contact your Admin first. For Convay-controlled data, you can email info@convay.com.

We may verify your identity to protect user privacy and security before fulfilling requests.

Convay is not directed to children under the age specified by local law (typically 16). We do not knowingly collect data from children without appropriate authorization.

If we become aware that such data has been collected without required consent, we will delete it promptly in coordination with the relevant organization or guardian.

Convay complies with the Digital E-Commerce Policy 2021, including:

  • Displaying Trade License / VAT / E-TIN / BIN;
  • Publishing full business address and contact details;
  • Footer links to:
    • About Us
    • Terms & Conditions
    • Refund Policy
    • Privacy Policy
    • Contact Us
  • Displaying required payment gateway badges (e.g., SSLCOMMERZ);
  • Checkout with a mandatory tick box confirming user agreement;
  • Service activation within 24 hours (and always within 7 days), unless customer-side delays apply.

We may update this Policy to reflect:

  • Product updates;
  • Legal or regulatory changes;
  • Operational improvements;
  • Security enhancements.

When updated:

  • The “Last Updated” date at the top will be revised;
  • Additional notices will be provided where required by law;
  • Continued use of Convay indicates acceptance of the updated terms.

If you have questions about this Privacy Policy or wish to exercise your rights, contact:

  • Email: info@convay.com
  • Synesis IT PLC
  • 12, BDBL Bhaban (3rd Floor)
  • Kawranbazar, Dhaka-1215, Bangladesh

Convay is a secure, sovereign video collaboration platform built for governments, enterprises, and institutions. Stay connected with full control over your data—no compromises.

Convay © 2025 All rights reserved.

English