Privacy Policy

Last Updated: April 9, 2026

ConvAI Lens ("we", "us", "our") operates the ConvAI Lens widget and API service (the "Service") for Kommo CRM users. This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information: When you connect ConvAI Lens to your Kommo account, we receive your Kommo account ID, subdomain, and OAuth access tokens.

Conversation Data: When you trigger an analysis, the Service temporarily processes the conversation text from your Kommo lead cards. This data is sent to OpenAI (GPT-4o-mini) for analysis and is not permanently stored by us.

Voice Messages: When you use the voice transcription feature, audio data is sent to Deepgram for transcription. We store the resulting text transcript as a Kommo note.

Usage Data: We track analysis counts and voice transcription minutes for quota management purposes.

2. How We Use Your Information

We use collected information solely to:

  • Provide the conversation analysis and lead scoring service
  • Transcribe voice messages
  • Manage your subscription and usage quotas
  • Improve the Service

3. Data Sharing

We share data with the following third-party processors:

  • OpenAI: Conversation text for AI analysis
  • Deepgram: Audio data for voice transcription
  • LemonSqueezy: Payment processing
  • Supabase: Database hosting
  • Upstash: Redis caching and rate limiting
  • Railway: API hosting

We do not sell your data to any third parties.

4. Data Retention

Conversation text is processed in real-time and not stored permanently. Analysis results (scores, summaries) are retained as long as your account is active. OAuth tokens are stored securely and deleted upon disconnection.

5. Data Security

We implement industry-standard security measures including:

  • OAuth 2.0 for Kommo authentication
  • TLS 1.2 encryption for all data in transit
  • Encrypted database storage
  • Rate limiting and abuse protection

6. Your Rights

You have the right to:

  • Disconnect your Kommo account at any time
  • Request deletion of your data
  • Access information about what data we hold

7. GDPR Compliance

For users in the European Economic Area, we process data under the legal basis of contract performance (providing the Service) and legitimate interest (improving the Service). You may exercise your GDPR rights by contacting us.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the widget or email.

9. Contact Us

For privacy-related inquiries, contact us at: support@convailens.com