Privacy Policy

Con-vrt ("we", "our", or "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. By using Con-vrt (the "Service"), you agree to the practices described here.

Account information. When you sign up, we collect your email address and, optionally, your business or brand name.

Payment information. Billing is handled by Stripe. We do not store your full card number or CVV — only the last four digits, card brand, and expiry provided by Stripe for display purposes.

Uploaded content. Images you upload are stored temporarily in order to process your job and generate output files. Source images may be retained for up to 30 days to support re-downloads and job history.

Usage data. We collect information about the packs you run, the number of images processed, and your monthly credit consumption in order to enforce plan limits and improve the Service.

Log data. Our servers automatically record your IP address, browser type, pages visited, and timestamps when you access the Service.

Cookies & local storage. We use essential browser storage (cookies and localStorage) to maintain your session and remember active job state between page navigations. We do not use third-party advertising cookies.

• To provide, operate, and improve the Service.
• To process your image jobs and deliver output ZIP files.
• To manage your subscription and process payments via Stripe.
• To send transactional emails (e.g., job completion, billing receipts). We do not send marketing emails without your explicit consent.
• To enforce our Terms of Service and plan limits.
• To diagnose technical issues and monitor Service health.
• To comply with applicable legal obligations.

We do not sell your personal data. We share data only as follows:

• Stripe — payment processing. Subject to Stripe's own privacy policy.
• Supabase — authentication and database hosting. Data is stored in secure, access-controlled infrastructure.
• Vercel — hosting and edge delivery of the web application.
• Redis / BullMQ — ephemeral job queue data; not persisted beyond job completion.
• Law enforcement — we may disclose data if required by applicable law, court order, or to protect the rights, property, or safety of Con-vrt, our users, or the public.

All sub-processors are contractually bound to protect your data and may only use it to deliver services on our behalf.

• Account data is retained for as long as your account is active, or as needed to provide the Service.
• Uploaded source images are deleted within 30 days of processing.
• Output ZIP files hosted via signed URLs expire within 7 days of generation.
• Log data is retained for up to 90 days.
• If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., billing records).

We implement industry-standard security measures including TLS encryption in transit, access controls, and regular dependency audits. However, no system is completely secure. You are responsible for keeping your account credentials confidential. Notify us immediately at legal@con-vrt.com if you suspect unauthorized access to your account.

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate data.
• Deletion — request deletion of your personal data ("right to be forgotten").
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Restriction — request we restrict processing of your data in certain circumstances.

To exercise any of these rights, email us at legal@con-vrt.com. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

The Service is not directed at children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

Con-vrt is operated from the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used; (b) delete your personal information; (c) opt out of the sale of your personal information (we do not sell personal information); and (d) non- discrimination for exercising your rights. To submit a request, email legal@con-vrt.com.

We may update this Privacy Policy from time to time. When we do, we will update the "Effective" date at the top and, for material changes, notify you by email or in-app notice before the change takes effect. Your continued use of the Service constitutes acceptance of the revised Policy.

Questions, requests, or concerns about this Privacy Policy? Contact us at legal@con-vrt.com.