Data Security & Privacy
Data Security & Privacy
Convo adopts a comprehensive approach to data protection, ensuring all personal and communication data is handled lawfully, securely, and transparently.
1. Data Collection & Minimisation
We collect only the minimum data required for account creation and support:
- Full name
- Email address
- Phone number
- Address
We do not collect or retain unnecessary personal data or call content.
2. Data Processing & GDPR Compliance
- We act as a Data Controller under GDPR, processing data only for legitimate business purposes.
- All processing activities are transparent, with user rights clearly defined (access, correction, deletion).
- Data handling follows principles of lawfulness, fairness, purpose limitation, and data minimisation.
3. Encryption & Secure Transmission
- At Rest: AES-256-GCM encryption is used for all stored personal data.
- In Transit: TLS 1.2 and SSH are used to secure data transmissions.
- Passwords are hashed with BCryptPasswordEncoder, and credential tokens are securely encrypted.
4. Video Relay Call Handling
- No video, audio, or transcript data is stored after a call.
- Interpreters receive only live communication data, which is not retained.
- Sessions are fully encrypted, with strict access limited to verified, qualified interpreters.
5. Backups & Geo-Redundancy
- Secure, encrypted backups are performed continuously.
- Primary storage and backups for UK users are located in the UK (AWS London).