Privacy Policy
This Privacy Policy explains how Convergence AI ("we", "us", "our") collects, uses, and protects your personal data when you use convergenceai.app. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).
1. Who We Are
Convergence AI is operated by:
Aleksandar Georgievski
Bul. Jane Sandanski 62/2-2
Skopje, North Macedonia
Email: hello@convergenceai.app
For the purposes of GDPR, we act as the data controller for personal data collected through this platform.
2. What Data We Collect
Account Data
- Email address (when you create an account)
- Name (when provided via Google OAuth)
- Password (stored as a hashed, salted value — never in plain text)
- Account tier and subscription status
Usage Data
- Questions submitted to the AI council ("prompts")
- AI-generated responses and verdicts
- Chat conversation history
- Uploaded documents (text extracted for AI processing)
- Session timestamps and usage counts
Technical Data
- IP address (used for rate limiting and security)
- Browser type and device information
- Cookies and local storage tokens (for authentication)
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Providing the AI council service | Contract performance |
| Saving your verdict history and chat conversations | Contract performance |
| Processing payments via Lemon Squeezy | Contract performance |
| Sending transactional emails (receipts, confirmations) | Contract performance |
| Security, fraud prevention, rate limiting | Legitimate interests |
| Improving the platform and AI prompts | Legitimate interests |
| Complying with legal obligations | Legal obligation |
4. AI Processing & Third-Party Providers
When you submit a question to the council, your prompt is processed by the following AI providers. Each provider's privacy policy governs how they handle data on their infrastructure:
| Provider | Role | Privacy Policy |
|---|---|---|
| OpenAI | Builder (GPT-4.1) | openai.com/privacy |
| Anthropic | Strategist (Claude) | anthropic.com/privacy |
| Critic (Gemini) | policies.google.com/privacy | |
| DeepSeek | Challenger | deepseek.com/privacy |
Important: Your prompts are transmitted to these providers to generate responses. We recommend you do not submit confidential, sensitive, or personally identifiable information in your council questions unless you have reviewed each provider's data handling policies.
5. Data Storage & Security
Your data is stored in the following systems:
- Supabase (PostgreSQL database) — hosted on AWS infrastructure in the EU region
- Supabase Storage — for uploaded files
- Railway — backend API processing (no persistent data storage)
- Cloudflare Pages — frontend hosting (no personal data stored)
We implement appropriate technical and organisational security measures including encrypted data transmission (HTTPS/TLS), hashed password storage, and access controls.
6. Data Retention
- Account data — retained while your account is active, deleted within 30 days of account deletion request
- Council sessions and chat history — retained while your account is active; you can delete individual sessions at any time
- Uploaded files — retained until you delete them from your file library
- Payment records — retained for 7 years as required by financial regulations
7. Your Rights (GDPR)
If you are located in the European Economic Area or UK, you have the following rights:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction — limit how we process your data
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent
To exercise any of these rights, contact us at hello@convergenceai.app. We will respond within 30 days.
8. Cookies
We use minimal cookies and local storage for:
- Authentication tokens (to keep you signed in)
- Guest session tracking (to enforce free tier limits)
We do not use advertising cookies or third-party tracking cookies.
9. Children's Privacy
Convergence AI is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
10. International Transfers
Your data may be processed by AI providers based in the United States. These transfers are covered by Standard Contractual Clauses (SCCs) as approved by the European Commission, or equivalent safeguards.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of significant changes by email. The "Last updated" date at the top of this page reflects the most recent revision.
11b. Enterprise & Data Processing Agreements
A full Terms of Service and Data Processing Agreement (DPA) are available on request for enterprise clients. For enterprise deployments, we also support Azure-hosted instances with EU data residency, Microsoft SSO, and custom compliance arrangements. Contact hello@convergenceai.app to discuss.
12. Contact & Complaints
For any privacy-related questions or to exercise your rights:
Email: hello@convergenceai.app
Address: Bul. Jane Sandanski 62/2-2, Skopje, North Macedonia
If you are unhappy with how we handle your data, you have the right to lodge a complaint with your local data protection authority.