Legal

Privacy Policy

Last updated: May 2026 · Version 2.0 · Converra

1. Overview and Scope

Converra ("we", "us", or "our") is a SaaS CRM and messaging automation platform that enables businesses to manage customer communications via the WhatsApp Business Platform provided by Meta Platforms, Inc.

This Privacy Policy explains what personal data we collect, how we use it, and your rights as a data subject. It applies to all users of the Converra platform — including business account holders, administrators, and end-user contacts whose data is processed through the platform on behalf of our business customers.

Converra acts as a data processor on behalf of its business customers (data controllers) with respect to end-user contact data, and as a data controller with respect to account and usage data it collects directly.

2. Data We Collect

2.1 Account & Identity Data

  • • Full name and email address of account holders and team members
  • • Organisation name, role, and billing information
  • • Authentication credentials (stored as hashed values only)

2.2 WhatsApp & Messaging Data

  • • WhatsApp Business Account (WABA) ID, Phone Number ID, and linked business profile details
  • • Message content, timestamps, and delivery status for communications processed through the platform
  • • Customer contact names, phone numbers, and conversation history uploaded or received via the platform

2.3 Automation & Usage Data

  • • Workflow configurations, automation triggers, and template definitions
  • • System logs, API call records, and error reports
  • • Feature usage analytics (aggregated and anonymised where possible)

2.4 Technical Data

  • • IP addresses, browser/device type, session identifiers
  • • Cookies and similar tracking technologies (see Section 9)
3. Legal Basis for Processing

We process personal data only where we have a valid legal basis under applicable law, including:

  • Contract performance — processing necessary to deliver the services you have subscribed to
  • Legitimate interests — security monitoring, fraud prevention, and product improvement
  • Legal obligation — compliance with applicable laws and regulatory requirements
  • Consent — where explicitly obtained (e.g. marketing communications to account holders)

As a data processor for end-user contact data, we process that data strictly on the documented instructions of our business customers (the data controllers).

4. How We Use Data

We use collected data exclusively to:

  • • Provision, operate, and improve the Converra platform and its features
  • • Enable CRM messaging, workflow automation, and analytics within your account
  • • Authenticate users and maintain account security
  • • Provide customer support and respond to enquiries
  • • Monitor platform health, prevent abuse, and ensure compliance with our Terms of Service
  • • Fulfil legal and regulatory obligations

We do not use your data or your customers' data for advertising, profiling, or any purpose unrelated to delivering the Converra service.

5. WhatsApp & Meta Integration

Converra integrates with the WhatsApp Business Platform provided by Meta Platforms, Inc. By using Converra's WhatsApp features, you acknowledge and agree that:

  • • All WhatsApp messaging is subject to WhatsApp's Business Policy, Commerce Policy, and applicable Meta Platforms Terms of Service
  • • Converra transmits message data to Meta's infrastructure solely to deliver the messaging service on behalf of the business account holder
  • • Meta may independently process data in accordance with its own Privacy Policy; Converra has no control over Meta's data practices
  • • Business customers are responsible for ensuring they have lawful basis and appropriate consent from their end-users before initiating WhatsApp communications through Converra
  • • Converra does not use the WhatsApp Business Platform to distribute general-purpose AI assistants or LLM-based chatbots, in compliance with Meta's Business Solution Terms effective January 15, 2026
6. Data Sharing & Disclosure

We do not sell, rent, or trade personal data. We may share data only in the following limited circumstances:

6.1 Infrastructure Providers

We engage vetted sub-processors (e.g. cloud hosting, database, email delivery providers) under binding data processing agreements that require equivalent levels of protection to this policy.

6.2 Legal Requirements

We may disclose data if required by applicable law, court order, or governmental authority, and will notify affected customers where legally permitted to do so.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, we will notify users and ensure continuity of data protection obligations.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law:

  • Account data: retained for the duration of the subscription plus 90 days after account closure
  • Messaging & conversation data: retained for up to 12 months from the date of the message
  • System logs & usage analytics: retained for up to 24 months in aggregated or anonymised form
  • Billing records: retained for 7 years in compliance with applicable accounting and tax laws

Upon account closure, you may request deletion of your data by emailing [email protected].

8. Your Data Subject Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten") subject to legal obligations
  • Restriction — request that we limit processing of your data in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdrawal of consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies

We use cookies and similar technologies to maintain your login session, remember preferences, and analyse platform usage. Strictly necessary cookies cannot be disabled. Analytics and preference cookies can be managed via your browser settings or our in-platform cookie controls.

10. International Data Transfers

Converra and its sub-processors may process data in countries outside your home jurisdiction. Where transfers occur to countries not deemed to provide adequate data protection, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms approved under applicable law.

11. Security

We implement industry-standard technical and organisational measures to protect personal data, including:

  • • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • • Multi-factor authentication for platform access
  • • Role-based access controls and least-privilege principles
  • • Regular security assessments and penetration testing
  • • Incident response procedures including breach notification within 72 hours where required by law
12. Children's Privacy

Converra is a business platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided personal data, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify account holders of material changes via email or in-platform notice at least 14 days before changes take effect. Continued use of the platform after the effective date constitutes acceptance of the revised policy.

14. Contact

For privacy-related enquiries, data subject requests, or to report a concern:

[email protected]

We aim to respond to all privacy enquiries within 5 business days.