ConversaConversa
Back to home

Privacy Policy

Effective: April 26, 2026 · Last updated: April 26, 2026

1. Introduction

Margentic, CVR 45796086, Skovvejen 6, 3450 Allerød, Denmark, operating as Conversa (“we”, “us”, “our”) provides an AI-powered analytics platform that connects to your CRM and marketing tools and lets you ask questions through a web dashboard, Slack, or Microsoft Teams. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit getconversa.io, create a Conversa account, install the Slack or Teams app, or purchase a paid subscription.

For questions about this policy or to exercise your rights, contact us at [email protected].

2. Data we collect

Account data

  • Email address: for account creation, login, and support.
  • Name and company name: for workspace identification and invoicing.
  • Hashed password: stored using industry-standard one-way hashing (bcrypt).
  • Login metadata: last login time, IP address and user agent of recent login attempts (used to prevent abuse).

From Slack and Microsoft Teams

  • Workspace / tenant information: workspace ID and name.
  • User identifiers: Slack or Teams user IDs of people who interact with the bot.
  • Bot tokens: OAuth access tokens (encrypted at rest with AES-256-CBC).
  • Messages: only direct messages and explicit mentions sent to the Conversa bot. We do not read general channel messages.

From connected platforms

  • API credentials: API keys or access tokens for Klaviyo, HubSpot, Salesforce Marketing Cloud, or Microsoft Dynamics 365 (encrypted at rest).
  • Platform data: marketing metrics, campaign data, CRM records, and audience segments \u2014 fetched on demand to answer your queries, not bulk-replicated.

Conversation data

  • Questions and AI responses: stored to maintain conversation context and so you can revisit past sessions.
  • Usage counters: number of queries per month, used to enforce plan limits.

Billing data

  • Subscription metadata: plan name, status, period start/end, and a reference ID linking your account to its Paddle customer record.
  • Payment details (handled by Paddle): we never see or store full card numbers or bank details. Card data is collected directly by our payment processor Paddle and is processed in accordance with PCI-DSS.
  • Invoice information: billing name, address, country, and VAT number where applicable, used by Paddle to issue compliant invoices.

Website & analytics data

  • Cookies and analytics: if enabled, Google Analytics 4 collects pseudonymous information about how visitors use getconversa.io (pages viewed, country, device type) so we can improve the site. No personal advertising identifiers are collected.
  • Server logs: standard request logs (IP, user agent, timestamp) for security and debugging, retained for a limited time.

3. How we use your data

  • To provide the Conversa Service \u2014 process your questions, fetch data from your connected platforms, and return AI-generated answers.
  • To authenticate you and protect against unauthorised access (rate limiting, audit logging).
  • To bill you for paid plans and provide compliant invoices.
  • To send transactional emails (welcome, password reset, billing receipts, important service notices).
  • To respond to support requests and improve the Service.
  • To comply with legal obligations and enforce our Terms of Service.

4. Legal bases (GDPR)

We process personal data on the following legal bases under the GDPR:

  • Contract performance \u2014 to deliver the Service you have signed up for.
  • Legitimate interest \u2014 to keep the Service secure, prevent abuse, and improve reliability.
  • Legal obligation \u2014 to keep accounting records and respond to lawful requests.
  • Consent \u2014 where required, for example for non-essential cookies or marketing emails. You can withdraw consent at any time.

5. AI / LLM processing

Conversa uses large language models (LLMs) to generate answers. Your questions and the data fetched from your connected platforms are sent to the LLM provider only to produce an answer for you.

We do not use your account data, conversations, or platform data to train any AI or machine-learning models.

AI-generated responses may be inaccurate or incomplete. Always verify critical business decisions against your source data.

6. Sub-processors

We use a small number of trusted sub-processors to operate the Service. We share only the data they need to perform their function.

Sub-processorPurposeRegion
Paddle.com Market LtdMerchant of record \u2014 checkout, payments, invoicing, and tax compliance.UK / EU
LLM providerGenerates answers from your questions and platform data. Does not train on your data.US / EU
Cloud hosting (Abacus.AI)Application hosting, database, and storage for the Service.EU / US
Slack TechnologiesSlack app distribution and message delivery (only when you install Conversa to a Slack workspace).US
Microsoft CorpMicrosoft Teams app distribution and message delivery (only when you install Conversa to a Teams tenant).EU / US
Email providerSends transactional emails such as welcome, password reset, and billing notifications.EU / US
Google AnalyticsAggregated marketing-site analytics (pseudonymous).US

Where personal data is transferred outside the EU/EEA, transfers are protected by Standard Contractual Clauses or an equivalent safeguard. We do not sell your data to any third party and do not share it with advertising networks.

7. Slack permissions (scopes)

When you install the Slack app, Conversa requests the following bot token scopes:

ScopePurpose
chat:writeSend responses and onboarding messages
im:historyRead direct messages sent to the bot
im:readAccess DM conversation metadata
im:writeOpen DM conversations for onboarding
users:readResolve Slack user identity

8. Data security

  • All API credentials and bot tokens are encrypted at rest using AES-256-CBC.
  • Webhook requests from Slack are verified using HMAC-SHA256 signature verification.
  • Passwords are stored as one-way bcrypt hashes; we never see the plaintext.
  • OAuth 2.0 is used for app installations \u2014 we never see workspace admin passwords.
  • All communications use HTTPS / TLS encryption in transit.
  • Database access is restricted, monitored, and audited.
  • Card numbers and bank details are handled directly by Paddle and never touch our servers.

9. Data retention & deletion

We keep personal data only as long as needed to provide the Service and to meet legal obligations:

  • Account data & conversations: retained while your account is active. When you close your account or uninstall the Slack/Teams app, associated data is deleted within 14 business days.
  • Bot tokens: immediately invalidated and wiped on uninstall.
  • Billing records: kept for up to 7 years to comply with EU accounting and tax law.
  • Server & security logs: retained for up to 90 days.

You can request earlier deletion at any time by emailing [email protected]. We will process the request within 14 business days, except where data must be retained for legal reasons.

10. Your rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data (“right to be forgotten”).
  • Portability \u2014 receive your data in a structured, machine-readable format.
  • Restrict or object to processing.
  • Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact [email protected]. We respond within 2 business days and complete requests within 30 days.

If you believe we have not handled your data correctly, you may lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at datatilsynet.dk, or with the supervisory authority of the EU member state where you live or work.

11. Children's privacy

Conversa is a business tool intended for professional use. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us at [email protected] and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date and, where appropriate, communicated to active customers by email.

13. Contact

Margentic (operating as Conversa)

CVR: 45796086

Skovvejen 6, 3450 Allerød, Denmark

Privacy / data requests: [email protected]

General: [email protected]

Website: getconversa.io

We respond to all inquiries within 2 business days.