Privacy Policy

Last updated: February 14, 2026

1. Introduction

ConvoQC (“we,” “us,” “our”) is a B2B SaaS platform that provides automated AI-powered quality control for phone calls in the pay-per-call industry. This Privacy Policy explains what data we collect, how we use it, and how we protect it.

ConvoQC is a business-to-business service. Our customers are call brokers, networks, and agencies — not individual consumers. The call data we process belongs to and is controlled by our customers. We process it on their behalf.

2. Information We Collect

2a. Account Information

Provided by you when you sign up:

  • Name
  • Email address
  • Company name
  • Password (hashed and stored securely via Supabase Auth — we never store plain-text passwords)
  • Payment method (credit card information is collected and stored exclusively by Stripe — ConvoQC never sees, stores, or has access to full card numbers)
  • Account balance and billing history
  • UI/dashboard preferences

2b. Call Data

Received from your call tracking platform via webhook. When you connect your call tracking platform (TrackDrive, Ringba, or Retreaver) to ConvoQC, the following data is sent to us automatically when a call ends:

  • Caller phone number
  • Call duration
  • Recording URL (the audio file remains hosted on your call tracking platform — ConvoQC does not store audio recordings)
  • Campaign name
  • Publisher/traffic source name and ID
  • Buyer/call center name and ID
  • Platform-specific call ID
  • Call timestamp

2c. AI-Generated Data

Created by ConvoQC during analysis:

  • Full call transcription (text)
  • Call disposition (outcome classification, e.g., “Qualified,” “Not Interested,” “Voicemail”)
  • Detected flags (e.g., “Coached Call,” “Compliance Issue,” “DNC Violation,” “TCPA Violation”)
  • Call summary (brief AI-generated description of the call)
  • Speaker labels (diarized — identifies who said what)
  • Processing cost per call

2d. Usage Data

  • Standard web analytics (pages visited, browser type, device type)
  • Feature usage within the dashboard
  • API/webhook request logs

3. How We Use Your Data

We use the data we collect to:

  • Provide the ConvoQC service — transcribing, analyzing, and scoring calls
  • Generate AI-powered quality analysis, fraud detection, compliance checking, and publisher scoring
  • Process payments and manage your billing
  • Send transactional emails (account invitations, billing alerts, system notifications)
  • Improve and maintain the platform
  • Provide customer support
  • Comply with legal obligations

We do NOT:

  • Sell or share your data with third parties for marketing or advertising purposes
  • Use your call data to train AI models (call data is processed, not retained for training)
  • Contact callers or consumers whose data appears in call recordings
  • Initiate or make phone calls
  • Store audio recordings (we store only the URL link to recordings hosted on your platform)

4. Third-Party Services

We use the following third-party services to operate ConvoQC. Each receives only the data necessary to perform its function:

ServicePurposeData Received
SupabaseDatabase, user authentication, serverless functionsAll application data (user accounts, call logs, transcriptions, analysis results)
Fireworks.aiSpeech-to-text transcriptionRecording URLs — audio is fetched and transcribed in real time. Fireworks.ai does not permanently store your audio files.
OpenAIAI analysis (disposition classification, flag detection, call summarization)Call transcription text only. No caller phone numbers or personally identifiable information is sent to OpenAI — only the transcript content.
StripePayment processingCustomer email, payment method, billing amounts. Stripe is PCI-DSS Level 1 compliant.
NetlifyWebsite hostingStandard web hosting data. No sensitive call or account data.
RailwayBackend/pipeline server hostingProcesses call data in transit. No persistent storage of call data beyond operational logs.
ResendTransactional email deliveryUser email addresses for account invitations, billing alerts, and system notifications only.

5. Data Storage & Retention

  • Call logs, transcriptions, and analysis results are stored in your ConvoQC account indefinitely unless you request deletion.
  • Account data is retained for the duration of your account’s existence.
  • Audio recording files are NOT stored by ConvoQC. We store only the URL link pointing to the recording on your call tracking platform (TrackDrive, Ringba, or Retreaver). If you delete the recording on your platform, our link becomes inactive.
  • If you delete your account, we will delete your data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

6. Data Security

  • All data is encrypted in transit (TLS/SSL) and at rest.
  • User passwords are hashed and never stored in plain text.
  • Payment information is handled exclusively by Stripe and never touches ConvoQC servers.
  • Access to production systems is restricted to authorized ConvoQC personnel.
  • We implement role-based access controls within the platform (Owner, Admin, Member roles).

7. HIPAA Compliance

ConvoQC is designed to support customers operating in HIPAA-regulated verticals, including health insurance, Medicare, and healthcare services.

  • Call data that may contain Protected Health Information (PHI) is encrypted in transit and at rest.
  • ConvoQC processes call recordings and transcriptions as a Business Associate on behalf of its customers (the Covered Entities or their Business Associates).
  • We are prepared to enter into a Business Associate Agreement (BAA) with customers who require one. Contact us at hello@convoqc.com to request a BAA.
  • Our third-party sub-processors (Supabase, Fireworks.ai, OpenAI) each maintain their own security and compliance programs. Customers handling PHI should review these sub-processors’ compliance documentation.
  • ConvoQC does not use PHI for marketing, does not sell PHI, and restricts access to PHI to the minimum necessary for providing the service.
Note: HIPAA compliance is a shared responsibility. ConvoQC provides the technical safeguards, but customers are responsible for ensuring their own use of the platform complies with HIPAA and for determining whether a BAA is required for their specific use case.

8. Your Rights & Choices

  • Access: You can access all your call data, transcriptions, and analysis results through your ConvoQC dashboard at any time.
  • Deletion: You can request deletion of your account and associated data by contacting hello@convoqc.com.
  • Data Export: You can export your call data from the dashboard.
  • Email Opt-Out: Transactional emails related to your account (billing alerts, security notifications) cannot be opted out of while your account is active. Marketing communications, if any, will include an unsubscribe option.

9. Cookies & Tracking

ConvoQC uses minimal cookies required for authentication and session management. We do not use third-party advertising cookies. We may use basic analytics to understand how our marketing site is used.

10. Children’s Privacy

ConvoQC is a B2B service and is not directed at individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The “Last Updated” date at the top of this page reflects the most recent revision.

12. Contact

If you have questions about this Privacy Policy or your data, contact us at:

hello@convoqc.com