Privacy Policy
How ConvynHQ collects, uses, shares, and protects personal information.
Last updated: 2026-07-06
Effective date: July 6, 2026
1. Introduction
ConvynHQ LLC ("ConvynHQ," "we," "us," or "our") respects the privacy of the people who use our platform and the people whose information flows through it. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how we protect it, and the choices and rights individuals have.
ConvynHQ operates a multi-tenant software-as-a-service platform that helps mission-driven organizations manage volunteers, schedule events, sell tickets, and accept donations. Some of the personal information we handle is about the people and organizations who pay for and use our platform directly ("Customer," "Customer Personnel"). Other personal information is about the volunteers, donors, event attendees, and team leaders whose data flows through the platform on the Customer's behalf ("End Users").
This Privacy Policy describes our practices in both situations and explains the different roles we play in each.
2. Our role with respect to personal information
For information collected directly from Customers and Customer Personnel for purposes of operating the ConvynHQ business — for example, account signup information, billing details, support requests, and marketing-website analytics — ConvynHQ acts as a controller (or business, as defined by certain U.S. state privacy laws) and determines the purposes and means of processing.
For information about End Users that Customers store, generate, or transmit through the Service in the course of running their volunteer programs, events, and fundraising activities, ConvynHQ acts as a processor (or service provider) on behalf of the Customer, which is the controller (or business). In that role, we process End User information solely on the Customer's documented instructions in connection with providing the Service, in accordance with our agreement with the Customer and, where applicable, our Data Processing Agreement.
End Users with questions about how a specific Customer organization uses their data should contact that organization directly. This Privacy Policy explains ConvynHQ's own practices as a controller.
3. Information we collect
3.1 Information you provide
We collect personal information you provide when you sign up, fill out a form, or otherwise interact with our website and platform. This includes:
- Account information: your name, email address, password, organization name, organization type, organization size.
- Billing information: payment card details (handled by our payment processor, not stored on our servers), billing address, billing email.
- Communications: information in support requests, demo requests, sales inquiries, and other messages you send to us.
- Survey or interview responses: information you choose to share when you participate in optional research.
3.2 Information collected automatically
When you interact with our website or platform, we automatically collect:
- Device and connection information: IP address, browser type, operating system, device identifiers, and similar technical data.
- Usage information: pages viewed, features used, links clicked, timestamps, and session duration.
- Cookies and similar technologies: see Section 6 for our cookie practices.
3.3 Information collected on the Customer's behalf
As a processor, we collect, store, and process information about End Users at the Customer's direction. The Customer determines what categories of End User information are collected, but it typically includes:
- Names, email addresses, and phone numbers (volunteers, donors, event attendees, team leaders, signups).
- Background-check status and expiration dates, when Customers track this category.
- Service-hour records, signup history, and team affiliations.
- Payment transaction records when End Users purchase tickets or tables through the Customer's connected Stripe account (payment card data itself is collected and handled by Stripe directly).
- Custom fields the Customer chooses to collect at signup.
- Advocacy actions (Advocacy and Advocacy Pro tiers): when an End User takes action on a Customer's public advocacy campaign — for example, sending an email to a legislator, signing a petition, calling a representative, or visiting a district office in person — ConvynHQ collects the contact and action information the End User provides, which may include name, email address, ZIP code, street address (for routing the action to the End User's elected officials), and the content of any message they choose to send.
- Phone numbers for phone banking (Advocacy and Advocacy Pro tiers): Customers may upload, import, or otherwise provide phone numbers of individuals their staff intend to call as part of a phone banking session. Phone numbers are stored within the Customer's organization and used solely to populate the Customer's call queue and record call outcomes.
4. How we use information
We use the information described in Section 3.1 and 3.2 (information for which we act as controller) for the following purposes:
- To operate, maintain, and improve the Service and our marketing website.
- To create and manage accounts and process subscription billing.
- To send transactional emails, such as account notifications, billing notices, and security alerts.
- To respond to support requests, demo requests, and sales inquiries.
- To send marketing communications about ConvynHQ (you may opt out of marketing email at any time).
- To monitor, prevent, detect, and investigate fraud, security incidents, abuse, and violations of our Terms of Service.
- To comply with legal obligations, respond to lawful requests, and protect our and others' rights and safety.
- To create de-identified or aggregated information that does not identify any individual, which we may use for any lawful purpose.
We process information about End Users (described in Section 3.3) only on the Customer's documented instructions and as necessary to provide the Service, except where applicable law requires otherwise.
5. How we share information
We do not sell personal information. We share information only as described below:
5.1 Subprocessors
We use third-party service providers to operate the Service, including hosting, database, email delivery, payment processing, and analytics. These providers process personal information on our behalf under contract and are subject to confidentiality obligations. The current list of subprocessors is published at convynhq.com/subprocessors and is also available on request.
5.2 Customers
Information about End Users is shared with the Customer organization on whose account that End User's data resides. We do not share End User information across Customer organizations.
5.3 Stripe and payment processors
Payment information is shared with Stripe to process subscription payments to ConvynHQ. When Customers use Stripe Connect to accept payments from End Users (for tickets, tables, donations), End User payment information flows directly to the Customer's connected Stripe account.
5.4 Legal disclosures
We may disclose information if required by law, subpoena, court order, or other legal process; to enforce our Terms of Service; to protect our rights, property, or safety, or those of our users or the public; or in connection with the investigation of suspected or actual unlawful activity.
5.5 Business transfers
If ConvynHQ is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. We will require any successor to honor this Privacy Policy or provide notice if the policy will change.
5.6 With consent
We may share information for purposes not described in this Privacy Policy if you direct us to or otherwise provide consent.
5.7 Advocacy module — third-party data flows
The Advocacy module (available on the Advocacy and Advocacy Pro tiers) introduces additional, narrowly-scoped data flows to government and government-data services that exist solely to look up the elected officials representing a given U.S. address, and to retrieve federal legislative information. The providers and the data shared with each are listed at convynhq.com/subprocessors and currently include:
- U.S. Census Bureau Geocoder — receives the street address, city, state, and ZIP code submitted by an End User taking an advocacy action (or by a Customer using the Officials Lookup tool) and returns congressional and state legislative district numbers.
- Congress.gov API (U.S. Library of Congress) and OpenStates — receive district numbers (not the underlying address) to return the names and contact information of the corresponding federal and state legislators.
- GovTrack.us — receives keyword search terms entered by a Customer when looking up federal legislation for the Tracked Bills feature. No End User information is transmitted.
To reduce repeated queries, the result of an address-to- district lookup is cached for up to 24 hours, after which the cached entry is overwritten or expires. Address values themselves are stored as part of the End User's action record on the Customer's account.
5.8 Phone banking — outbound calling (Advocacy Pro)
When a Customer subscribed to the Advocacy Pro tier uses the click-to-dial feature to place phone bank calls, Twilio is engaged as a subprocessor to bridge the call between the Customer's staff member and the contact being called. Twilio receives the originating and destination phone numbers, the call duration, and the call status. ConvynHQ does not record call audio. Customers subscribed to the Advocacy tier (without Pro) place phone bank calls from their own device using a tel: link; no Twilio engagement occurs in that flow.
5.9 SMS event reminders (paid add-on)
Customer organizations that have enabled the SMS Reminders paid add-on may send automated text-message reminders to volunteers and event attendees who explicitly opt in when signing up for an event on that Customer's public event page. Opt-in is captured through a separate, unchecked-by-default checkbox that is only offered when the End User has entered a phone number, and consent to receive reminders is not a condition of event signup or of participating in the Customer's programs.
When SMS reminders are active for a signup, ConvynHQ engages Twilio as a subprocessor to originate and deliver up to two reminder messages per signup — one approximately 24 hours before the event start time and one approximately 1 hour before — and to relay any inbound "STOP," "HELP," "UNSUBSCRIBE," or similar reply messages back to ConvynHQ so that further messages can be suppressed. Twilio receives the destination phone number, the outgoing message text (which identifies the Customer organization and the event), and delivery metadata such as status, timestamps, and error codes.
Reminder messages are limited to reminder-only content and are not used for marketing, promotional, or fundraising purposes. ConvynHQ does not sell, rent, share, or otherwise disclose End User mobile phone numbers or SMS opt-in status to any third party for that third party's own marketing, promotional, or advertising purposes. Mobile information — including phone numbers, opt-in status, and the content of consent — is used solely for the purpose of providing the SMS reminder service on behalf of the Customer, and is not shared with affiliates, partners, or data brokers.
Message frequency is typically two messages per event signup (24-hour and 1-hour reminders). Message and data rates may apply based on the End User's wireless carrier plan. End Users may opt out at any time by replying "STOP" to any reminder message; this immediately suppresses further SMS from ConvynHQ to that phone number across all Customer organizations using the platform. Replying "HELP" returns basic assistance information; for further help, End Users may contact the Customer organization that sent the reminder or ConvynHQ at privacy@convynhq.com.
6. Cookies and tracking technologies
We use cookies and similar technologies (such as local storage and session identifiers) on our website and platform. Cookies are small text files placed on your device that allow us to recognize you, remember your preferences, and analyze how the Service is used.
6.1 Categories of cookies we use
- Strictly necessary cookies: required for the Service to operate, including login sessions and security. These cannot be disabled.
- Functional cookies: remember your preferences and choices, such as language and display settings.
- Analytics cookies: help us understand how the Service is used so we can improve it. These collect aggregated and de-identified usage information.
6.2 Your choices
Most browsers let you manage cookies through their settings. You can refuse or delete cookies, but parts of the Service may not function correctly if you do. If we use analytics cookies that require consent under applicable law, we will provide a banner or other mechanism to obtain that consent.
6.3 Do Not Track
Our website does not currently respond to Do Not Track browser signals.
7. Data retention
We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:
- Account information: retained while the Customer's account is active, plus a ninety (90) day grace period following cancellation, after which data is deleted from production systems.
- Billing records: retained for the period required by applicable tax, audit, and accounting rules (typically seven years in the United States).
- Support communications: retained for a reasonable period to maintain operational history, typically up to three years from last interaction.
- Backups: data in backups is retained per our backup-rotation schedule (typically up to thirty-five days for daily backups), after which it is overwritten.
- De-identified or aggregated data: retained indefinitely.
8. Your privacy rights
Depending on where you live, you may have rights with respect to your personal information. These may include:
- The right to access the personal information we hold about you.
- The right to correct inaccurate personal information.
- The right to delete your personal information, subject to certain exceptions.
- The right to data portability (a copy of your personal information in a structured, commonly used format).
- The right to opt out of certain uses of your personal information, including any "sale" or "sharing" as defined by U.S. state privacy laws (we do not currently sell or share personal information in those senses).
- The right to not be subject to retaliation for exercising these rights.
If you are an End User of a Customer organization, please contact that organization first to exercise these rights with respect to data the Customer controls. We will assist Customers in responding to End User requests as required by our agreement with the Customer.
To exercise rights with respect to information for which ConvynHQ is the controller, contact privacy@convynhq.com. We will respond within the time required by applicable law. We may need to verify your identity before fulfilling a request.
8.1 California-specific disclosures
If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you the rights described above. In the prior twelve months, we have collected the following categories of personal information: identifiers, commercial information (subscription and billing), internet activity (analytics), professional information (organization role), and inferences. We disclose these categories to the categories of recipients described in Section 5. We do not sell or share personal information for cross-context behavioral advertising. We do not knowingly collect personal information from minors under 16.
9. Children's privacy
The Service is not directed to children under the age of 13. ConvynHQ does not knowingly collect personal information directly from children under 13 in its capacity as controller. Customers may use the Service to manage volunteer rosters that include minors (for example, youth-volunteer programs). In that case, the Customer is the controller of the minors' information and is responsible for obtaining any required parental consent and providing required disclosures.
If you believe we have inadvertently collected personal information from a child under 13 in a controller capacity, please contact privacy@convynhq.com and we will delete the information.
10. Security
ConvynHQ implements reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption of data in transit and at rest, access controls, network monitoring, employee training, and periodic review of our security posture. A summary of our security practices is published at convynhq.com/security.
No method of transmission or storage is completely secure. While we strive to protect personal information, we cannot guarantee its absolute security. You are responsible for safeguarding your password and access credentials.
11. International users and data transfers
ConvynHQ is based in the United States and operates the Service in the United States. At launch, the Service is intended for use by organizations and End Users located in the United States. If you access the Service from outside the United States, you understand and consent to the transfer of your personal information to the United States, where data-protection laws may differ from those of your jurisdiction.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version on our website and update the "Effective date" above. If we make material changes, we will provide additional notice, such as by email to the Customer's Owner contact or through a notice in the dashboard. Continued use of the Service after an update constitutes acceptance of the updated Privacy Policy.
13. How to contact us
If you have questions or concerns about this Privacy Policy or our privacy practices, contact us at:
ConvynHQ LLC
3120 Southwest Fwy Ste 101
Houston, Texas 77098
Email: privacy@convynhq.com