Privacy Policy for Convoys

Last updated: April 25, 2026

Overview

Convoys ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application and related services.

By accessing or using Convoys, you acknowledge this Privacy Policy and consent to the collection, use, and disclosure of information as described here.

Information We Collect

Information You Provide

• Profile Information: Nickname/display name and optional profile picture (avatar).
• Room Inputs: Room names, optional room passwords, invite/rejoin tokens, and room-level settings (for example invite permissions).
• Purchase Information (if premium features are used): Purchase proof and transaction-related data from app stores, including product identifier, platform (iOS/Android), transaction ID or purchase token, order identifier (if provided), purchase/verification timestamps, and store verification payload data needed for fraud prevention, validation, and support.

Real-Time and Device Data

• Location Data: Your real-time location while you are in an active room and have granted location permission. If you grant background location permission, your location may continue to be shared with room participants while the room is active when the app is in the background.
• Voice Data: Real-time voice communications during active rooms. Convoys does not record or store voice content, but may store limited session metadata (for example room, participant identity/name, connection/disconnection events, and related webhook payload fields) for operations, security, abuse prevention, and debugging.
• Camera/QR Data: Camera access can be used to scan room QR codes. The app reads QR content to join rooms (for example room identifiers and invite tokens in the QR payload).
• Photo Library Data: Optional photo library access used only when you choose a profile image.
• Device Information: Device type, operating system, app version, and technical identifiers used for security and room rejoin flows.
• On-Device Stored Data: The app may store recent room history in local app preferences and may store room passwords/rejoin tokens in device secure storage to support quicker re-entry.

Automatically Collected Operational Data

• Diagnostics: Crash reports and performance diagnostics (if enabled in Settings).
• Usage Analytics: App interaction events (if enabled in Settings).
• Service Metering: Operational usage records for service limits and monetization (for example session heartbeats, daily usage counters, active session state, and room creation counters).
• Room/Session Metadata Logs: Operational logs may include room and participant identifiers, request metadata, webhook event metadata, event timestamps, and technical diagnostic payload fields.
• Webhook and Event Logs: Events from payment providers (for example purchase, cancellation, refund/revocation notifications) and associated technical payloads for reconciliation and audit.
• Request and Security Diagnostics: Request logging may include request ID, method, path, status, and duration. In security/debug contexts, diagnostics may also include IP-related network headers, source IP, user-agent, app/client version headers, and token fingerprint/validation metadata.
• Idempotency Records (Payment-Sensitive Endpoints): To prevent duplicate operations, we may store endpoint scope, idempotency key, request hash, response status/body, and expiration metadata.
• Route Preview Processing Data: For route preview features, origin/destination/intermediate coordinates (and optional language/region parameters) are processed by our proxy and may be temporarily cached in memory for reliability/performance.
• Moderation and Audit Data: Admin/moderation actions may generate audit records, including actor, action, target room/user identifiers, request correlation IDs, and structured metadata.

How We Use Your Information

We use the collected information to:

• Provide and maintain the Convoys service.
• Enable real-time communication and location sharing within convoys.
• Power room access/security features, including password checks, invites, rejoin flows, and abuse prevention.
• Provide premium upgrades and validate in-app purchases.
• Improve app performance and user experience.
• Detect, investigate, and prevent technical issues, fraud, and abuse.

Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Third-party services that help us operate the app, such as:
  • Supabase: authentication (anonymous profiles), database storage, and avatar storage.
  • LiveKit: real-time voice communication, room/session signaling, and service webhooks.
  • Google: maps/navigation and places search features (where enabled), including route preview requests processed through our proxy and sent to Google APIs.
  • Firebase: crash reporting and usage analytics (where enabled).
  • Apple App Store / Google Play: in-app purchase processing, verification, and billing events.
  • Hosting/Infrastructure: services used to host our APIs and supporting infrastructure.
• Other Users: Your location and profile information are visible to members of rooms you join.
• Legal Requirements: When required by law or to protect our rights and safety.

Data Security

We implement reasonable security measures to protect your information, including:

• Encrypted transport for voice and data in transit.
• Secure HTTPS connections for data transmission.
• Access controls and database protections designed to prevent unauthorized access.

Data Retention

• Voice Communications: Not recorded or stored by Convoys.
• Location Data: Shared in real time during active sessions and not retained as trip history after a session ends.
• On-Device Room Data: Locally stored room history and secure room credentials remain on your device until removed by app actions, app data reset/uninstall, or secure-storage cleanup.
• Profile Information: Retained until you update or delete your profile/account.
• Room Security Data: Invite/rejoin and abuse-prevention records are retained as needed for room access security, moderation, and operational continuity.
• Purchase and Billing Records: Retained for verification, fraud prevention, customer support, accounting, and legal compliance needs.
• LiveKit Webhook Event Logs: Retained for up to approximately 30 days for service reliability, abuse investigation, and operational debugging, unless a longer retention period is required by law, security, or active dispute handling.
• Idempotency Records: Retained until expiration (default approximately 24 hours, configurable) and used only to ensure safe replay/duplicate protection.
• Route Preview Cache: Stored in temporary in-memory cache (typically seconds, with stale fallback retention up to approximately 15 minutes depending on runtime configuration).
• Admin Audit and Moderation Logs: Retained according to operational, security, dispute-handling, and legal/compliance needs.
• Diagnostics/Analytics/Operational Logs: Retained according to provider retention policies and our operational needs.

Legal Requests and Safety

We may preserve, use, and disclose information (including room/session metadata and logs) when reasonably necessary to comply with law, valid legal process, regulatory obligations, enforce our Terms, investigate abuse, or protect users, Convoys, and the public. This may include moderation/audit logs, webhook/billing records, and relevant request/security diagnostics.

Your Choices and Rights

You can:

• Access and review your personal information in the app.
• Request correction of inaccurate profile data.
• Delete your profile/account via in-app Settings.
• Control permissions (location, microphone, camera, photo library) through device settings.
• Disable usage analytics and crash reporting in Settings.
• Manage in-app subscriptions/purchases via your Apple App Store or Google Play account settings.

Account Deletion

You can request account deletion either in-app or through our web page:

• In app: Settings -> Delete Account.
• Web request page: https://convoys.app/account-deletion

The account deletion page describes the deletion flow, what data is deleted, and what data may be retained for legal, fraud-prevention, security, billing, and compliance purposes.

Children's Privacy

Convoys is not intended for users under the age of 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us.

International Users

Your information may be transferred to and processed in countries other than your own. By using Convoys, you consent to such transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date will reflect when changes were made. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: privacy@convoys.app
Website: https://convoys.app

(c) 2026 Convoys. All rights reserved.