Privacy Policy
Last updated: 2026-04-28
We respect your privacy. This page explains what data Comvix collects when you use our platform, how we use it, who we share it with, and the rights you have over your data.
Data Controller
Comvix is operated by Valdura LTD, a company registered in England & Wales. Valdura LTD is the data controller for personal data processed through Comvix. You may contact our privacy team at privacy@comvix.ai for any data-related question.
What We Collect
We collect three categories of data: (1) Account data — your name, email, and authentication credentials when you sign up. (2) Usage data — your team's actions inside Comvix, AI usage counters, and analytics events used to improve the product. (3) Customer data — messages, contacts, and media your customers send through the channels you connect to Comvix. You remain the controller of your customer data; Comvix is the processor.
How We Use Your Data
We process data to: (a) provide and operate the platform, (b) bill you for the plan you subscribed to, (c) protect Comvix and our customers from abuse, fraud, and security incidents, (d) communicate product updates and service notices to you, and (e) comply with legal obligations under UK and EU data protection law.
Who We Share Data With
We share data only with the third parties strictly necessary to operate Comvix: Stripe (payments), OpenAI and Replicate (AI inference), Meta / Google / TikTok / Twilio (the messaging providers you connect), AWS or Cloudflare R2 (encrypted media storage), and Sentry (error monitoring). We do not sell your data, ever.
Data Retention
Account data is retained while your account is active. After cancellation we keep records for up to 90 days to support reactivation, then delete them within 180 days unless we are legally required to retain longer (e.g. invoicing records under HMRC rules — typically 6 years). Customer data is retained according to the retention policies you configure per-brand.
Your Rights
You have the right to access, rectify, export, or delete your personal data, and to withdraw consent for processing where consent was the legal basis. To exercise any of these rights, email privacy@comvix.ai with proof of identity. We respond within 30 days. If you are based in the UK or EU, you may also lodge a complaint with the ICO (UK) or your local supervisory authority.
Security
We encrypt sensitive personal data (PII columns: phone, email, contact name, message content) at rest with AES-256-GCM. All connections use TLS 1.2+. Access to production systems is restricted to authorised engineering staff and audited via append-only audit logs. We follow OWASP Top 10 hardening practices and run automated security scans on every release.
International Transfers
Comvix infrastructure is hosted in the European Economic Area (EEA). Some sub-processors (e.g. OpenAI, Stripe) operate in the United States. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum to ensure your data is protected to UK/EU standards.
Cookies
Comvix uses essential cookies to keep you logged in and enforce CSRF protection. We use a small number of analytics cookies to understand how the product is used; you can disable these in your browser without losing access to Comvix functionality.
Children
Comvix is a B2B product and is not directed to children under 16. We do not knowingly collect personal data from anyone under that age.
Changes to This Policy
We may update this policy as the platform evolves. Material changes will be announced via in-app banner and email at least 14 days before they take effect. The 'Last updated' date at the top of this page reflects the most recent revision.
Comvix is operated by Valdura LTD, a company registered in England and Wales.