Privacy Policy

Last updated: 2026-01-31

These legal terms are provided for operational readiness and risk disclosure. They are not legal advice. You should review them with your counsel before go-live.

This Privacy Policy describes how Corvyn Labs collects, uses, discloses, and protects information when you visit our website or use our subscription services (collectively, the "Services").

This policy is designed to be practical and transparent. Depending on your location, additional rights or notices may apply.

1. Scope

This Privacy Policy applies to information processed by Corvyn Labs as a controller for our website and business operations, and as a service provider/processor when we process Customer Data on behalf of our business customers.

If you are an End User interacting with a Customer’s phone number, webform, widget, or other channel powered by the Services, your relationship may primarily be with that Customer. We process End User communications on behalf of Customer and Customer determines the purposes and means of processing.

2. Information we collect

2.1 Information you provide

Contact information such as name, email address, phone number, company, and message content when you request a demo, contact sales, or otherwise communicate with us.
Account information such as business name, user profile details, and credentials when you create or use an account.
Support information including tickets, chat messages, and troubleshooting information.
Business configuration such as your pipelines, workflows, scheduling preferences, and integration settings.

2.2 Information collected automatically

Usage data including pages viewed, actions taken, timestamps, device and browser information, and approximate location derived from IP address.
Log data including error logs, security and audit logs, and performance metrics.
Cookies and similar technologies used for authentication, analytics, preferences, and security.

2.3 Billing and payment information

If you purchase a subscription, payments are processed by third-party payment processors. We generally receive limited billing-related information (for example, billing status, plan tier, and transaction identifiers), but we do not receive or store full payment card numbers.

2.3 Communications and voice/SMS content

If Customer enables messaging or voice workflows, the Services may process communication content (for example, SMS messages, call metadata, and voicemails). If call recording is enabled, recordings and transcripts may be processed and stored.

End Users may also provide information to Customer via a webform or widget (for example, name, contact details, message content, and consent acknowledgments). That information may be stored in Customer’s instance of the Services.

2.4 Sensitive information

Please do not submit sensitive information to the Services unless specifically required for your use case and you have appropriate rights and consents. The Services are not designed for emergency services, and are not intended to process regulated data such as protected health information unless expressly agreed in writing.

3. How we use information

We use information to:

Provide, maintain, and improve the Services.
Process requests, create leads, and facilitate communications you initiate.
Authenticate users and secure accounts.
Monitor, detect, prevent, and investigate fraud, abuse, and security incidents.
Provide customer support and respond to inquiries.
Conduct analytics to understand performance, reliability, and product usage trends.
Comply with legal obligations and enforce our agreements and policies.

4. Legal bases (where applicable)

Where required by law (for example, in certain international jurisdictions), we process personal information based on legal bases such as: (i) performance of a contract, (ii) legitimate interests (for example, securing and improving the Services), (iii) compliance with legal obligations, and (iv) consent where required (for example, certain marketing communications or cookies).

5. AI and automated processing

Some features may use AI or automation, including LLM-based components, to help draft responses, summarize conversations, classify leads, route requests, or suggest next steps. AI systems can be non-deterministic and may produce variable or inaccurate outputs. Customer is responsible for configuring appropriate safeguards and for human review where needed.

Corvyn Labs does not use AI Output as a substitute for human judgment in high-stakes contexts. Customer should implement meaningful review and controls appropriate to its use case.

6. How we share information

We may share information:

With service providers who help us operate the Services (for example, hosting, infrastructure, monitoring, analytics, customer support tools, messaging/telephony providers, and payment processors). These providers are authorized to process information only as necessary to provide services to us.
With our business customers when you interact with a Customer’s instance of the Services (for example, as an End User interacting with a widget).
For legal and safety reasons such as responding to lawful requests, enforcing policies, protecting rights, or preventing harm.
In connection with a business transaction such as a merger, acquisition, or sale of assets.

7. Cookies and analytics

We may use cookies and similar technologies to: keep you signed in, remember preferences, measure performance, understand site usage, and help protect the Services from abuse. You can usually control cookies through your browser settings. Some features may not function properly without certain cookies.

8. Data retention

We retain information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. Retention periods may vary depending on the type of data, contractual requirements, and Customer configuration.

Examples of retention considerations include: (i) account and billing records retained for legal and accounting needs, (ii) communications data retained based on Customer configuration and operational needs, and (iii) security and audit logs retained to support detection, investigation, and prevention of abuse.

9. Security

We implement administrative, technical, and organizational measures designed to protect information. However, no system is perfectly secure. Security risks can arise from malicious actors, misconfiguration, account compromise, and third-party failures.

10. Your choices and rights

Account information: You can update certain information through the Services.
Communications: You may opt out of marketing communications by using the unsubscribe mechanism where available.
Access, correction, deletion: Depending on applicable law, you may request access, correction, or deletion of personal information. If we process information on behalf of a Customer, we may direct you to the Customer to make such requests.

11. End User opt-out and consent

End Users may be able to opt out of certain communications by responding with common opt-out keywords (for example, STOP) or via other mechanisms configured by Customer. Customer is responsible for obtaining and maintaining any required consents prior to contacting End Users.

12. Do we sell personal information?

We do not sell personal information in the ordinary meaning of the term.

13. International transfers

The Services may be operated from the United States or other locations. Information may be transferred to and processed in countries that may have different data protection laws than your jurisdiction.

14. Children’s privacy

The Services are not directed to children and we do not knowingly collect personal information from children.

15. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date indicates the most recent revision.

16. Contact

If you have questions about this Privacy Policy or our privacy practices, contact us using the contact method listed on our website.