Privacy Policy
Last updated: June 15, 2026
1. Who we are
ConvergeFlow is a cold-email automation platform operated by Varritech Inc., located at 21 5th Ave, New York, NY 10175, United States. References to “we,” “us,” or “ConvergeFlow” in this policy mean Varritech Inc..
2. Information we collect
We collect the following categories of information:
- Account data: name, email address, profile photo, and authentication identifiers from providers you connect (Clerk, Google, Facebook, Microsoft, etc.).
- Inbox data: when you connect a Gmail, Outlook, or SMTP inbox, we store OAuth tokens or SMTP credentials needed to send mail on your behalf. We do not read your inbox beyond detecting replies to messages we sent.
- Campaign data: lead lists you upload, drafted messages, send status, opens, clicks, and replies.
- Billing data: handled by Stripe. We retain only the customer ID, subscription status, and last-four card digits.
- Usage data: standard logs (IP, user agent, timestamps) used for security and product analytics.
3. How we use information
- To send cold-email campaigns you configure.
- To draft message variants using LLM providers (Ollama Cloud, OpenAI).
- To track deliverability, replies, and unsubscribes.
- To bill you for paid plans.
- To respond to support requests.
- To detect abuse and prevent spam.
4. How we share information
We share data only with sub-processors needed to operate the service:
- Clerk — authentication and session management.
- Google Cloud / Firebase — database, storage, hosting.
- Vercel — application hosting.
- Stripe — payment processing.
- Resend — email sending, domain authentication, deliverability webhooks.
- Ollama Cloud, OpenAI — message drafting and embeddings.
- Sentry — error monitoring.
We do not sell your personal information. We do not share lead lists or message content with third parties for marketing.
5. Data retention
Account, campaign, and inbox data are retained for the life of your account. When you delete your account, we remove personal data within 30 days, except where retention is legally required (for example, billing records held for 7 years).
6. Your rights
You may access, correct, export, or delete your data at any time from Settings → Account, or by emailing support@convergeflow.com. If you are a resident of the EU, UK, or California, you also have rights under GDPR, UK-GDPR, and CCPA respectively, including the right to lodge a complaint with your data protection authority.
7. Facebook Login data
When you sign in with Facebook, we receive your name, email, and Facebook user ID through OAuth. We use this data only to create and authenticate your ConvergeFlow account. We do not post to Facebook, read your friends list, or store any other Facebook data. You can revoke access at facebook.com/settings → Apps and Websites at any time. To request deletion of Facebook-sourced data, see our Data Deletion Instructions.
8. Security
Data is encrypted in transit (TLS 1.2+) and at rest. OAuth refresh tokens are stored encrypted. Access is restricted via least-privilege IAM and audited.
9. Children
ConvergeFlow is not directed at children under 16, and we do not knowingly collect data from anyone under that age.
10. Changes to this policy
We may update this policy from time to time. Material changes will be announced via email or in-app notice at least 14 days before taking effect.
11. Contact
Questions about this policy? Email support@convergeflow.com, or write to Varritech Inc., 21 5th Ave, New York, NY 10175, United States.