Convek
Get Started — Free

Privacy Policy

Last updated: 12 April 2026

Convek (“we”, “us”) takes your privacy seriously. This policy explains what data we collect, why, and how we protect it.

1. What We Collect

Account data

  • Email address — required to create an account and for transactional email (password reset, usage alerts, etc.)
  • Password — stored as a bcrypt hash by Supabase Auth. We never see or store your plaintext password.
  • Subscription data — your plan tier and billing status, synced from Stripe.

API usage data

  • Request logs — API key prefix, endpoint, query parameters (lat/lon/date), timestamp, response code. Used for rate limiting, billing, and debugging.
  • Daily usage counters — aggregated request counts per API key per day.

Contact & marketing data

  • Contact form submissions — name, email, subject, and message. Stored in our email system (Resend) and optionally in our CRM (Brevo) if you opt in to the mailing list.
  • Waitlist signups — email and requested country. Stored in Brevo.
  • Mailing list — email only, if you explicitly opt in via the contact form.

Technical data

  • Standard web analytics — page views, referrers, country (no personal data). Collected by Vercel Analytics. No cookies, no cross-site tracking.

2. What We Don't Collect

  • We don't sell your data. Ever.
  • We don't use advertising trackers.
  • We don't share your data with third parties for marketing purposes.
  • We don't collect payment card details — Stripe handles all payment processing.

3. How We Use Your Data

  • Providing the service — authenticating you, enforcing rate limits, delivering forecasts.
  • Transactional email — account confirmation, password reset, usage alerts, contact form replies.
  • Billing — processing payments via Stripe, managing subscriptions.
  • Improving the service — understanding usage patterns, identifying bugs, planning capacity.
  • Marketing — only if you explicitly opt in. We use Brevo for mailing list management. You can unsubscribe at any time.

4. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase — authentication and database (hosted in EU)
  • Stripe — payment processing
  • Cloudflare — DNS, CDN, API hosting, email routing
  • Vercel — website hosting
  • Resend — transactional email delivery
  • Brevo — contact lists and CRM (mailing list, waitlist)

Each of these services has its own privacy policy. We select services that are GDPR-compliant or offer adequate data protection.

5. Data Retention

  • Account data — retained for the lifetime of your account. Deleted when you delete your account.
  • API usage logs — retained for up to 90 days, then aggregated or deleted.
  • Contact form messages — retained in our email for support purposes. Deleted on request.
  • Mailing list — until you unsubscribe.

6. Your Rights (GDPR)

If you're in the EU/EEA, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct any inaccurate data.
  • Erasure— request deletion of your data (“right to be forgotten”).
  • Portability — receive your data in a structured format.
  • Objection — object to processing of your data for marketing.
  • Withdraw consent — for any processing based on consent (e.g. mailing list).

To exercise any of these rights, email hello@convek.dev. We'll respond within 30 days.

7. Cookies

We use essential cookies only — for authentication (session tokens). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children

Convek is not directed at children under 16. We do not knowingly collect data from anyone under 16.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email. The “last updated” date at the top of this page reflects the latest revision.

Contact

Privacy questions? Get in touch or email hello@convek.dev.