Privacy Policy — ConvOps

Last updated: March 2026

1. Who We Are

ConvOps ("we", "our", "us") is operated by Nitesh Bhavsar, Berlin, Germany. We provide a conversational infrastructure management platform that connects your AWS environment to messaging channels (WhatsApp, Slack).

Contact: nitesh@convops.io

2. What Data We Collect

We collect only what is necessary to provide the service:

Account information — name, email address, company name (where applicable)
Messaging channel identifiers — WhatsApp phone number and/or Slack workspace ID, used solely to route alerts to you
AWS account identifiers — account IDs and IAM role ARNs you provide during setup; we do not store credentials
Action audit logs — timestamps, action types, approval/rejection decisions, and the IAM principal used; required for security and accountability
Usage data — anonymised, aggregate metrics (e.g. number of alerts processed) to improve reliability

We do not collect: long-lived AWS credentials, the content of your workloads, training data from your infrastructure, or any sensitive personal data beyond what is listed above.

3. Individual / Solo Users

            Solo plan users connect their own personal or individual AWS account to ConvOps. The same data practices described in this policy apply equally to Solo, Team, and Enterprise users. Specifically:
            Your AWS account is accessed exclusively via the IAM role you create — no credentials are stored by ConvOps.
Alert data and action logs are retained only as long as necessary to provide the service (or up to 12 months, whichever is shorter), unless you request earlier deletion.
Your personal contact details (e.g. WhatsApp number) are used only for delivering alerts to you and are never sold or shared with third parties.
You can request deletion of your account and all associated data at any time by emailing nitesh@convops.io.

        

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data under the following legal bases:

Contract performance (Art. 6(1)(b) GDPR) — to provide the service you signed up for
Legitimate interests (Art. 6(1)(f) GDPR) — security logging, fraud prevention, and service improvement
Legal obligation (Art. 6(1)(c) GDPR) — where retention is required by applicable law

5. How We Use Your Data

Delivering infrastructure alerts to your chosen messaging channel
Executing approved actions in your AWS account on your behalf
Maintaining the action audit log for your own security review
Providing customer support
Sending service-related notifications (e.g. outages, security advisories)

We do not use your data for advertising or sell it to third parties.

6. Data Storage and Security

Data is stored in AWS (EU-West-1, Ireland) by default
All data in transit is encrypted with TLS 1.2+
All data at rest is encrypted with AES-256
AWS access uses short-lived session tokens via IAM role assumption — no long-lived credentials stored
ConvOps runs within your own AWS account; your infrastructure data does not leave your cloud environment

7. Data Retention

We retain personal data for as long as your account is active or as needed to provide the service. Action audit logs are retained for up to 12 months. You may request deletion at any time; see Section 9.

8. Third-Party Services

We use a small number of sub-processors to operate the service:

AWS — infrastructure hosting (EEA region)
WhatsApp / Meta — message delivery via the WhatsApp Business API (subject to Meta's privacy policy)
Slack Technologies — message delivery via the Slack API (subject to Slack's privacy policy)

No other personal data is shared with third parties.

9. Your Rights

Under GDPR and applicable law, you have the right to:

Access the personal data we hold about you
Rectification of inaccurate data
Erasure ("right to be forgotten") — we will delete your data within 30 days of request
Portability — receive your data in a machine-readable format
Objection to processing based on legitimate interests
Restriction of processing in certain circumstances

To exercise any right, email nitesh@convops.io. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (in Germany: the Berliner Beauftragte für Datenschutz und Informationsfreiheit).

10. Cookies

Our marketing website (convops.io) does not use tracking cookies. No third-party analytics are loaded on this page.

11. Changes to This Policy

We may update this policy periodically. Material changes will be notified via email or an in-app notice at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Questions or requests: nitesh@convops.io

Nitesh Bhavsar · Berlin, Germany