Legal

Privacy Policy

Last updated: May 4, 2026

1 Introduction

convly ("we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use our interoperability solution connecting Slack and Microsoft Teams ("the Service").

2 Your Role and Our Role

For most data processed through the service:

  • Customer (your organization) = Data Controller
  • convly = Data Processor

This implies:

  • your organization decides why and how data is used
  • we process data only to provide the service

For limited purposes (e.g. billing, account management), convly may act as an independent Data Controller.

3 How Our Service Works (Data Flow)

convly acts as a secure bridge between messaging platforms.

Message flow

  1. A message is sent in Slack or Microsoft Teams.
  2. convly securely receives the message via authorized APIs.
  3. The message is processed and transmitted to the destination platform.
  4. The recipient receives the message in their native tool.

Storage model

  • Message content is not stored.
  • Temporary processing may occur to ensure delivery, reliability, and synchronization.
  • Logs may be generated for debugging and security purposes.
We do not access message content except as necessary to operate and maintain the service.

4 What Data We Collect

  • Account Information: Name, email address, organization, and authentication details when you register or sign in through Slack or Microsoft Teams.
  • Workspace Data: Information related to your Slack and Microsoft Teams workspaces, including channel metadata, user identifiers, and message routing preferences.
    We do not store any message content.
  • Usage Data: Technical information such as IP address, device type, browser, operating system, log data, and activity within the Service.
  • Support & Communication: Information you provide when contacting us for support or feedback.

5 Why We Process Data

We process data only to:

  • Provide, maintain, and improve our Service.
  • Allow interoperability between Slack and Microsoft Teams.
  • Authenticate users and ensure secure connections.
  • Monitor usage and performance to enhance reliability.
  • Respond to support requests and user inquiries.
  • Comply with legal obligations.

6 Legal Basis for Processing

Where convly acts as a Data Processor, we rely on our customers to establish a valid legal basis.

Where we act as a Data Controller, we rely on:

  • Contract performance
  • Legitimate interests (service security, improvement)
  • Legal obligations

7 Data Storage

We retain data only as long as necessary.

Data Type Retention
Messages Not stored (transient processing only)
Logs 30 days
Account data Duration of contract

Backups are securely deleted within a defined timeframe.

8 Security Measures

We implement appropriate technical and organizational measures, including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (where applicable)
  • Secure authentication via OAuth
  • Role-based access control (RBAC)
  • Monitoring and logging for anomaly detection

Access to data is restricted to authorized personnel only.

convly requests only the strictly necessary permissions to ensure interoperability between Teams and Slack.

More security details can be found here.

9 Data Sharing

We do not sell your personal information. We may share information only in these cases:

  • With service providers who assist us in operating the Service (e.g., hosting, monitoring, analytics) under strict confidentiality agreements. See Subprocessors in the next section.
  • To comply with legal requirements or respond to lawful requests.
  • In connection with a business transfer, such as a merger or acquisition.

10 Subprocessors

We rely on trusted third-party providers to operate our service (e.g. hosting, email, monitoring). These subprocessors are contractually bound to protect personal data.

  • Slack, USA — Slack workspace data.
  • Microsoft, USA — Teams workspace data.
  • AWS, USA or EU — data hosting and processing.
  • Stripe, USA — payment processing.
  • Chargebee, USA — billing data.

11 International Data Transfers

Personal data may be processed outside the European Economic Area (EEA).

Where this occurs, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • Encryption and access controls

We also rely on infrastructure and APIs provided by Slack and Microsoft Teams, which may process data independently under their own terms.

12 Your Rights

Depending on your location, you may have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Request data portability

If convly processes your data on behalf of an organization, please contact that organization directly. We will assist our customers in responding to such requests.

To contact us about your rights: privacy@conv.ly

13 Data Breaches

In the event of a personal data breach, we will:

  • Notify affected customers without undue delay
  • Provide relevant details and mitigation steps

14 Third-Party Platforms

convly integrates with third-party platforms, including Slack and Microsoft Teams. These platforms operate independently and have their own privacy policies. We are not responsible for their data handling practices.

15 Changes to This Policy

This Privacy Policy may be amended from time to time. The most current version will always be accessible on our website, and you are strongly encouraged to review it periodically to remain informed of any modifications.

16 Contact

For questions about this Privacy Policy or data protection: privacy@conv.ly

17 Governing Law

This Policy shall be governed by the laws of France.