Privacy Statement

Receive email notifications of sub-vendor changes






Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form. Please try again.
LEGAL
Terms of Service
Acceptable Use Policy
Privacy Statement
Conveyor U.S. Data Processing Addendum
Responsible Disclosure Policy
Conveyor EU/UK Data Processing Addendum
Security Policy
Subprocessor Directory
Trademark Policy
Support Policy

Version 2.1 - Last Updated: April 30th, 2026

For the prior version of this statement please refer here.

First things first

At Conveyor our mission is to help build trust on the internet. As a result, our goal is to set a high standard for protecting the privacy of your information. This Privacy Statement transparently describes what you can expect Conveyor to do with your Personal Information (as defined below), including how we collect, use, protect and share your information. 

 

If you would like to learn how Conveyor uses information about your business, such as your customers and your trust posture, to provide the network, please see our FAQ.

 

Scope

This Privacy Statement applies to the information we collect, receive, or use on or in connection with websites owned or controlled by Conveyor, Inc., a Delaware corporation ("Conveyor" or "we" or "our" or "us"), including www.conveyor.com, applications, products, features, services, marketing, email or other site-related electronic communications, whether online or offline, or any portion thereof (collectively, the "Service").

 

This Privacy Statement does not apply to personal information arising from Conveyor’s employment-related activities. Except to the extent that a third party provides services on our behalf (such as a SaaS vendor), this Privacy Statement also does not apply to the practices of third parties to which we may link or otherwise refer you, such as consultants, pen testing firms, audit firms, and other vendors.

 

Conveyor’s Roles

In some circumstances, we determine the purposes and means of using Personal Information (i.e., we act as a data “controller”). These circumstances are generally described in this Privacy Statement and include but are not limited to the following: 

  • when we collect, use and process Personal Information about our customers (“Customer”) and their employees who act as administrative users of our Service so that we may carry out our operational and business administrative functions such as establishing accounts and billing for our services; and
  • when we collect and process Personal Information about individuals who reach out to us with feedback about our Service, navigate our website or sign up for our mailing lists so that we may optimize our Service, operate our website efficiently and communicate with them about our products and services in which they express interest.

In other circumstances, we collect, use and process Personal Information about Invited Third-Party users, End Users, and others who are invited by Customer’s users and End Users to use our Service so that we may provide contracted services to our Customers, such as enabling Invited Third-Parties and End Users to respond to security questionnaires, share security and trust information, and otherwise collaborate within our Customers' accounts.. In these circumstances, we process Personal Information on behalf of our Customers as a data “processor”. Details concerning some of our processing activities as a processor are generally described elsewhere in this Privacy Statement. Our activities and related obligations as a processor are also described in Data Processing Agreements (DPAs) between us and our Customers.

Personal data we collect 

For purposes of this Privacy Statement, "Personal Information" means information from or about you that identifies you directly or information that is associated with you and thus could potentially identify you, including when combined with other information from or about you.

"Sensitive Personal Information" includes data categorized as such under applicable laws and may include data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, genetic and biometric data when used for identification purposes, and data about health, sex life, and sexual orientation.

We only collect the minimum Personal Information necessary to accomplish the purposes of using such Personal Information, as described in this Privacy Statement. Where we use AI-assisted tools to support our operations and services, those tools operate under human review and oversight. We may need to collect your Personal Information to provide certain aspects of our Service and in those circumstances, if you choose not to provide us with your Personal Information, it means you will not be able to use the relevant part of our Service.

‍The categories and types of Personal Information we use and the legal basis and purpose for using such Personal Information when we act as a controller are set forth in the table below:

Category Data Types Legal Basis and Purpose
Customer & Prospect Information Business contact and account information of personnel at our Customers and prospective customers. This includes name, business email address, title, company, and, where an individual creates an account to access the Services, password and related account credentials. We collect this information when we interact with personnel at our Customers and prospective customers in the ordinary course of business and when an individual at a Customer creates an account on the Services. We rely on (i) the performance of our contract with the Customer to provide the Services to account holders, (ii) our legitimate interest in contacting personnel at our Customers and prospective customers regarding normal business administration such as projects, services, and billing, and (iii) our legitimate interest in providing account-related functionality, monitoring account logins, and detecting potential fraudulent logins or account misuse.
Cookies and First Party tracking We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed. We have a legitimate interest in making our website operate efficiently.
Cookies and Third Party Tracking We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites. Where required by law, we base the use of third party cookies upon consent.
Email Interconnectivity If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. We have a legitimate interest in understanding how you interact with our communications to you.
Feedback/Support We collect Personal Information from you contained in any inquiry you submit to us regarding our Sites or Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analyzed for training, quality control and for sales and marketing purposes. During such calls we will notify you of the recording via either voice prompt or script. We may also record video and audio during sales, customer support, onboarding, and account review meetings via web conferencing tools. These recordings are processed using meeting intelligence software and may be used for support quality assurance, internal training, and product and service improvement. You will be notified at the start of any meeting that recording is taking place. You have the right to object to recording at any time by notifying the Conveyor team member at the start of the meeting or any point during the meeting. In such cases the recording will be stopped and any portion of a meeting that was recorded will be deleted upon request. We have a legitimate interest in receiving, and acting upon, your feedback, issues, or inquiries.
Mailing List When you sign up for one of our mailing lists we collect your email address or postal address. We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.
Order Placement We collect your name, billing address, shipping address, e-mail address, and phone number. To the extent that you have elected to pay using a credit card we also take (directly or through our payment processor) your payment card information. We have a legitimate interest in using order placement information for administrative purposes, including fulfilling and billing for such orders.
Surveys When you participate in a survey we collect information that you provide through the survey. We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization.
Website interactions We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser. We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
Web logs We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular.
Leads Contact Data We collection information of leads contact data including names, email, company and title (optional). We have legitimate interest of provision, tailoring and improvement of our Services, development of new ones, sales and marketing.

Why We Collect Information from and about you

In addition to the purposes and uses described above, we use information in the following ways:

To establish and maintain contractual relationships with our Customers:

  • To establish relationships with new Customers
  • To fulfill our obligations to current Customers
  • To contact Customers regarding account-related issues and business communications relating to the Services, including technical notices, updates, security alerts, and administrative messages
  • To enable individuals to access and use our Services

To comply with our legal obligations:

  • To comply with legal obligations, including but not limited to complying with tax and financial reporting requirements
  • To demonstrate compliance with applicable privacy and data security laws and regulations, such as CCPA and GDPR
  • To comply with incident monitoring, reporting, assessment, and notification requirements
  • To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law

To provide services and information that you request and consent to receive:

  • To provide customer service and support
  • To communicate with you, including responding to your comments, questions, and requests regarding our Services
  • To process and complete transactions, and send you related information, including purchase confirmations and invoices
  • To provide direct marketing, email, and other distributed information distribution

To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:

  • To administer, operate, maintain, and secure our website and Services
  • To monitor and analyze trends, usage, and activities in connection with our Services
  • To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities
  • To verify compliance with our internal policies and procedures
  • For accounting, recordkeeping, backup, and administrative purposes
  • To customize and improve the content of our communications, websites, and social media accounts
  • To educate and train our workforce in data protection and customer support
  • To provide, operate, maintain, improve, personalize, and promote our Services
  • To develop new products, services, features, and functionalities
  • To market our products and services (first-party marketing only; we do not provide Personal Information for use in marketing any non-Conveyor, third-party goods or services)

When possible, we will use anonymized data for these purposes, but if we do not, or if we combine it with Personal Information we will treat it in accordance with this Privacy Statement.

Sharing of Information

Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Statement, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose Personal Information that we collect from or about you. We may share your information in the following ways:

  1. Affiliates and Acquisitions: We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
  2. With other Customers listed on the Conveyor Network, based on your consent: We may share your Personal Information with companies, organizations, or individuals outside of Conveyor when we have your consent to do so.
  3. When you choose to directly share your information while using our Services: When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services (e.g., sharing a security document in your Conveyor Room). We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
  4. With our vendors and business partners, to accomplish our business purposes: We may share your information with service providers in two distinct contexts: (a) When Conveyor acts as a data processor on behalf of a Customer under a DPA, we require any sub-processors we engage to help deliver the contracted services to such Customer to agree to similar and no less stringent protections and obligations as apply to Conveyor under the DPA. Those sub-processors are listed in our Subprocessor Directory, and customers with a signed DPA are entitled to advance notice before any new sub-processor is added; and (b) When Conveyor acts as a data controller for its own business operations, we engage service providers who process Personal Information solely on our behalf and under our instructions. These include providers of customer relationship management and account administration services, meeting intelligence and call recording services, product analytics and usage monitoring services, and email, communication, and business productivity platforms. These service providers operate under Conveyor’s own contracts and are not sub-processors under our DPAs with Customers.
  5. When necessary to comply with laws and law enforcement requests, or otherwise to protect our rights or those of individuals: We may disclose your information (including your Personal Information) to a third party as necessary to comply with laws and law enforcement requests or otherwise to protect our rights or those of individuals, in each case as permitted or required by law.
  6. We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request:
  • To enforce our agreements, policies and terms of service;
  • To protect the security or integrity of Conveyor’s products and services;
  • To respond to an incident involving Personal Information for which Conveyor has direct or indirect responsibility;
  • To protect the property, rights, and safety of Conveyor, our Customers or the public from harm or illegal activities;
  • To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
  • To investigate and defend ourselves against any third-party claims or allegations.

Your Rights

Depending on your location, you may have certain rights regarding your Personal Information based on applicable laws. Such rights may include, without limitation: 

  1. Right to information: You may ask us how we use your Personal Information. We inform and communicate this through our Privacy Statement and privacy notices. 
  2. Right to access: You may request information about, and access to, the Personal Information that we collect from or about you.
  3. Right to rectification: You may update or correct your Personal Information at any time by accessing the account settings page on the website or within our platform or by submitting a request to us.
  4. Right to be forgotten (right to deletion): You may request that we delete Personal Information that we have collected about you.
  5. Right to restriction of processing: You may request us to temporarily refrain from processing your Personal Information. 
  6. Right to portability: You may ask for a copy of your Personal Information in a way that can be shared somewhere else or you may ask that we transmit your Personal Information directly to another data controller, when technically feasible. 
  7. Right to withdraw consent: You may withdraw the consent you previously gave us to process your Personal Information. If and when you change your mind, you can let us know. 
  8. Right to object: Where we rely on legitimate interests as the basis for processing your Personal Information or in other circumstances as dictated under applicable law, you have the right to object to that processing at any time. We will honor your objection unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You may also opt out of direct marketing communications at any time by following the unsubscribe link in any such communication.
  9. Right to lodge a complaint: You have the right to lodge a complaint with the data protection supervisory authority or other relevant government authority in your country of residence, place of work, or where an alleged infringement of applicable data protection law occurred. In the EU, a list of national supervisory authorities is available at https://edpb.europa.eu. In the UK, the relevant authority is the Information Commissioner’s Office (ICO) at https://ico.org.uk.

Please note that in some cases applicable laws may specify restrictions or limitations on your exercise of rights; therefore, we may not be able to permit your exercise of rights in all circumstances. Where we are not able to honor a request you make of us with regard to your Personal Information, we will inform you of the reason for denying your request.  If you wish to contact Conveyor to exercise any of the rights afforded to you under applicable laws (which may include those listed above), please write to Conveyor at legal@conveyor.com.

Security

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, we certainly try very hard, employing a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the Personal Information you trust us with. For more information, please see our Security Policy.

Data Retention 

We retain your Personal Information only as long as necessary to accomplish applicable business purpose(s) described in this Privacy Statement or to comply with our legal and contractual obligations. 

Children

Our Services are not directed to individuals under 16. We do not knowingly collect Personal Information from children under 16. If we become aware that a child under 16 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact us at legal@conveyor.com.

International Data Transfers

Conveyor is based in the United States. If you are located in the European Economic Area, the United Kingdom, Switzerland, or other countries outside of the United States, your personal data will be transferred to and processed in the United States. We may rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and equivalent mechanisms recognized under  other applicable laws, as the lawful basis for such transfers. Where we rely on SCCs or other clauses as equivalent mechanisms for the transfer of your Personal Information, you may contact Conveyor at legal@conveyor.com to request a copy of such SCCs/clauses and we will provide copies to you as required by applicable law.

EU and UK Representative

Pursuant to Article 27 of the GDPR and the UK GDPR, Conveyor has appointed Osano International Compliance Services Limited as its representative in the European Union and the United Kingdom respectively. If you are located in the EU or UK and wish to exercise your data protection rights or raise a concern about how Conveyor processes your Personal Information, you may contact our representative at:

EU Representative

Osano International Compliance Services Limited

ATTN: TU92

25 North Wall Quay

Dublin 1

D01 H104

UK Representative

Osano UK Compliance LTD

ATTN: TU92

42-46 Fountain Street

Belfast

Antrim

BT1 - 5EF

Changes to Privacy Statement 

As our business evolves, Conveyor may update this Privacy Statement from time to time with the changes to our Service and our business, and laws applicable to us and you. When this occurs, we will notify you by revising the version and date at the top of this Privacy Statement and, in some cases, where appropriate we may provide you with additional notice (such as adding a statement to the log-in screen or sending you an email notification).

If you’d also like to be notified of material changes by email, you can sign up by emailing legal@conveyor.com with the subject “Subscribe to Privacy Statement Notifications” and telling us the email address where we should send these notifications. If you continue to use the Services after those changes are in effect, you agree to the revised statement. If you disagree, you’ll have to stop using the Service and delete your data.

Contact

Please contact us with any questions or comments about this Privacy Statement, your Personal Information, our use and disclosure practices, or your consent choices by email at legal@conveyor.com. 

Platform
Product OverviewGet a Trust CenterAI Security Questionnaire AutomationAI for RFP ResponseWatch 1 Min Walkthrough
Resources
CustomersPricingBlogDocumentationChangelogOpen a Ticket
Compare
Conveyor vs. SafebaseConveyor vs. WhisticConveyor vs. LoopioConveyor vs. ResponsiveConveyor vs. HypercomplyConveyor vs. SecurityPal
Company
AboutCareersLegalSecurityStatusNewsletter
Download Conveyor Browser Extension
© 2025 Conveyor Inc.
Privacy Policy