Convene
Start Free
← Back to Convene

Privacy Policy

Last updated: February 21, 2026

This Privacy Policy explains what data Convene collects, how it is used, and how it is protected. Convene is operated by DH Ventures LLC. For privacy inquiries, contact hi@derrickhicks.me.

Information We Collect

Account Information

  • Email address (required for signup)
  • Password (cryptographically hashed by Supabase Auth before storage; we never store or access plaintext passwords)
  • Account creation date

Session Content

  • Questions you submit to the coordinator
  • Coordinator chat messages (your input and AI responses)
  • Refined question briefs sent to the council
  • AI model responses (perspectives from multiple models)
  • Chairman synthesis reports
  • Debrief conversation messages

Payment Information

We do not directly collect or store credit card numbers, expiration dates, or CVV codes. Payment processing is handled entirely by Stripe. We receive from Stripe: transaction confirmation, amount paid, timestamp, and a customer identifier.

Usage and Technical Data

  • Token usage per session (input/output counts, model, latency)
  • Session status and timestamps
  • Credit balance and purchase history
  • IP address and browser user agent (collected automatically by our hosting provider)
  • Error logs for reliability and debugging

We Do Not Collect

  • Biometric data
  • Location data (beyond what IP address implies)
  • Contacts or address books
  • Data from other apps or services on your device

How Your Session Content Is Processed

When you use Convene, your questions are processed as follows:

  1. Coordinator phase: Your messages are sent to Anthropic's API for the coordinator conversation. Your messages and the AI responses are stored in our database.
  2. Council phase: Your refined question is sent to OpenRouter's API, which routes it to multiple AI model providers (including OpenAI, Anthropic, Google, Meta, Perplexity, Mistral, and xAI). Each provider receives only the refined question and the advisor's system prompt, not your full chat history, account information, or prior sessions.
  3. Synthesis phase: All model responses are sent to Anthropic's API for chairman synthesis. The synthesis and individual perspectives are stored in our database.
  4. Debrief phase: Follow-up conversation is processed through Anthropic's API and stored in our database.

When your questions are sent to AI model providers, those providers process the data according to their own terms and privacy policies. Most major AI providers state that API inputs are not used to train their models. However, we cannot control or guarantee how third-party providers handle data after receipt. We recommend not submitting highly sensitive personal information (such as Social Security numbers, medical records, financial account numbers, or trade secrets) in your questions.

We do not use your session content to train AI models ourselves. We do not share your session content with other users. We do not sell your data.

How We Use Data

  • Provide and improve core product functionality
  • Process payments and manage your account
  • Enforce security controls, fair-use limits, and abuse prevention
  • Support customer service and incident response
  • Meet legal, tax, and compliance obligations

Third-Party Service Providers

We use the following categories of service providers to operate Convene:

ProviderPurposeData Shared
SupabaseDatabase, authenticationAccount data, session content
AnthropicCoordinator, chairman, debrief AISession questions, chat messages
OpenRouterMulti-model API routingRefined questions
StripePayment processingEmail, transaction data
VercelApplication hostingIP address, request metadata

AI model providers accessed through OpenRouter include OpenAI, Google, Meta, Mistral, xAI, and Perplexity. Each provider operates under its own privacy policy and data processing terms.

Data Retention

  • Account data: Retained while your account is active plus 30 days after a deletion request.
  • Session content: Retained while your account is active. Deleted within 30 days of account deletion, except where legally required.
  • Payment records: Retained for 7 years as required for tax and financial compliance.
  • Usage logs: Retained for 12 months, then automatically purged.
  • Error/security logs: Retained for 90 days.

Your Rights

Depending on your location, you may have the right to:

  • Access a copy of the personal data we hold about you
  • Request correction of inaccurate personal data
  • Request deletion of your personal data (subject to legal retention requirements)
  • Request your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent where processing is based on consent

California Residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, and disclosed
  • Right to delete personal information
  • Right to opt out of the sale or sharing of personal information. Note: we do not sell or share personal information as defined by the CCPA.
  • Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at hi@derrickhicks.me. We will respond within 30 days (45 days for CCPA requests, extendable by an additional 45 days with notice).

Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service you requested (account management, session processing, billing).
  • Legitimate interests: Security monitoring, fraud prevention, service improvement, and usage analytics.
  • Legal obligation: Where we are required to retain data for tax, legal, or regulatory compliance.
  • Consent: Where you have opted in to optional communications. You can withdraw consent at any time.

International Data Transfers

Convene is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework, where applicable, as the legal mechanism for transferring personal data.

Cookies and Tracking

Convene uses the following cookies:

  • Supabase authentication session cookie (maintains your login state)
  • CSRF protection tokens

We do not use third-party advertising cookies, social media tracking pixels, or cross-site analytics cookies. Because we use only essential cookies required for Service functionality, a cookie consent banner is not required. If we add analytics or marketing cookies in the future, we will update this policy and implement appropriate consent mechanisms.

Children's Privacy

Convene is not directed to children under 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided personal information, we will take steps to delete that information.

Security

We implement technical and organizational safeguards including encrypted data transmission (HTTPS/TLS), encrypted data storage, and database-level access controls that restrict users to their own data. No system is perfectly secure. You should avoid submitting highly sensitive personal data unless necessary for the question's context.

Do Not Track

We do not currently respond to "Do Not Track" browser signals because there is no industry-standard protocol for compliance. We do not track users across third-party websites.

Policy Updates

If this policy changes materially, we will update the date above and may provide additional notice in-product.

Contact

Privacy questions and data requests can be sent to hi@derrickhicks.me.