Last updated: Jun 09, 2020

We’re Sovereign Net LTD, located at Craigmuir Chambers, Road Town, Tortola, VG1110, British Virgin Islands d/b/a Convertful (hereafter “we”, “us”, “our” and “Convertful”).

This Policy describes how we handle your personal data if you’re our customer under our Terms of Service (the “Main Agreement”) or a visitor of or (the “Sites”).

Your Personal Data

What we collect. We collect certain personal data about our customers and the Sites’ visitors. The types of the collected data include things like:

  • contact details, such as email address, username, full name, link to a social media profile, physical address and other;
  • company details, such as company name, address and registration number;
  • technical data such as IP address, signup and last visit time, timezone, browser language;
  • first visit information, such as visit source, UTM parameters, referral;
  • payment information, such as payment method, transactional details, and tax information;
  • connected websites’ data, such as name, domains, cms platform, other site settings, aggregated visits info;
  • connected integrations’ data, such as integration provider, API key, username and password, other connection settings;
  • created widgets’ content, display rules, used integrations and other settings;
  • behavior and navigation information;
  • support data such as support tickets, replies, ticket-related votes and follows, search queries, knowledge base feedbacks, role, occupation and web-related skills.

How we collect it. We collect your personal data:

  • Directly when you explicitly provide it on the Sites by completing a sign up, buying, subscribing to an email list, submitting feedback, adding or editing integrations, sites or widgets, creating a support ticket or replying to it, sending us a communication, making a search query, filling a data processing agreement, or submitting any other Sites web form when you’re signed in;
  • Indirectly via other people when you use services associated with the Sites. In particular:
    • payment method, transactional details and tax information from payment provider located in the UK in order to process a payment and/or provide support regarding it;
    • gravatar (publicly available profile image) from a provider located in the US in order to display it at your support tickets, replies and in your profile pages;
    • messages, posts, and comments from Facebook, the social network (Facebook) that are located in the US or UK in order to attach this data to your relevant support ticket when this could improve the support we provide to you for this ticket;
    • names of email lists, tags and other relevant data from your email service provider that may be located worldwide in order to display them in the relevant provider’s integration settings.
  • Automatically as you navigate through the Sites.

How we use it. We use your personal data:

  1. To fulfill a contract, or take steps linked to a contract: in particular relating to the Main Agreement and/or the Data Processing Agreement (DPA), to provide the services under the Main Agreement and/or the DPA, to verify your identity when you sign in, to process your payments.
  2. Where this is necessary for purposes which are in our, or third parties, legitimate interests. In particular:
    1. to provide technical support for your requests;
    2. to improve our products and services and for this purpose to carry out researches based on your behavior on the Sites;
    3. to notify you about the important changes in our services, changes in privacy policy, security updates, integrations disruptions, new replies to the tickets your follow;
    4. to manage our relationships with you (without the use of bulk mailing), to ask your feedback or whether you want to participate in a survey;
    5. to provide general administrative functions and activities.
  3. Where you give us your explicit consent: in particular to provide you with marketing information about the products and services which we think may interest you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
  4. For purposes that are required by law: in particular to comply with the applicable data privacy legislation, to respond to requests by government, a court of law, or law enforcement authorities conducting an investigation.

To whom we disclose it. We disclose your personal data:

  1. to subcontractors and service providers who assist us in connection with the ways we use personal data (as described above), in particular: cloud hosting providers which are located in the US and Germany; web developers which are located in Russia; technical and customer support services which are located in Russia; marketing and analytics services which are located in the US; email service providers which are located in the US; payment processors which are located in the UK. The subcontractors and service providers may also process such data from other countries in which they have operations.
  2. to our professional advisers (lawyers, accountants etc.) which are located all over the world;
  3. a third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
  4. to a third party, in order to enforce or defend our rights, or to address financial or reputational risks;
  5. to regulators and government authorities in connection with our compliance procedures and obligations and to other recipients where we are authorized or required by law to do so.

Where we use it. We store your data in the US and Germany. We are based in Russia, so we will process your data in Russia and in the US. We transfer your personal data to the above-described subcontractors and services providers who are located in the US, UK, Russia, and may also process this data from other countries where they have operations. We do this on the basis of your consent to this policy and in accordance with binding and confidentiality obligations that we have with such subcontractors and service providers.

How we secure it. The Security Measures applicable to the Services are described on

How you can access it. You can access most of the personal data that we collect about you by logging in to your account. You also have the right to make a request to access other personal data, we hold about you and to request corrections of any errors in that data. You can correct or delete your stored personal data either directly via the Sites, or by creating a separate request via a support ticket for this.

Publicly available data. Certain collected data shall be publicly available to other people. In particular:

  • your username and profile image;
  • your comments to our blog posts;
  • support tickets and replies which you’ve posted publicly.

This data should not contain any information that you wish to keep private or that may allow other people identifying you when you don’t want them to.

Processing duration. We retain your personal information for as long as it’s necessary to provide the services under the Main Agreement and to comply with our legal obligations. If you no longer want us to use your personal data, you can request the agreement termination and data removal via support ticket, and we’ll remove your account and all relevant personal data in 30 days, during which this data will be securely isolated on the backup server.

GDPR compliance. If you’re a visitor or a customer from the European Economic Area, then for the purposes of applicable EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”), we are a data controller of your personal data. You have the right to correct or erase your personal data, or to restrict us from its processing. If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.

Your Visitors’ Personal Data

We collect and process the personal data of your visitors on your behalf based on the instructions that you provide to us via the Sites. Except for the data types you explicitly define to collect, we shall also collect data about the first visit (like time and source), technical data (like IP and browser type), behavioral data (like which widgets a visitor viewed, closed and submitted).

You are obligated to comply with any applicable rules on the processing of your visitors’ personal data. In particular:

  • when your visitors’ personal data originates from the European Union (“EU”) or your business is located in the EU, you have to comply with the EU’s General Data Protection Regulation and to sign a Data Processing Agreement with us electronically via the Sites;
  • when the applicable law requires this, you are obliged to obtain any necessary consent in order to collect and process your visitors’ personal data.

California Consumer Privacy Act (CCPA)

If you are a California resident, the processing of certain personal data about you may be subject to the California Consumer Privacy Act (“CCPA”). 

For the purpose of the CCPA, with respect to Personal Information of Customers or Visitors to our sites, we serve  the role of the “business” (as defined by the CCPA).

With respect to Personal Information that is provided to us by our Customers in order for us to provide the Services to them i.e. where we are the “service provider”, please direct any requests for access or deletion of your Personal Information under the CCPA to the Customer with whom you have a direct relationship with.

To the extent that the CCPA applies, this section provides additional privacy disclosures and informs you of key additional rights as a California resident:

Right to Know Request. Under the CCPA, you have the right to access Personal Information about you that we hold, and the right to request disclosure of your Personal Information we possess, receive additional details regarding your Personal Information we collect and its use purpose, including any third party with which we share it.

If you have an account with us, you can directly access the Personal Information you have provided at all times, by logging into your account. You can also send a request by sending an e-mail to [email protected]

You are also able to correct or amend your Personal Information where it is inaccurate or has been processed in violation of the data protection laws. You can do it yourself in your Account or ask us to correct or amend your Personal Information by sending an e-mail to [email protected].

Right to Deletion. You have the right to deletion of Personal Information we have collected, subject to certain exceptions, for example where we are required to keep such information in order to comply with legal obligations, detect security incidents, exercise legal rights, or otherwise as specified by applicable law. You can request  deletion of Personal Information by sending an e-mail to [email protected].

Right to Opt-out. You have the right to opt-out of sale of personal information. Under the CCPA, a “sale” means providing to a third party personal information for valuable consideration. Convertful does not sell your Personal Information to any third parties.

Right to Non-discrimination. You have the right to non-discrimination in terms of price or services when exercising any of your CCPA rights.

General Requests under CCPA. If you do not have an account with us, we will not have enough information about you to verify your Right to Know and Right to Delete requests since we do not keep sufficient information to re-identify and link you to a prior visit to our site. 

List of categories of Personal Information collected and disclosed for business purpose (as defined by the CCPA in the last 12 months are as follows:

Category  Examples  Collected  Disclosed 


A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. yes yes
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. yes yes
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). no no
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. yes yes
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. no no
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. yes yes
G. Geolocation data. Physical location or movements. yes yes
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. no no
I. Professional or employment-related information. Current or past job history or performance evaluations. no no
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. no no
K. Inferences drawn from other Personal Information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. no no

Additional Notes

Cookies usage. We use cookies, browser storage, unique identifiers, web beacons and similar tracking technologies, third-party advertising companies as described in the Convertful Cookie Declaration

Children protection. Our Sites are not suitable for children under the age of 16 years, so if you are under 16 we ask that you do not use our Sites or give us your personal data. If you are from 16 to 18 years, you can browse the Sites but you’ll need the supervision of a parent or guardian to become a registered user. It’s the responsibility of parents or guardians to monitor their children’s use of our Sites.

Policy updates. We will need to change this policy from time to time on order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices. When we do change the policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on this page.

Contacts. If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact us via private support ticket or via [email protected]