Convy helps households manage shared shopping lists, tasks, reminders, and voice-assisted item capture. This policy explains what data we process, why we process it, and how controlled-release users can request access, correction, or deletion.
Data We Collect
- Account data such as your email address, Firebase user identifier, household membership, and display metadata.
- Household content such as lists, list items, tasks, invite status, activity events, and notification preferences.
- Device tokens needed to deliver Firebase Cloud Messaging push notifications.
- Voice parsing metadata such as request status, audio size, approximate duration, token usage, latency, parsed item count, and estimated cost when configured.
- ChatGPT MCP audit metadata such as tool name, user identifier, optional household identifier, result status, latency, and error category.
- Operational logs, health data, and local backup metadata needed to operate and secure the service.
Voice Processing
When you use voice input, audio is sent to OpenAI only to transcribe and parse the requested household items. Convy does not intentionally store audio, transcripts, prompts, or detected product names in voice metrics. The app response may include the transcript and parsed items so you can confirm them before creating list items.
Service Providers
- Hetzner hosts the active staging VPS, PostgreSQL database, Caddy reverse proxy, legal pages, and admin dashboard.
- Firebase Authentication verifies user identity and Firebase Cloud Messaging delivers notifications.
- OpenAI processes voice input for transcription and structured parsing when voice features are used.
- OpenAI ChatGPT may receive household data when you explicitly authorize the Convy ChatGPT MCP connector.
- GitHub may process repository, CI, and deployment metadata for development and release operations.
ChatGPT MCP Integration
If you connect Convy to ChatGPT, Convy uses Firebase login and a Convy-owned OAuth broker to issue delegated, short-lived access tokens. In the current integration, ChatGPT can view authorized household context, lists, shopping items, tasks, and recent activity through MCP tools, and can create or update shopping item and task completion status after user confirmation. ChatGPT cannot edit, delete, archive, invite, leave, manage lists, view admin metrics, or access backups, or modify account settings through this connector.
Convy stores hashes of OAuth authorization codes and refresh tokens, not their raw values. MCP audit logs do not store ChatGPT prompts or full tool arguments. You can revoke ChatGPT access through the OAuth revocation flow; after revocation, new access tokens cannot be issued from the revoked refresh token.
Backups and Retention
PostgreSQL backups are created locally on the Hetzner VPS using PostgreSQL custom-format dumps with checksums, metadata, catalog verification, and scheduled restore verification. Backups are retained for operational recovery. Before Convy is expanded beyond controlled-release usage, encrypted offsite backup storage must be added.
Security
Admin access is protected by Caddy Basic Auth, Firebase login, and a backend email allowlist. Public mobile contracts do not expose OpenAI token counts, estimated costs, or internal operational telemetry.
Your Choices
You can stop using voice input at any time, disconnect ChatGPT access, and request account or household data deletion by contacting the Convy project maintainer. Some backup copies may remain until their retention period expires.
Legal Review
This policy is a product-operational disclosure for controlled-release use and is not a substitute for professional legal review. It should be reviewed before public launch or broader user onboarding.
Contact
For privacy requests, contact the Convy project maintainer through the repository listed on the Convy landing page.