Terms, privacy and policies.

Terms of Service

These Terms of Service ("Terms") govern your use of CONVOY Mail Infrastructure Ltd. ("CONVOY", "we", "us") email delivery services and the convoy.cx website (collectively, the "Service"). By accessing or using the Service, you agree to these Terms.

1. Account & eligibility

You must be at least 18 years old and authorised to bind your organisation. Accounts are reviewed before activation; we may decline or terminate accounts at our discretion, especially for breaches of our Acceptable Use Policy.

2. Service description

CONVOY operates a managed SMTP / API email delivery platform designed for high-risk verticals. The Service includes message routing, IP pool management, deliverability monitoring, and reporting. Specifics of each plan are described at convoy.cx/#pricing.

3. Fees & payment

Plans are billed in advance, monthly or annually as selected at signup. Overage volume is billed at the published per-thousand rate. All fees are exclusive of applicable taxes. Refunds are at our reasonable discretion except where required by law.

4. Service level (SLA)

For Scale and Enterprise plans, we commit to a contractual inbox placement rate, measured by independent seed inboxes across the major ISPs. If we miss the contracted target two consecutive billing periods, service credits apply per the Enterprise schedule.

5. Termination

Either party may terminate at any time on 30 days' written notice. We may terminate immediately for breach of these Terms or the AUP, with no obligation to refund pre-paid amounts attributable to the terminated period when termination is for cause.

6. Liability

To the maximum extent permitted by law, our aggregate liability under these Terms is capped at the fees paid by you in the twelve months preceding the claim. We are not liable for indirect or consequential losses.

7. Governing law

These Terms are governed by the laws of England & Wales. The courts of London have exclusive jurisdiction over disputes.

Privacy Policy

1. What we collect

Account data (name, work email, company, role), billing data (via our processor — we don't store card numbers), and operational metadata for messages you send through the Service (envelope fields, ISP responses, timestamps, delivery outcomes). We do not retain message body content.

2. Why we process it

• Service delivery — to operate the email pipeline and report on it.
• Abuse prevention — to identify spam, malware, or AUP breaches.
• Billing — to charge for the Service.
• Compliance — to respond to lawful requests and regulatory obligations.

3. Retention

Envelope metadata: 30 days. Diagnostic logs: 90 days. Account & billing records: 6 years (statutory). Message body: held in memory only during pipeline transit, never persisted.

4. Your rights

You may request access, correction, export, restriction or erasure of your personal data. Write to privacy@convoy.cx. We respond within 30 days.

5. International transfers

The default region is EU (eu-west-1). EU-only data residency is available on Enterprise contracts. Cross-region transfers use Standard Contractual Clauses and supplementary measures.

6. Cookies & analytics

convoy.cx uses minimal first-party analytics to monitor uptime and traffic patterns. No third-party trackers, no advertising cookies. See the cookie banner shown on first visit.

Data Processing Addendum

1. Roles

The Customer is the Controller. CONVOY is the Processor. Each party complies with applicable data protection law (GDPR, UK GDPR, CCPA where relevant).

2. Sub-processors

Our current sub-processors include: AWS (compute / storage), Cloudflare (DDoS / WAF), Stripe (payments), a payment-card-data tokenisation provider, and a deliverability seed-testing partner. We notify customers at least 30 days before adding or replacing a sub-processor.

3. Security measures

• Encryption in transit (TLS 1.3) and at rest (AES-256).
• Role-based access with least privilege; quarterly access reviews.
• SOC 2 Type II audited annually.
• 24/7 SIEM monitoring with incident response runbooks.

4. Breach notification

We notify affected customers without undue delay (and in any event within 72 hours) of becoming aware of a personal data breach, providing the information required by GDPR Article 33(3).

5. Audits

We make our SOC 2 report and penetration test summaries available under NDA. On reasonable notice, Enterprise customers may conduct an audit (or appoint an auditor) once per year.

Acceptable Use Policy

CONVOY exists to serve verticals other providers refuse to. That position is only sustainable if we hold the line on abuse. The following are non-negotiable.

1. Consent & provenance

You may only send to recipients who have given you informed consent (opt-in) or with whom you have a documented existing business relationship. Purchased lists, scraped addresses, and "co-registration" feeds are prohibited.

2. Identification

Every send must clearly identify the sender, include a valid physical address (or jurisdictional equivalent), and provide a working one-click unsubscribe link. RFC 8058 List-Unsubscribe headers are required.

3. Hard limits — automatic termination

• Spam complaint rate > 0.1% over any 7-day window.
• Hard bounce rate > 5% over any 7-day window.
• Authentication failures (SPF / DKIM / DMARC) > 1%.
• Sending malware, phishing kits, or fraudulent content.

4. Vertical-specific rules

Adult: age-verification pre-flight required, no minors. Pharma: no controlled substances. Crypto: no "rug pull" coins or schemes. Gaming: respect jurisdictional licensing. Forex: no signal-room pump & dump.

5. Reporting abuse

Report abuse to abuse@convoy.cx. We respond within 24 hours business and within 4 hours for active phishing or malware campaigns.