AI Safety & Privacy
How Convos agents handle your messages and protect your privacy.
Convos the app is open source and end-to-end encrypted. There are no accounts — no names, no phone numbers, no email addresses. You're identified by a key stored on your device, and every conversation gives you a fresh identity. Nobody — including us — can read your messages.
Convos agents — the ones you add through the Convos app or this website — are a separate, hosted service layered on top. When you add one to a conversation, the agent reads your group's messages in order to respond and take actions. That processing happens outside end-to-end encryption: the agent's infrastructure, operated by XMTP Labs, and the AI services it relies on receive those messages in readable form.
You can also add any AI agent to a Convos chat — third-party agents have their own privacy practices. Everything on this page applies to Convos agents specifically.
What the agent can see
The agent reads messages in your group conversation in order to respond and take actions.
Messages in the group. The agent can see messages sent by anyone in the conversation. It uses these to understand context and respond helpfully.
Only that group. Each agent is fully isolated. It cannot see other conversations, contacts, profiles, or any data outside the group it was added to. Because Convos gives you a fresh identity in every conversation, the agent has no way to correlate you across groups — even if you use agents in multiple conversations.
Nothing else. No cross-pollination between groups. No access to your other chats. No shared memory across different conversations. No persistent profile of you.
One conversation per agent
Every agent is bound to a single conversation. It runs in its own isolated container with its own memory, files, and resources — none of which are shared with any other agent.
When you remove the agent — or delete the conversation — the agent is destroyed: its container is shut down, its files and storage are deleted, its email inbox is deleted, its phone number is released, and its browser sessions are closed.
What each agent is made of
Every agent runs on Hermes, an open-source agent runtime, inside its own container on Cloudflare infrastructure operated by XMTP Labs. To do its work, it relies on these services:
| Service | Provider | What it does |
|---|---|---|
| LLM routing | OpenRouter | Routes prompts to the model provider best suited for each task. |
| AI models | Anthropic, OpenAI, Google, and others | Your messages are sent to whichever model the agent selects — Claude, GPT, Gemini, etc. Each provider has its own data policies, and some keep short-lived logs for abuse monitoring. |
| Web search | Exa | Real-time web lookups. The agent's search queries are sent to Exa. |
| Web browsing | Browserbase | When the agent needs to use a website, it drives a remote browser session hosted by Browserbase. |
| AgentMail | Each agent gets a unique inbox. Emails sent and received by the agent pass through AgentMail's API. | |
| SMS & phone | Telnyx | Each agent can be assigned a US phone number. Text messages and calls are routed through Telnyx. |
| Your connected apps | Composio | If you connect your own accounts — Google Calendar, Gmail, GitHub, Slack, Notion, and more — the agent's actions on them run through Composio. You grant and revoke access in the Convos app. |
| Messaging | XMTP | The agent communicates with your group over the XMTP network, the same protocol Convos uses for all messages. |
API keys for these services are held by our infrastructure, not inside the agent's container. The resources that belong to an agent — its inbox, its phone number, its browser sessions, its storage — are created for that agent alone and deleted or released when it's destroyed.
Sensitive information
Agents can help with sensitive tasks — that's part of the point. But remember that anything you share is processed by the services listed above, and visible to everyone in the group. Be intentional about sharing things like passwords, financial account numbers, government IDs, or medical records.
What we keep
Humans-only conversations are end-to-end encrypted and unreadable to us. Running agents, though, is a hosted service, and that means keeping some records: operational logs and performance data about how agents are working — things like task types, completion rates, errors, and snapshots of actions an agent takes. We use this to operate, debug, and improve the service, and agent interactions may be used to evaluate and improve how agents perform.
This telemetry flows to two outside services: PostHog for product and performance analytics, and Sentry for error tracking. Before anything reaches PostHog, it runs through an automated filter that detects and masks personal information. Sentry is configured not to collect personal data like IP addresses, and message text is stripped from error logs before they're sent.
The full details are in our Privacy & Terms.
You are in control
Remove the agent anytime. Any group member can remove the agent from the conversation at any time.
Explode the convo. Delete the conversation entirely and the agent plus all its data are permanently destroyed.
Disconnect your apps. Any account you've connected can be disconnected in the Convos app at any time.
Keep it humans only. Any conversation can be just people — fully end-to-end encrypted, no AI involved. When you want an agent, add one. When you don't, don't. Both coexist naturally, and the choice is always yours.
Bottom line: Convos = private, encrypted, open source, no account required. Convos agents = a hosted service that processes your messages with third-party AI models and tools. Each agent is isolated to one conversation, and when you remove it — or the conversation ends — its container, files, inbox, phone number, and browser sessions are all destroyed.