Concourse

Privacy Policy

Last updated: June 15, 2025

This Privacy Policy explains how Concourse Tech Inc. ("Concourse," "Company," "we," "us," or "our") collects, uses, discloses, and safeguards information when you visit www.concoursetech.com, use our AI chat services at app.concoursetech.com, or otherwise interact with any content, products, or services that link to this Policy (collectively, the "Site" or "Services"). Please read this Policy carefully. By accessing or using the Site or Services, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

CategoryExamplesSource
Information You Provide to Us• Name
• Email address
• Telephone number
• Mailing address
• Account login credentials
• Any other information you choose to submit via forms, email, or chat		Directly from you
Payment & Transaction Data• Payment card details
• Billing information		Our payment processor when you purchase services
Automatically Collected Information• IP address
• Browser type/version
• Device identifiers
• Referring URL
• Pages viewed
• Time spent on pages
• Clickstream data
• General location (country, city)		Automatically via cookies, pixels, and similar technologies
Information from Third Parties• Social‑media profile data
• Lead‑generation partners
• Fraud‑prevention services		Authorized third parties
Chat Content & Files• Text prompts and messages
• Conversation history and titles
• File uploads (documents, images, attachments)
• AI-generated responses (Output)
• Model selection and parameters
• Timestamps and conversation metadata
• Tool usage and web search queries		You and your users via the AI chat Services
SSO & Directory Integration Data• Identity provider (IdP) claims and assertions
• Name, email address, and username
• Organizational groups and roles
• SSO session identifiers
• SCIM provisioning events and directory synchronization data		Your identity provider (IdP) or directory service

Cookies & Similar Technologies

We use first‑ and third‑party cookies, web beacons, pixels, and local‑storage objects to recognize your browser, improve Site performance, analyze usage, and deliver relevant advertising. You can control cookies through browser settings; however, parts of the Site may not work if you disable cookies.

2. How We Use Your Information

We use the information we collect to:

  1. Provide, operate, and maintain the Site and related services;
  2. Generate AI-powered responses through our AI chat Services by transmitting your prompts and content to our model provider (OpenAI);
  3. Authenticate users and authorize access via single sign-on (SSO) and directory integration (SCIM);
  4. Map users to roles, permissions, and organizational units within the Services;
  5. Provision and deprovision user accounts in accordance with directory synchronization;
  6. Create, administer, and secure your account;
  7. Process and manage transactions;
  8. Respond to inquiries, comments, and requests;
  9. Personalize your experience and develop new features;
  10. Conduct analytics and measure Site and Services performance;
  11. Enforce usage limits and subscription tiers;
  12. Maintain audit logs of user activity for security and compliance purposes;
  13. Provide administrative reporting, analytics, and spend controls to workspace administrators;
  14. Send administrative messages and, where permitted, marketing communications;
  15. Detect, prevent, and mitigate fraud, abuse, security incidents, or other harmful activity, including through automated detection mechanisms;
  16. Monitor for violations of our Service Terms and Acceptable Use Policy;
  17. Comply with legal obligations and enforce our Terms of Use and Service Terms.

We do not use chat content (prompts, messages, or AI-generated responses) to train, develop, or improve our AI models or services, except (i) as necessary to provide abuse and safety monitoring, or (ii) with your express written consent.

Our legal bases under the EU/UK GDPR (where applicable) include consent, contract performance, legitimate interests, and legal obligations.

3. Sharing & Disclosure of Information

We do not sell or rent personal information. We may share information:

  • Service Providers & Subprocessors – vendors that perform services for us (e.g., cloud hosting, analytics, payment processing) under contractual confidentiality obligations;
  • AI Model Provider (OpenAI) – We use OpenAI L.L.C. as a subprocessor to generate AI-powered responses. When you submit prompts, messages, or files through our AI chat Services, we transmit that content to OpenAI's application programming interfaces (APIs) to generate responses. OpenAI processes this data in accordance with OpenAI's applicable terms of service and privacy commitments:
    • Retention: OpenAI may retain API inputs and outputs (chat content) for up to thirty (30) days to provide the services, monitor for abuse, and enforce usage policies. Certain OpenAI API endpoints support Zero Data Retention (ZDR), under which OpenAI does not retain data beyond the duration of the API request. We make commercially reasonable efforts to use ZDR-eligible endpoints where available and technically feasible.
    • No Training on Your Data: OpenAI does not use chat content transmitted through business APIs to train, develop, or improve OpenAI's models or services, except as necessary to provide abuse and safety monitoring, unless you expressly opt in to such use. We will not opt you in to training without your prior written consent.
    • Location: All data processing occurs exclusively within the United States. No data is transferred to or processed in foreign jurisdictions.
  • Affiliates & Business Partners – within our corporate group or with partners when necessary to provide integrated services you request;
  • Legal & Safety Purposes – to comply with law, court orders, or protect the rights, property, or safety of Concourse, our users, or others;
  • Corporate Transactions – with a successor entity in connection with a merger, acquisition, or sale of assets;
  • With Your Consent – otherwise at your direction or with your express consent.

4. Data Security

We employ administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, and unauthorized access or disclosure. These safeguards include:

  • Encryption in Transit: Data transmitted to and from our Services is encrypted using industry-standard Transport Layer Security (TLS) protocols;
  • Encryption at Rest: Data stored by our Services is encrypted using AES-256 or equivalent encryption standards;
  • Access Controls: Role-based access controls limit access to data and Services to authorized personnel and users based on their roles and permissions;
  • Audit Logging: We maintain logs of user activity, administrative actions, and system events for security monitoring, incident response, and compliance purposes;
  • Automated Monitoring: We employ automated systems to monitor for unauthorized access, abuse, security incidents, and policy violations;
  • Data Loss Prevention (Optional): If enabled by your workspace administrator, chat content may be scanned for malware, sensitive data patterns, or policy violations in accordance with your configured DLP policies.

No Internet or email transmission, however, is ever fully secure or error‑free. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Our retention practices include:

Concourse Retention

  • Chat Content: Chat messages, prompts, file uploads, and AI-generated responses are retained in accordance with your workspace's retention settings. Workspace administrators can configure retention periods and deletion policies. Default retention periods are specified in your Service Terms or subscription agreement.
  • Account and Profile Information: User account information, IdP attributes, and profile data are retained for as long as your account remains active, plus a reasonable period thereafter to comply with legal obligations or resolve disputes.
  • Audit Logs: Security and administrative audit logs are retained for up to one (1) year for security monitoring and compliance purposes, or longer where required by law.
  • Legal Holds: If data is subject to a legal hold, litigation, investigation, or other legal obligation, retention periods may be extended until the hold is released.

Model Provider Retention (OpenAI)

  • Standard API Retention: OpenAI may retain chat content (prompts, messages, file uploads, and AI responses) transmitted through its APIs for up to thirty (30) days to provide the services, monitor for abuse, and enforce usage policies.
  • Zero Data Retention (ZDR): For certain API endpoints that support Zero Data Retention, OpenAI does not retain chat content beyond the duration of the API request. We make commercially reasonable efforts to use ZDR-eligible endpoints where available and technically feasible, but cannot guarantee ZDR for all requests or use cases.

Data Deletion

Upon termination of your subscription or account, we will delete or anonymize your chat content and personal information within a reasonable period, subject to legal obligations, backup retention policies, and technical limitations. You may request deletion of your data as described in Section 7 (Your Rights & Choices) below. Workspace administrators can export and delete chat data through the administrative dashboard.

6. Data Location

We are headquartered in the United States, and all data is processed and stored exclusively in the United States. We do not use foreign model providers, and no data leaves the United States. All of our data centers and infrastructure are located within the United States.

If you access the Site or Services from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Services, you consent to the transfer of your information to the United States.

7. Your Rights & Choices

Depending on your jurisdiction, you may have rights to:

  • Access and obtain a copy of your personal information;
  • Correct or update inaccurate information;
  • Delete personal information (subject to exceptions);
  • Restrict or object to certain processing;
  • Withdraw consent at any time, where processing is based on consent;
  • Receive your data in a portable format.

To exercise these rights, please contact us as outlined in Section 11 below. We will respond as required by applicable law.

Workspace Administrator Controls

If you are a workspace administrator for the AI chat Services, you have additional controls over data processing, including:

  • Retention Settings: Configure how long chat messages, prompts, and AI-generated responses are retained before automatic deletion;
  • Data Export: Export chat content, user activity logs, and other workspace data in machine-readable formats;
  • User Management: Add, remove, and manage user accounts, roles, and permissions;
  • Data Deletion: Delete specific conversations, user data, or entire workspaces;
  • Access Controls: Configure SSO, SCIM, and role-based access policies; and
  • DLP Policies: Enable and configure data loss prevention scanning (where available).

Individual User Data Access and Deletion

If you are an individual user of the AI chat Services (not a workspace administrator), you can:

  • Access Your Chat History: View and export your own chat conversations through the Services interface;
  • Delete Individual Conversations: Delete specific chat conversations you have created; and
  • Request Account Deletion: Request deletion of your account and associated data by contacting your workspace administrator or by emailing us at privacy@concoursetech.com.

Please note that some data processing and retention settings may be controlled by your workspace administrator. If you have questions about your workspace's data policies, please contact your administrator.

Marketing Opt‑Outs

You may opt out of marketing emails by following the unsubscribe link in those messages. You may also disable cookies for advertising through your browser settings and industry opt‑out mechanisms (e.g., YourAdChoices).

8. High-Risk Uses and Sensitive Data

AI Content Accuracy

AI-generated responses may be inaccurate, incomplete, or inappropriate. You are solely responsible for reviewing and verifying Output before relying on it for any purpose. We recommend that qualified personnel with appropriate subject-matter expertise independently review Output before it is used for decision-making or distributed outside your organization.

Restricted Uses

You should not use the AI chat Services, without qualified human review and oversight, to make high-stakes decisions or provide critical guidance in domains where errors could cause significant harm, including employment decisions, legal advice, financial services, housing determinations, government benefits, or safety-critical systems. Please refer to our Service Terms for additional restrictions on use.

Prohibited Data

Unless expressly authorized in a separate written agreement, you should not submit to the Services:

  • Payment card data (PCI DSS-regulated data);
  • Criminal justice information (CJIS-regulated data);
  • Export-controlled technical data (ITAR/EAR);
  • Classified government information; or
  • Data classified above "Moderate" impact level under your organization's data classification policies.

For questions about what data is appropriate to submit to the Services, please contact your workspace administrator or email us at legal@concoursetech.com.

9. Third‑Party Websites & Services

The Site may contain links to third‑party websites or integrate third‑party services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing information.

10. Children's Privacy

The Site and Services are not directed to children under 13 years old, and we do not knowingly collect personal information from children. If we learn that we have inadvertently collected such data, we will delete it promptly.

11. How to Contact Us

Concourse Tech Inc.
169 Madison Avenue, Suite 15520
New York, NY 10016
Telephone: 646‑397‑0207
Email: contact@concoursetech.com

If you have questions about this Privacy Policy or our privacy practices, please contact us using the details above.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post any changes on this page and indicate the "Last updated" date at the top. Material changes will be communicated via email or prominent notice on the Services where required by law. Your continued use of the Site or Services after the effective date constitutes acceptance of the revised Policy.

Last updated: June 15, 2025