Privacy Policy
Effective 2026-05-19 · Eastern Shore Solutions, LLC
Plain-language description of what data Concordex collects, why, and what we do with it. The legal scaffolding lives at the bottom; the first section is the one you actually need.
§1The short version
Concordex collects the behavior data you send us, the reasoning records we produce from it, and the operational signals needed to run a multi-tenant SaaS (auth identifiers, usage meters, audit logs). We do not sell data. We do not use Customer Data to train cross-tenant models. We process personal data as your processor under the DPA.
§2What we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Work email, display name, organization name, role membership | You, at sign-up |
| Customer Data | Behavior events you send to your workspace via connectors or SDK | Your upstream systems |
| Reasoning records | Frames, traces, soul snapshots, ledger entries | Produced by the Service from Customer Data |
| Operational metadata | Usage meter rows, request logs, ingest job rows, audit events | The Service's own runtime |
| Billing data | Payment method tokens, invoice line items | You; processed through our payment-services provider |
§3Why we collect it
We use the data above to:
- Run the Service for you — store your records, route requests to the right workspace, render the dashboard;
- Meter usage and bill for consumption above the free allowance;
- Detect abuse, debug incidents, and maintain audit trails sufficient to support compliance reviews;
- Communicate with you about your account (security alerts, outages, scheduled maintenance, billing).
We do not use Customer Data to train a model that crosses tenant boundaries. The corpus + canon system keeps each workspace's reasoning context isolated from every other workspace.
§5How long we keep it
We retain Customer Data and the reasoning records for as long as your workspace is active, plus the export window described in the Terms (§7). Operational metadata (usage events, audit log) is retained for 24 months. Billing data is retained as required by applicable tax and accounting law.
§6Your rights
Depending on where you are, you may have rights to access, correct, delete, or export your personal data, and to object to certain processing. Send those requests to [email protected]. We respond within 30 days.
For Customer Data that's processed on behalf of an organization, requests from individuals are routed to the organization's tenant_admin, since they control the workspace.
§7Security
Data is encrypted in transit with TLS 1.2 or higher and at rest in our storage providers. Access to production systems requires SSO with hardware-key MFA. The security page documents the broader controls posture, including our SOC 2 progress.
§8International transfers
Concordex is operated from the United States. If you are in the EEA, UK, or Switzerland, your data is transferred to and processed in the US under the EU Standard Contractual Clauses (SCCs) referenced in the DPA.
§9Children
The Service is not directed to children under 16. We don't knowingly collect personal data from children. If you learn that a child has provided personal data through the Service, contact us and we will delete it.
§10Changes to this policy
Material changes are announced in the changelog at least 14 days before they take effect. The "Effective" date at the top of this page changes on every revision.
§11How to reach us
Privacy questions: [email protected]. General contact channels are listed on the contact page.