Skip to main content

Contour is purpose-built for system integrators. Learn more

Contour
Request a demo
Request a demo Free for consultants →

Privacy Policy

How we handle
your data.

We built Contour for firms that handle sensitive client engagements. This policy explains what data we collect, how we use it, and the controls you have over it.

Effective date: May 8, 2025

Overview

Who this applies to

This Privacy Policy applies to Contour AI, Inc. ("Contour," "we," "us") and covers data collected through our website (usecontour.ai) and our software platform (the "Service"). It applies to customers, their authorized users, and visitors to our website.

Contour operates as a data processor for customer engagement data. Our customers — typically system integrator firms — are the data controllers for any client data they bring into the platform. This policy governs how Contour handles data in that capacity.

What we collect

Data we collect

We collect information in two ways: directly from you, and automatically when you use the Service.

Account and contact data. When you create an account or contact us, we collect your name, email address, company name, and job title.

Usage data. We log interactions with the platform including feature usage, session timestamps, and error events. This data is used to operate and improve the Service.

Engagement content. Documents, transcripts, and structured data you upload to the platform are processed and stored by Contour in secure cloud infrastructure. Each customer's data is isolated in a dedicated environment.

Communications. If you contact us by email or through support channels, we retain those communications to respond to your inquiry.

How we use it

How we use your data

We use data only for the purposes described in this policy. Specifically:

  • To provision and operate the Service for your organization
  • To respond to support requests and account inquiries
  • To send product updates and security notices (you can opt out of non-essential communications)
  • To detect and prevent security incidents and platform abuse
  • To comply with legal obligations

We do not sell your data. We do not use customer engagement content to train AI models without explicit written consent.

Sharing

Who we share data with

We share data only where necessary to operate the Service. Categories of recipients include:

  • Cloud infrastructure providers (AWS, Google Cloud) who process data under our direction
  • AI model providers (e.g., Anthropic, OpenAI) for language model inference; data is not retained by these providers for training under our agreements
  • Business operations tools (e.g., billing, authentication) under data processing agreements
  • Law enforcement or regulators where required by applicable law

We do not share your data with third parties for advertising or marketing purposes.

Storage

Data residency and retention

Engagement content (documents, transcripts, structured data) is stored in Contour's secure cloud infrastructure. Each customer's data is held in an isolated environment — no content is shared across accounts.

Account and usage data is stored in the United States on AWS infrastructure. We retain this data for the duration of your subscription plus 90 days, after which it is deleted.

You may request deletion of your account data at any time by contacting us. We will action deletion requests within 30 days.

Your rights

Rights and controls

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. You may also have the right to object to or restrict certain processing.

To exercise any of these rights, contact us at the address below. We will respond within 30 days. We do not charge for reasonable requests.

Contour customers may also exercise rights through their account administrator, who controls user access and data within their organization's workspace.

Security

How we protect your data

Data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Access to production systems is restricted by role-based access controls and requires multi-factor authentication.

We are pursuing SOC 2 Type II certification. Our security documentation is available to prospective customers under NDA. See our Security page for more detail.

Updates

Changes to this policy

We may update this policy as the Service evolves. When we make material changes, we will notify account administrators by email at least 30 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance.

The current version of this policy is always published at usecontour.ai/privacy.

Contact

Privacy inquiries

For privacy-related questions, data deletion requests, or to exercise your rights under applicable law, contact us directly. We respond to all privacy inquiries within one business day.

team@usecontour.ai