Thank you for your interest in Contio Inc. ("Contio", "we", "our" or "us") and our web site at https://contio.ai, along with our related web sites, hosted applications, desktop or other downloadable applications, and other services provided by us (collectively the "Service"). This Privacy Policy governs the use of the Service, and applies to all information collected from you through them, as well as any related support, service, sales, marketing, or events conducted by us or for us. Beyond this Privacy Policy, your use of our Service is also subject to our Terms of Service. References to "you" and "your" refer to each user and customer of our Service, and each visitor to our web site.
Contio is committed to protecting your personal information and privacy. Your trust in the security and privacy of our service is more important to us than anything else — and that is why we never sell the private data of our customers, or allow it to be used to train AI models.
In this Privacy Policy, we seek to explain in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it. Please take the time to read it carefully as it is important. If there are any terms in this Privacy Policy that you disagree with, please discontinue the use of our Services. If you have questions or concerns about this Privacy Policy, or our practices with regard to your personal information, please contact us by sending correspondence to 250 East Eagles Gate Drive, Suite 260, Eagle, Idaho 83616, or by submitting a support request from inside your account.
We do not require from you, and we will not collect from you, more information than is reasonably necessary and proportionate to provide our Service to you. The categories of information you share with us include the following:
Information You Share with Us
Creating Your Account or Requesting Updates. You provide us with personal information about yourself when you register, sign up, or use our Service, and when you communicate with us, make a payment to us, or subscribe to our newsletter or updates. Such personal information may include your name, email address, physical address, phone number or other contact information.
Your Mobile Phone Number for Text Message Alerts. We utilize a third-party service to send text messages to your mobile phone, both for security verification, and for alerts within the product. You may change your text message alert settings in product; you may opt out of receiving text messages by replying STOP; or you may receive help with text messages by replying HELP.
Communications. If you contact us directly, we may receive additional information about you. For example, if you contact our support team, we will receive your name, email address, the contents of your message or attachments you may include, and other information you choose to provide. When we send you emails, we may use embedded pixels or other technologies to track information about your receipt and interaction with our emails, such as whether and when you open them, whether you access any links in the emails, how long you read them, whether you forward them and to whom, your location information, and your device information. We use this information to deliver a better customer experience and improve our Service.
Talent. If you decide to apply for a job with our company, you may submit your contact information and/or resume online. We will collect the information you choose to provide, such as your education and employment experience. You may also apply through third party applications or services that we use. If you do so, we will collect the information you make available to us.
Payments. If you upgrade to a paid Service Plan, your payment information, such as credit card or bank account information, will be collected by us and by our third-party payment processor on our behalf.
Your Use of the Service. When you use our Service, we may receive any personal information you provide or otherwise make available to us. For example, if you connect third-party software accounts to enrich your Personal Knowledge Base, or if you leverage Contio to capture notes and action items for meetings, we may receive audio, video, text, image, calendar event, or other types of data that you have shared into our Service.
Information Generated by or Collected from Third-Party Services
When you connect data from third-party services and APIs, such as your Google Workspace or Microsoft 365 account, we do not use that data to develop, improve, or train generalized AI or machine learning models, and we will not do so in the future without your explicit opt-in consent.
We also do not send any of that data to AI models, services, or technologies that are hosted by third-party providers. Instead, we optimize and leverage AI models that we host in our secure private cloud, running on cloud infrastructure where data is physically protected from being transmitted to the foundation model companies that perform model training. We will receive outputs and data generated by those AI models, and use those to provide the Service to you.
Information we Collect when you use our Web Site
When you use our web site, we automatically collect personal information about your device and how you use our web site. We receive information about the device and software you use to access our web site, including Internet protocol (IP) address, web browser type, operating system version, manufacturer, application installations, and device identifiers. We can potentially infer your general location by using your Internet protocol (IP) address.
We collect and log usage data relating to your use of the web site and our Service, including your use about individual features and functionality of each. We also collect analytics and crash reporting that includes email addresses, IP addresses, and device information.
We and our third-party analytics partners collect information using cookies, pixel tags, beacons, invisible tags and similar technologies (“Cookies”). Our third-party analytics partners may use these technologies to collect information about your online activities over time and across different services, associate this information with your email address, and we may use both session cookies that disappear when you close your browser, and persistent cookies that remain after you close your browser and be used by your browser on subsequent visits to our web site or the Service. This allows us to serve you more effectively, keep you logged in, distinguish you from other users of our Service, and remember your preferences. We (or service providers on our behalf) may then send communications and marketing to that email address. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. Below is an overview of the types of Cookies that we and our third-party analytics partners may use to collect personal information.
Strictly Necessary Cookies. Some Cookies are strictly necessary to make our Service available to you. We cannot provide you with our Service without these.
Functional Cookies. Functional Cookies are used to recognize you when you return to our Service. This enables us to personalize content to meet your needs, load your data correctly, and remember your preferences, such as language and region.
Analytical or Performance Cookies. We also use Cookies for web site analytics purposes in order to operate, maintain and improve our Service.
Please review your web browser’s help resources to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilize the features or functionality of the Service to its fullest potential.
Information We Collect When You Use Our Service
We collect the data and information about meetings, notes, follow-ups, and insights that you enter, process, analyze, and generate using our Service. We store this data for you as a part of the Service, and use it to power the entire product experience and deliver the Service to you.
We collect information from certain third-party applications that you choose to connect to your account, such as Gmail, Google Calendar, Microsoft Outlook, etc. When you connect these accounts, we scan them for information about your past meetings, including agendas, notes, and follow-ups.
We use the events from your calendar to power the integration between our Service and your calendar. We use the other data about your historical meetings to build your Personal Knowledge Base, which allows you to use AI to draft agendas and surface critical insights while you use the Service.
Our Service utilizes product analytics and crash reporting tools. We collect log and usage data that is service-related, diagnostic, usage, and performance information that is automatically logged when you access or use the Service, and which we record in log files or databases. Depending on how you interact with us, this log and usage data may include your IP address, device information, settings, system activity, error reports, hardware settings, and information about your activity in the Service, including the dates and times associated with your usage, and which features you use.
When you choose to use the Service to capture notes and action items in your meetings, we process the audio into conversation metadata, but we do not record or store the audio for playback. Our audio processing may use transient speaker differentiation techniques to attribute conversation content to participants, but we do not intentionally create or store persistent biometric templates for the purpose of uniquely identifying individuals, and we do not retain speaker differentiation data beyond the processing session in which it is generated. These techniques do not constitute the collection or storage of biometric identifiers as defined under applicable biometric privacy laws. We use the conversation metadata to generate notes and action items that are stored as a part of your meeting record in your workspace. Some of our service plans offer customers the right to exercise control over the retention timeframe for conversation metadata, which may impact the quality of their notes, action items, or insights.
We do not transmit any of this data to third-party AI vendors or service providers, and instead process it within our secure private cloud, running on cloud infrastructure where data is physically protected from being transmitted to the foundation model companies that perform model training (including, but not limited to, AWS Bedrock, Google Vertex, or Azure Foundry). In some circumstances, we may use on-device models built into your computer or smartphone's operating system.
While our Service is not intended to process sensitive personal information (such as health data, biometric identifiers, or financial account numbers), we recognize that users may inadvertently include such information in meeting content or data provided through APIs and integrations. We recommend that users avoid sharing that kind of sensitive information unless absolutely necessary, and that users providing data through APIs or integrations do not include personally identifiable information (PII), protected health information (PHI), or payment card industry data (PCI Data) that they are not authorized to share. Contio performs best-effort automated scanning and redaction of detected PII, PHI, and PCI Data in user-provided content before it is processed by our AI systems. However, this scanning does not guarantee the detection or complete removal of all such information and does not constitute de-identification under HIPAA Safe Harbor or any other regulatory standard. Raw, unredacted data provided through APIs or integrations is stored securely and is accessible only to the account that provided it. If such data is processed, it is treated with heightened confidentiality and retained only as long as needed to provide the Service.
How We Use the Information We Collect
We believe you should know exactly why we collect information and what we do with it. We use the information from or about you for the following purposes, always in compliance with this Privacy Policy and our Terms of Service:
To provide, maintain, improve, test, and enhance our Service, and to understand and analyze how you use our Service, so we can develop new products, services, features, and functionality.
To develop, improve and optimize the artificial intelligence and machine learning models, configurations and prompts that we use to deliver our Service to you, or that our partners use to deliver their services.
To personalize your experience with our Service by providing tailored content and recommendations.
To communicate with you, provide you with updates and other information relating to our Service, provide information that you request, respond to comments and questions, and otherwise provide customer support.
To generate anonymized and aggregated statistics and insights, containing only anonymized and deidentified non-personal information, which we may use for any legal purpose.
To facilitate transactions and payments.
To find and prevent fraud, and respond to trust and safety issues that may arise.
For compliance purposes, including the enforcement of our Terms of Service and/or other legal rights, as may be required by applicable laws and regulations, or requested by any judicial process or governmental agency.
For other purposes for which we provide specific notice at the time the information is collected.
We will not materially change the purpose of collecting your information without updating these notice provisions beforehand. Your continued use of the Service despite such changes will be deemed acceptance of such material changes.
Legal Basis For Processing European Information
If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), we only process your personal information (meaning any information relating to an identified or identifiable individual) when we have a valid “legal basis,” including as set forth below.
Contractual Necessity. We may process your personal information where required to provide you with our Service. For example, we may need to process your personal information to respond to your inquiries or requests.
Compliance with a Legal Obligation. We may process your personal information where we have a legal obligation to do so. For example, we may process your personal information to comply with tax, labor, and accounting obligations.
Legitimate Interests. We may process your personal information where we or a third party have a legitimate interest in processing your personal information, such as the operation of the Service, development of new features and functionality, internal analytics purposes, and otherwise to improve the safety, security, and performance of our Service. We only rely on legitimate interests to process your personal information when these interests are not overridden by your rights and interests.
Consent. We may process your personal information where you have consented to certain processing of your personal information.
How We Share the Information We Collect
We are extremely cautious and careful with how we share the information we collect.
Vendors and Service Providers. We may disclose any information we receive or collect with vendors and service providers retained in connection with the provision, operation or improvement of our Service. For example, we may store some of your information in cloud-based storage services, or utilize third-party services to send text messages to your mobile phone.
AI Models or Service Providers. We never disclose any data from our customers to third-party AI service providers who host their own services or models; we only disclose that information to third-party AI models that run on our secure private cloud, running on cloud infrastructure where data is physically protected from being transmitted to the foundation model companies that perform model training. We will never allow any non-anonymized or non-aggregated data to ever be shared with third-party AI service providers outside of our secure private cloud.
Analytics Partners. We use third-party analytics services to collect, process, generate, and provide certain analytics data. These third-party services may be provided with some of your information in order to conduct, generate and provide such analytics to or for Contio, and such services may also collect information about your use of other web sites, apps, and online resources. To help us understand how you use our Service and to help us improve them, we automatically receive information about your interactions with our Service, like the pages you view, purchases you make, and the dates and times of your visits.
As Required By Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety.
Merger, Sale, or Other Asset Transfers. We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate, or transfer all or a portion of our assets. The use of your information following any of these events will be governed by the provisions of this Privacy Policy in effect at the time the applicable information was collected.
Consent. We may also disclose your information with your permission.
We do not disclose the information we collect from or about you except as described in this Privacy Policy or otherwise disclosed to you at the time of the collection.
Your Choices
You are always in control of your data. Here are the specific ways you can manage it:
Controls. Any user of the Service can stop or pause the capture of notes and action items at any time, and can delete the meeting records they own at any time. Any user of the Service can designate which of their third-party apps are integrated, such as Google Calendar, Gmail, or Microsoft Outlook. We agree to abide by your wishes with your data, subject to practical limitations such as data remaining in our backup systems for a reasonable period of time after you instruct us to delete it, etc.
You serve in the role of Data Controller. We provide the Service to you as a Service Provider / Processor of the data that you choose to collect by using our software. You agree to act in the role of Data Controller at all times, and we agree to abide by your wishes with your data, subject to practical limitations such as data remaining in our backup systems for a period of time after you instruct us to delete it, etc.
Your European Privacy Rights. If you are located in the EEA or the UK, you have additional rights described below.
You may request access to the personal information we maintain about you, update and correct inaccuracies in your personal information, restrict or object to the processing of your personal information, have your personal information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your personal information to another company. In addition, you have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
You may withdraw any consent you previously provided to us regarding the processing of your personal information at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.
You may exercise these rights by contacting us using the contact details at the end of this Privacy Policy. Before fulfilling your request, we may ask you to provide reasonable information to verify your identity. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases promptly or within a reasonable period of time, we may retain personal information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
Do Not Track. There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals. If you choose not to provide us with the information we collect, some features and functionality of our Service may not work as intended.
Third Parties
Our Service may contain links to third-party web sites, products, applications, or services that we do not own or operate. Third-party applications and services are not under Contio's control, and, to the fullest extent permitted by law, Contio is not responsible for the actions, behavior, privacy practices, or content of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to, or is collected by, these third parties. We encourage you to read their privacy policies before providing any information to them or using their products or services.
Security
We take the security of your information seriously. We use industry-standard technical and organizational measures to safeguard the personal information we collect from you, including both physical and electronic protections. That said, no method of electronic transmission or storage is entirely foolproof, and while we strive to protect your information, we cannot guarantee its absolute security or privacy.
Artificial Intelligence
Artificial intelligence is core to how Contio works, and we want you to understand exactly how we use it. We use AI models to process meeting content, generate summaries, and surface insights. These models are not trained on the personal data of our customers. No non-anonymized or non-aggregated user data is used to refine the weights or architecture of our AI systems. All of our AI processing occurs within our secure private cloud, running on cloud infrastructure where data is physically protected from being transmitted to the foundation model companies that perform model training.
When data is provided through APIs or integrations, we perform best-effort automated scanning to detect and redact PII, PHI, and PCI Data before that data is processed by our AI models. Our AI systems only process the redacted version of such data. The original, unredacted data is retained securely and is accessible only to the account that provided it.
We maintain internal AI usage logs that track model performance, outputs, and decisions made during meetings. These logs help us audit system behavior, ensure fairness, and troubleshoot errors. You may request a summary of AI-generated content associated with your meetings upon verification of your identity.
Users are never subject to automated decision-making that produces legal or similarly significant effects without human review.
Retention
We don't keep your data longer than we need to for the purposes of providing an effective and useful Service. We take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When we process personal information for our own purposes, we determine the retention period by taking into account various criteria, such as the type of services provided to you, the nature and length of our relationship with you, possible re-enrollment with our Service, the impact on the Service we provide to you if we delete some information from or about you, and mandatory retention periods provided by law and the statute of limitations.
Enterprise Accounts
If your organization has invited you to use Contio, certain administrators may have access to view or manage your usage data, meeting content, and integrations as governed by the organization’s privacy policy and user agreements.
California Residents
If you are a resident of California, you are granted specific rights regarding access to your personal information.
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year.
If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under 18 years of age, reside in California, and have a registered account with our Service, you have the right to request removal of unwanted data that you publicly post on the Service. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Service, but please be aware that the data may not be completely or comprehensively removed from all our systems, such as backups or redundancy systems.
Children’s Privacy
Our Service is not intended for children under 18. We do not knowingly collect, maintain, or use personal information from children under 18 years of age, and no part of our Service is directed at or marketed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, please alert us at security@contio.ai.
International Visitors
We store the information we collect from or about you in the United States and may transfer it outside your country. When doing so, we put in place appropriate safeguards to afford adequate protection for your personal information.
Our Service is hosted in the United States and intended for visitors located within the United States. If you choose to use the Service from the EEA, the UK, or other regions of the world with laws governing data collection and use that may differ from US law, please note that you are transferring your personal information outside of those regions to the United States for storage and processing. We may transfer personal information from the EEA or the UK to the United States and other countries based on European Commission-approved or UK Government-approved Standard Contractual Clauses, or otherwise in accordance with applicable data protection laws.
Also, we may transfer your data from the United States to other countries or regions in connection with storage and processing of data, fulfilling your requests, utilizing third party analytics services, and operating the Service. When transferring personal data to a third party acting as an agent, we may: (i) transfer such data only for limited and specified purposes; (ii) ensure the agent is obliged to provide at least a comparable level of privacy protection; (iii) take reasonable steps to ensure effective processing consistent with Contio’s obligations; (iv) request the agent to notify Contio if it determines it cannot provide the same level of protection; (v) upon notice, take reasonable steps to stop and remediate unauthorized processing; and (vi) provide relevant privacy provisions of its contract with the agent upon request.
By providing any information, including personal information, on or to the Service, you consent to such transfer, storage, and processing.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time, and we want you to stay informed when we do. Changes to this Privacy Policy apply to your use of our Service after the "Updated" date stated at the top of the policy. We will post any adjustments to the Privacy Policy on this page, and the revised version will be effective when it is posted. If we materially change the ways in which we use or share personal information previously collected from you through the Service, we will notify you through the Service, by email, or by other communication.
Contacting us about this Privacy Policy
If you have any questions, comments, or concerns about this Privacy Policy or how we collect, process, and retain your data, please send correspondence to 250 East Eagles Drive, Suite 260, Eagle, Idaho 83616, email us at legal@contio.ai, or submit a support request from inside your account.