Privacy Policy

Last updated: January 16, 2026

Concilely analyzes invoices against contract terms to help Accounts Payable teams pay accurately. We design for least-privilege and auditability.

Authentication

We use authentication providers to sign you in. If multi-factor authentication (MFA) is enabled, we may also support email-based recovery codes to help you regain access. Recovery codes are time-limited and are used only for account access.

Data We Process

  • Identity: name, email, organization (from your chosen provider).
  • Invoices: PDFs and related metadata you upload or ingest via mailbox/API.
  • Contracts: PDFs or documents you upload for money-term extraction.
  • Operational logs: actions taken in the app for audit trails.
  • Mail processing metadata: message identifiers and limited headers needed to ingest and deduplicate invoice artifacts.

Mailbox Ingestion

When connecting Microsoft 365 mailboxes, we use Microsoft Graph to identify and ingest likely invoice attachments. We attempt to discard non-invoice messages and attachments. We do not send email or post on your behalf.

Depending on your tenant configuration and permissions, ingestion may use delegated access (your signed-in session) and/or app-only access that requires tenant-admin consent. If configured, we may use webhook notifications to reduce polling.

How We Use Data

  • Compute expected invoice amounts from contract terms.
  • Flag variances with linked clause evidence.
  • Provide review and approval workflows.
  • Maintain audit events for security, compliance, and operational troubleshooting.

Sharing

We do not sell data. We share data only with subprocessors required to run the service (e.g., storage and compute), under appropriate agreements.

Email Delivery

We may send transactional email (for example, invitations, notifications, and MFA recovery codes). Email delivery is performed by a third-party email service provider acting as our processor.

Security

We follow industry best practices for encryption in transit and at rest, access controls, and logging. Contact us for security questions at security@concilely.com.

Your Choices

  • Disconnect mailbox integrations at any time.
  • Request deletion of uploaded invoices and contracts.
  • Export audit logs upon request.

Contact

Email privacy@concilely.com for privacy inquiries.