Privacy Policy
Last updated: March 25, 2026
This Privacy Policy explains how ConceptSeek collects, uses, discloses, and protects personal information when you use our website and product.
1) Who we are and scope
ConceptSeek is a semantic search workspace for long-form content. This Policy applies to personal information processed through our public pages, account flows, billing/preorder flows, and product experience.
2) Information we collect
Account and profile data: email address, encrypted password credential, plan tier, account timestamps, and product entitlement fields (for example, Founding Member status and preorder metadata).
Billing and payment data: when you purchase a preorder or paid offering, payment is processed by Stripe. We store limited billing metadata (for example Stripe customer/subscription IDs, status fields, and preorder tier) but we do not store full payment card numbers.
Workspace content you provide: library names, source metadata (for example URLs and titles), text content you paste, transcript text retrieved for added YouTube sources, chunks/embeddings generated from that content, and search/synthesis inputs and outputs.
Operational and security data: API request metadata required for service operation, rate-limiting counters, and immutable audit log entries for key actions.
Device and preference data: session cookie data used for authentication and local preference storage (for example theme preference) in your browser.
3) How we use personal information
- Provide and maintain your account, authentication, and access controls.
- Operate core product features, including source ingestion, search, and synthesis.
- Process transactions, enforce plan/credit rules, and prevent billing abuse.
- Protect service integrity through security checks, rate limiting, and audit logging.
- Improve reliability, debug failures, and monitor performance of our systems.
- Comply with legal obligations and enforce our Terms.
4) Legal bases (EEA/UK users)
Where GDPR or UK GDPR applies, we process personal data under one or more of these bases: (a) performance of a contract (for example delivering the service you signed up for), (b) legitimate interests (for security, fraud prevention, and service improvement), (c) legal obligation, and (d) consent where required by law.
5) Sharing and subprocessors
We do not sell personal information for money. We share information with service providers only as needed to run ConceptSeek, including:
- Stripe for payments, checkout, and related billing events.
- OpenAI for embeddings and synthesis features.
- Supadata for retrieval of YouTube transcript data you request.
- YouTube oEmbed endpoint for YouTube metadata lookups tied to URLs you submit.
- Infrastructure providers for hosting, database, and security operations.
We may also disclose information where required by law, lawful process, or to protect rights, safety, and service security.
6) Cookies and similar technologies
We use a session cookie to keep you signed in and secure authenticated routes. We also use browser storage for product preferences (for example theme and selected search scope behavior).
We do not currently use third-party advertising cookies. If we add non-essential cookies or analytics in the future, we will update this Policy and, where required, request consent.
7) Data retention
We retain personal information for as long as reasonably necessary to provide the service, operate the business, and meet legal obligations. Retention varies by data type:
- Account and workspace data: retained while your account remains active.
- Billing metadata: retained as needed for accounting, fraud prevention, and legal compliance.
- Security and audit logs: retained according to operational and legal necessity.
If you request account deletion, we will remove or de-identify data unless we are required to keep it by law or for legitimate security/accounting reasons.
8) Security
We use technical and organizational safeguards appropriate to the nature of the data and processing risk, including access controls, authenticated session handling, rate-limiting controls, and scoped data access. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
9) Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing.
California: California residents may have rights to know, delete, correct, and opt out of certain sharing/sale activities under CCPA/CPRA, and a right to non-discrimination for exercising rights.
EEA/UK: users may have GDPR/UK GDPR rights including access, rectification, erasure, restriction, objection, and data portability, plus the right to complain to a supervisory authority.
To exercise rights, contact support@conceptseek.com. We may need to verify your identity before fulfilling a request.
10) International transfers
If you access ConceptSeek outside the country where our systems are operated, your information may be transferred to and processed in other jurisdictions. Where required, we use appropriate safeguards for cross-border data transfers.
11) Children
ConceptSeek is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us so we can take appropriate action.
12) Changes to this Policy
We may update this Policy from time to time. We will post the updated version on this page and update the "Last updated" date. Material changes may also be communicated by additional notice where appropriate.
13) Contact
Privacy questions or requests: support@conceptseek.com
You may also contact the ConceptSeek privacy team at our registered business mailing address, as provided in your account communications or official notices.