Privacy policy

Last updated 2026-05-18

Confr (“Confr,” “we,” “us”) is operated by Future SR. This policy explains what data we collect when your Microsoft 365 tenant uses Confr, how we use it, and the choices you have.

For questions, contact support@confr.chat.

What data we collect

Microsoft 365 directory data

When your IT admin grants Confr admin consent, our bot reads from your Microsoft Entra directory via the Microsoft Graph permission User.Read.All: display name, user principal name (UPN), job title, department, and Entra Object ID. This is used to resolve the people a launcher picks for an investigation into Teams user identities the bot can message.

Interview content

When a participant chats with the Confr bot in Microsoft Teams, the bot stores the conversation transcript, any files the participant attaches, and a structured digest of the responses. The transcript is used solely to produce the investigation report for your tenant and is never shared outside it.

Operational telemetry

Confr records anonymous error events (stack traces, request paths, HTTP status codes) for debugging. We do not record personal data in telemetry beyond what is required to reproduce a bug.

How we use it

• Conduct the investigation your launcher requested and produce the report.
• Surface participants' testimony to the launcher in anonymised form by role tag.
• Operate Confr (reliability, security, billing).

We do not use your tenant's data to train Confr's underlying AI models. The Anthropic Claude API is configured with zero-data-retention; prompts and completions are not retained by Anthropic.

Anonymity firewall

Confr's report-generation pipeline scans for participant names + identifying information before publication and refuses to render reports that fail the scan. The Brain agent never sees raw personal names — only role tags (e.g. “Engineering Manager A”). This is enforced in code; the launcher cannot override it.

Where your data lives

Confr's application code runs on Vercel in Frankfurt, Germany (region fra1). Application data is stored in Neon Postgres in Frankfurt (region eu-central-1) with per-tenant Row-Level Security enforced at the database level. Interview attachments are stored in Microsoft Azure Blob Storage in West Europe (Amsterdam). All data in transit and at rest is encrypted.

Customer data does not leave the EU except for AI inference, which is performed by Anthropic in the United States under their zero-data-retention configuration (your prompts and completions are not retained by Anthropic). Standard Contractual Clauses (Article 46 GDPR) cover this transfer.

Sharing

We never sell your data. We share data with vendors only as needed to operate the service:

• Microsoft — your tenant's own Graph + Bot Framework infrastructure (your existing data residency).
• Neon — application database (Frankfurt, Germany).
• Vercel — application hosting + serverless function execution (Frankfurt, Germany).
• Azure — attachment blob storage (West Europe / Amsterdam).
• Anthropic — AI inference (United States, zero-data-retention).

Retention

Default retention is 12 months for investigation data + 90 days for telemetry. Tenant admins can override per-tenant retention via /settings/retention. Deletion requests are honoured within 30 days; contact support@confr.chat.

Your rights

EU / UK residents have access, rectification, erasure, restriction, portability, and objection rights under GDPR / UK GDPR. To exercise them, email support@confr.chat from the address you use to sign into Confr.

Changes

When this policy changes materially, we update the “Last updated” date and notify tenant admins via email + an in-product banner.