Concord

Concord for Enterprise

Concord, inside your own systems.

The same calm path to agreement, wired into your stack. A full API, role-based access, single sign-on and headless access, on a privacy-by-design foundation your security team can sign off on.

Talk to us See the capabilities

Built for legal teams, platforms and organisations resolving disputes at scale.

Enterprise teams need a tool that fits: their identity, their roles, their records, their rules.

Capabilities

Everything an enterprise expects

Concord is built to run as part of your environment, with the integration surface, controls and guarantees that procurement and security teams ask for.

Full API

A clean, documented REST API covers the whole lifecycle: create matters, frame issues, capture decisions, generate the final document. Webhooks push state changes to your systems as they happen.

Headless access

Use Concord as the engine behind your own interface. Drive the entire agreement process programmatically and present it inside your product, portal or case-management system, in your brand on our method.

Role-based access control

Granular RBAC for parties, mediators, administrators and observers. Define exactly who can see, edit and sign what, scoped per matter, per organisation, per role.

SSO & SCIM

Single sign-on via SAML 2.0 and OIDC, with SCIM provisioning so accounts and groups stay in lockstep with your identity provider, including Okta, Entra ID and Google Workspace.

Audit logging

A complete, tamper-evident record of every action (who did what, and when), exportable to your SIEM. The same trail that makes an agreement defensible makes compliance straightforward.

Data residency & control

Choose where data lives, set retention and deletion policies, and keep each side's space genuinely separate. Privacy-by-design is the architecture here, built in from the start.

Integration in practice

How a rollout works

No big-bang migration. We start with your requirements, connect the pieces in order, and only go live once each part is signed off. The path in stays as calm as the process itself.

  1. Scope & security review

    We start with what you need to integrate and what your security team needs to see. Bring your questionnaire and we'll map your requirements to what's in place, what's configurable and what's on the roadmap.

  2. Connect identity & roles

    Wire up single sign-on via SAML 2.0 or OIDC and turn on SCIM provisioning, then define your RBAC model: who can see, edit and sign what, scoped per matter, role and organisation.

  3. Integrate via API or go headless

    Build against the REST API and subscribe to webhooks, or run Concord headless behind your own interface. We help with the first integration and keep you supported as you extend it.

  4. Onboard teams & go live

    Bring your people and, where relevant, your panel of mediators on board, set retention and data policies, then roll out gradually, starting with a pilot team before opening it up.

Who it's for

Built for teams resolving disputes at scale

Concord fits wherever disagreements need to become signed agreements, whether you run the process yourself or embed it for others.

Law firms & chambers

Run structured negotiations and mediations with a defensible audit trail behind every decision, and hand clients a clear, signed document at the end.

In-house legal teams

Standardise how disputes are handled across the business, keep records in one place, and slot Concord into the case and identity systems you already run.

Platforms & marketplaces

Embed dispute resolution directly in your product. Drive the whole process through the API or headless, under your own brand, so users never leave your experience.

Public sector & ombudsman-style bodies

Handle high volumes of cases with consistent process, configurable retention and the data controls that public-facing organisations are held to.

HR & people teams

Work through workplace disputes and grievances along a calm, structured path, with each party's space kept genuinely separate and a clear record of what was agreed.

Not sure where you fit? Browse the use cases or talk to us.

Security & compliance

Designed to pass review

Concord is built by a team whose background is privacy-by-design and security in legal tech. The controls below are foundational, part of the design from the start.

  • Encryption

    Data encrypted in transit (TLS 1.2+) and at rest, with key management isolated per environment.

  • Least-privilege access

    Internal access follows least-privilege principles, logged and reviewable end to end.

  • Tenant isolation

    Each organisation's data is logically isolated; each party's space is separated within it.

  • Data processing terms

    DPA, sub-processor transparency and GDPR-aligned data handling available on request.

  • Configurable retention

    Set how long matters and documents persist, with verifiable deletion when they expire.

  • Exportable everything

    Your data is yours. Export matters, decisions, documents and audit logs at any time.

Working through a formal security review? Tell us your requirements and we'll map them to what's in place and what's on the roadmap.

The foundation

Built on a privacy-by-design foundation

Concord is built by a team whose hands-on experience includes data-protection and security engineering, so the controls security teams ask about are part of the design from the start. Meet the people behind it.

Data-protection experience

Practical GDPR and data-protection work shapes how matters are stored, accessed and retained. Privacy considerations are designed in from the start.

Encryption as standard

Encryption in transit and at rest is the default, with key management isolated per environment, drawing on hands-on experience securing sensitive data.

Data residency & hosting

Experience with cloud hosting and data-residency requirements informs where data can live and how it stays there, so regional and residency needs can be met as you grow.

Security engineering mindset

A security-engineering background means least-privilege access, isolation and an auditable trail are treated as architecture, the way the system is meant to work.

Enterprise FAQ

The questions teams ask first

The short answers below reflect where Concord is today. Where something isn't fixed yet we'll say so honestly, and it's available to discuss.

Can we self-host or get a dedicated environment?

Concord runs on our managed cloud, with dedicated environments and regional hosting available for teams with stricter isolation or residency requirements. If you need something more bespoke, it's available to discuss.

Which identity providers do you support?

Single sign-on via SAML 2.0 and OIDC, with SCIM provisioning to keep accounts and groups in sync. That covers providers such as Okta, Entra ID and Google Workspace; tell us yours and we'll confirm the fit.

Can we use Concord purely via API or headless?

Yes. A documented REST API and webhooks cover the whole lifecycle, so you can run Concord entirely behind your own interface, where the engine is ours and the experience is yours.

How is each party's data kept separate?

Each organisation's data is logically isolated, and within a matter each party's space is separated from the other's. Access follows least-privilege rules and every action is recorded in the audit trail.

Do you offer a DPA?

Yes. A data processing agreement, sub-processor transparency and GDPR-aligned data handling are available on request, and we're happy to work through your standard terms.

What does support look like?

Enterprise customers get hands-on onboarding and a direct line to the team, with uptime commitments and response targets matched to your needs. The specifics are available to discuss as part of scoping.

Deployment & support

Set up to fit how you work

Flexible deployment

Start on our managed cloud, with options for dedicated environments and regional hosting for teams with stricter residency requirements.

Onboarding & integration

Hands-on help wiring Concord into your identity provider, case systems and workflows, so it ends up live and useful rather than merely installed.

SLAs & priority support

Uptime commitments and a direct line to the team for enterprise customers, with response targets matched to your needs.

Mediator network

Bring your own panel of mediators or draw on ours. Concord keeps a human in the loop wherever your process needs one.

Talk to us

Let's see how Concord fits.

Tell us about your organisation and what you need to integrate. We'll walk you through the API, the controls, and what a rollout looks like.

We'll only use your email to get in touch about enterprise access.