patentideagenerator

# Privacy Policy Last updated: 2026-04-22 patentideagenerator ("we," "us," "the Platform") respects your privacy. This policy describes what we collect, why, and how you control it. ## What we collect ### Account data - Email address (for login + notifications) - Password (hashed; never stored in plaintext) - Name (for filing purposes) - Stripe customer ID (for billing; your card details are held by Stripe, not us) ### Persona data - Resume contents (if uploaded) - LinkedIn URL + publicly available information from that profile - Prior USPTO patents (retrieved from public USPTO records) - Technical domains of interest (selected by you) - Filing preferences + exclusions (as you configure) ### Generated content - Invention candidates synthesized by the Platform for your persona - Draft patent applications produced by the Platform - Filing submissions + USPTO receipts ### Usage data - Pages visited, features used, actions taken in the Platform - Browser + device metadata for security (IP, user agent, timestamps) - Error logs for debugging ### Communications - Email interactions (opens, clicks via Resend webhooks) - Support conversations ## What we do NOT collect - Contents of emails outside our platform - Browsing history beyond our site - Biometric data - Financial account numbers (Stripe holds these) - Social Security Numbers ## How we use data - **Operate the Platform:** deliver the service you signed up for (synthesize candidates matched to your persona, draft applications, file at USPTO) - **Improve quality:** aggregate + anonymized analysis to improve synthesis quality - **Communicate:** send your daily digest, transactional emails, service updates - **Bill correctly:** determine fees and process subscriptions - **Detect abuse:** identify suspicious activity (credential stuffing, fraud) - **Comply with law:** respond to lawful legal requests ## What we do NOT do with your data - **We do NOT sell your data.** Not to advertisers. Not to brokers. Not to anyone. - **We do NOT train third-party AI models on your persona data.** Our LLM providers (Anthropic, OpenAI) are on zero-data-retention enterprise tiers that contractually prohibit use of your content for model training. - **We do NOT share your drafts with other users.** Your pre-publication patent drafts are encrypted and visible only to you + the platform workers processing them. - **We do NOT publish your filings.** Your filings become publicly available via USPTO at the 18-month publication date as required by law — not by our action. ## Data retention - **Signals** (external public data): 180 days, then archived - **Synthesized candidates that you skip or reject:** 90 days - **Approved candidates, drafts, filings:** retained as long as your account is active; 7 years after account closure for legal-adjacent records - **Persona data:** retained while your account is active; deleted within 30 days of account closure - **Audit logs:** 7 years (security + compliance) - **Billing records:** 7 years (tax requirement) ## Your rights You can: - **Access** your data: request a full export (machine-readable JSON + uploaded files) - **Correct** your data: edit your persona any time in /settings - **Delete** your data: request account deletion; we'll confirm + remove within 30 days, subject to the retention exceptions above for filed patents and legal records - **Port** your data: export in JSON + download uploaded files - **Object** to specific processing: contact us Email privacy@patentideagenerator.com to exercise any right. ## Security - Data encrypted at rest (AES-256) and in transit (TLS 1.3) - Passwords hashed with bcrypt - Patent Center credentials encrypted with AES-256-GCM; decrypted only in memory at filing time - Access audit-logged - Principle of least privilege for all internal roles - Annual security review; penetration testing pre-launch (Phase 3) Despite best efforts, no security is perfect. If we learn of a breach affecting your persona data, we notify you within 72 hours. ## Sub-processors We use the following third parties to operate the Platform: - **Supabase** (database, storage, authentication) — data hosted in US regions - **Vercel** (web hosting) - **Fly.io** (worker compute) — filing workers deploy in US regions - **Stripe** (billing; your card details held here, never us) - **Anthropic** (LLM; zero-data-retention tier) - **OpenAI** (LLM fallback; zero-data-retention tier) - **Resend** (transactional email) - **Inngest** (job queue) - **Cloudflare** (DNS + CDN) Each sub-processor has signed a data protection addendum. We review their certifications annually. ## International transfers We are a US service. Data is stored in US regions. If you're located outside the US and sign up, you consent to international transfer for the purposes of providing the Platform. ## Children Platform is not intended for users under 18. We do not knowingly collect data from children. ## Changes We may update this policy. Material changes will be communicated by email with 30 days' notice. Continued use after changes = acceptance. ## Contact - **Data Protection Officer:** privacy@patentideagenerator.com - **Security:** security@patentideagenerator.com - **General:** hello@patentideagenerator.com © 2026 patentideagenerator. All rights reserved.