Log In
Book a Demo

Privacy, Security & AI Transparency Policy

1. Introduction & Scope

This Policy explains how IP Author (“we,” “our,” or “us”) protects personal data and confidential intellectual property. This document serves as a comprehensive guide for all stakeholders—including developers, administrators, and end-users—to ensure the utmost confidentiality and integrity of data processed by our AI-powered patent drafting tools.

This Policy describes IP Author’s approach to data protection, security, and AI transparency.

Personal data collected through IP Author’s public website (such as demo requests, contact forms, and analytics) is governed by this Policy.

 

Customer data and patent-related content processed within the authenticated IP Author platform is handled under contractual agreements and customer instructions.

2. Our Role & Data Ownership

  • Data Ownership: Users and their organizations retain full and exclusive ownership of all intellectual property, invention disclosures, and patent drafts uploaded to or generated by the Services.
  • Data Processor: IP Author acts as a Data Processor for patent-related content, processing it solely on documented customer instructions.
  • Data Controller: IP Author acts as a Data Controller only for limited account information (e.g., billing and login credentials).

3. The "Zero-Training" AI Guarantee

We recognize that confidentiality is the cornerstone of patent prosecution. Our AI architecture is built on the following principles:
  • No AI Training: We explicitly guarantee that no customer-provided data, prompts, or AI-generated outputs are ever used to train, retrain, or improve the foundational Large Language Models (LLMs) used by IP Author or our third-party AI providers.
  • Transient Processing: Inputs are transmitted via secure, encrypted channels to enterprise-grade LLM infrastructure for real-time analysis only. Data is not retained by the LLM provider beyond the immediate processing window.
  • Contextual Privacy: Our collaboration between human expertise and AI proficiency ensures a seamless experience without exposing your "secret sauce" to global AI models.

4. Security Architecture & Data Flow

IP Author utilizes a “Security-First” framework hosted on Amazon Web Services (AWS).
  • Network Isolation: The application is deployed within an AWS Virtual Private Cloud (VPC) with segregated private and public subnets, isolating sensitive components from the public internet.
  • Encryption in Transit: All data transmitted between the client, application servers, and AI endpoints is safeguarded through SSL/TLS 1.2+ encryption protocols.
  • Encryption at Rest: Patent data and user credentials are encrypted by default using AWS Key Management Service (KMS) with AES-256 industrial-grade encryption.
  • Data Residency: * US Customers: Data is stored in AWS US-based Data Centers.
  • EU Customers: Data is stored and processed within AWS regions located in the European Union to ensure GDPR compliance.

5. Access Control & Authentication

  • Identity Management: We utilize trusted authentication services (e.g., Auth0) to manage user access. Passwords are encrypted and never stored in plain text.
  • Restricted Admin Access: Access to the backend systems is strictly limited to authorized IT Administrators. Access to actual Patent Data (inputs/outputs) is restricted by default and is only granted if a customer specifically requests technical support for a specific application issue.
  • Audit Logging: Every instance of administrative access is meticulously logged and subject to audit to ensure total transparency.

6. Data Storage, Residency & Security

To ensure data sovereignty, we adhere to a strict retention schedule:
  • Default Retention: Patent data is retained for the duration of your active subscription to provide a seamless drafting experience.
  • Automated Deletion: Unless otherwise requested, user data will be automatically deleted 30 days after project completion or account termination to minimize data footprint.
  • On-Demand Deletion: Users may request the immediate, secure erasure of their data at any time.
  • Backups: Daily encrypted backups are maintained for disaster recovery purposes. These are kept for a limited period and overwritten according to our software integrity policy.

7. Incident Management & Response

In the event of a suspected security breach, IP Author maintains an Information Security Incident Response Team (ISIRT):
  • Investigation: Led by the IT Lead, the team will immediately restrict system access to prevent further exposure.
  • Mitigation: The ISIRT will execute a pre-defined communication and action plan to secure the environment.
  • Notification: We will notify impacted customers and relevant authorities within the timelines mandated by applicable laws (e.g., GDPR, CCPA).

8. Website Tracking & Marketing Analytics

We use industry-standard tools to understand how visitors interact with our website. This data is used solely to improve our marketing and website performance.
  • Analytics & Marketing Tools: We may use tools such as Google Analytics, HubSpot, and LinkedIn Insight Tags to monitor website traffic and user behaviour. These tools collect anonymized data such as IP addresses, browser types, and pages visited.
  • Opt-Out: Users can manage their preferences via our cookie consent banner. Note that your browser may also offer a "Do Not Track" (DNT) setting.
  • The "Drafting Firewall": We maintain a strict separation between our marketing website and the IP Author drafting environment. No marketing trackers (e.g., Meta Pixel or LinkedIn Tags) are ever active within the authenticated drafting interface where your confidential IP is processed.

9. International Data Transfers

Where here personal data is transferred across borders, IP Author relies on Standard Contractual Clauses (SCCs) to ensure a level of protection equivalent to that of the jurisdiction of origin.

10. Information We Collect from the Website

When you interact with our website (e.g., requesting a demo or signing up for a newsletter), we collect the following:
  • Contact Information: Name, work email, phone number, and organization name.
  • Communication Data: Records of your inquiries and our responses.
  • Purpose: This data is used to provide you with requested information, manage your trial account, and send relevant updates about our services. You may opt out of marketing communications at any time.

10. Legal Basis for Processing Personal Data

Where required under applicable laws (including GDPR), IP Author processes personal data based on one or more of the following legal bases:

  • Consent, where you have provided it (e.g., cookies, marketing communications)
  • Performance of a contract or pre-contractual steps (e.g., responding to demo requests)
  • Legitimate interests, such as operating, securing, and improving our website
  • Legitimate interests, such as operating, securing, and improving our website

11. Contact & Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Restrict or object to processing
  • Withdraw consent at any time
  • Request data portability

IP Author Security Team California, United States
Email: support@ipauthor.com