Privacy Policy
1. Who We Are
Patenta is operated from Amsterdam, the Netherlands.
Patenta
Amsterdam, Netherlands
Privacy & DPO: privacy@patenta.ai
Our Data Protection Officer can be reached at the same email address.
Patenta acts as data controller for personal data collected in connection with account registration, authentication, and platform usage, such as names, email addresses, and usage data. Patenta acts as data processor for content submitted by customers in the course of using the service, such as invention descriptions, patent drafts, and uploaded documents, which is processed solely to provide the service on the customer's behalf.
2. What Data We Collect
Account Information
- Email address
- Name (optional)
- Profile picture (if you add one)
- Company name (if provided)
Content You Create
- Invention descriptions and patent drafts
- Documents you upload for parsing
- Search queries
Usage Data
- Features you use and when
- Device type and browser
- IP address (for security)
Payment Information
Stripe acts as our merchant of record for card-based subscription payments. They process billing data and handle PCI compliance. We never see or store your full card details. Direct enterprise invoicing is handled by Patenta directly and does not involve a third-party payment processor.
3. How We Use Your Data
- Provide the Service: Process your invention descriptions, generate drafts, and run patent searches.
- Improve Patenta: Analyze usage patterns to make the product better (we use aggregated, anonymized data for this).
- Customer Support: Help you when you contact us.
- Security: Detect and prevent fraud or abuse.
- Legal Compliance: Meet our legal obligations under EU law.
3a. Legal Basis for Processing
Under GDPR, we process your data based on:
- Contract Performance: To provide the service you subscribed to
- Legitimate Interests: To improve our product, ensure security, and prevent fraud
- Legal Obligation: To comply with tax, accounting, and regulatory requirements
- Consent: For optional features like marketing communications (where applicable)
4. AI Processing & Technology Partners
To provide our services, we work with trusted third-party providers:
AI & Intelligence Processing
- Processes your invention descriptions to generate drafts
- All AI processing occurs within the European Economic Area (EEA)
- Your data is NOT used to train AI models
- Data encrypted in transit and at rest
Infrastructure & Authentication
- Stores your account data and content
- EEA data residency
Payment Processor
- Stripe acts as our merchant of record for card-based subscription payments
- They process billing data and handle PCI compliance
- We never see or store your full card details
- Direct enterprise invoicing is handled by Patenta directly and does not involve a third-party payment processor
A full list of our sub-processors is available upon request at privacy@patenta.ai.
Business customers who require a Data Processing Agreement (DPA) may request one at privacy@patenta.ai.
5. We Don't Train on Your Data
Your invention descriptions, drafts, and documents are never used to train AI models. We ensure that all processing environments (including those of our technology partners) have data training strictly disabled. Your intellectual property remains strictly confidential.
6. Data Retention
- Account Data: Kept for the duration of your subscription.
- Content (Drafts, Searches): Retained for 30 days after account cancellation, then permanently deleted.
- Usage Logs: Anonymized after 90 days.
- Payment Records: Retained for 7 years for tax/legal compliance.
You can request immediate deletion of your data at any time by contacting us.
7. Your Rights (GDPR)
As an EU resident, you have the right to:
- Access: Request a copy of all data we hold about you.
- Rectification: Correct inaccurate personal data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Data Portability: Export your data in a machine-readable format.
- Restriction: Limit how we process your data.
- Object: Object to data processing based on legitimate interests.
- Withdraw Consent: Where processing is based on consent, withdraw it anytime.
To exercise these rights, email privacy@patenta.ai. We'll respond within 30 days.
7a. Automated Processing
Our AI models generate outputs to support your research. All outputs require human review before use. No automated decision with legal or significant effect is made about you based on your use of the service.
8. Data Security
- All data encrypted in transit (HTTPS/TLS 1.2+)
- Data encrypted at rest (AES-256)
- Access restricted to authorized personnel only
- Regular security audits
- Two-factor authentication available for accounts
8a. Data Breach Notification
In the unlikely event of a data breach affecting your personal data, we will:
- Notify the Dutch Data Protection Authority within 72 hours (as required by GDPR)
- Inform affected users without undue delay if the breach poses a high risk to your rights
- Provide details about the nature of the breach and steps we're taking to address it
9. Data Location
All your data is processed and stored within the European Economic Area (EEA). We do not transfer your personal data outside the EEA.
11. Children's Privacy
Patenta is not intended for users under 16. We don't knowingly collect data from children.
12. Changes to This Policy
We may update this policy occasionally. For significant changes, we'll notify you by email at least 14 days in advance.
13. Complaints
If you're unhappy with how we handle your data, you can complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
Contact Us
Questions about privacy? Email us at privacy@patenta.ai