Privacy Policy
This Privacy Policy explains how PlainPatents ("we", "us") collects, uses, and protects personal data when you use plainpatents.com and the patent briefing service we deliver by email.
1. Data Controller
[OPERATOR_NAME]
Tax ID: [OPERATOR_TAX_ID]
Address: [OPERATOR_ADDRESS]
Contact: contact@plainpatents.com
Privacy requests: privacy@plainpatents.com
2. What we collect
- Email address
- Project description (the free-text you enter at onboarding)
- Competitor names you choose to watch (optional)
- Industry, timezone (auto-detected), language preference
- Feedback signals (thumbs up/down on individual patents) and reason chips you select
- Account password (stored as a one-way hash, never plaintext)
- Consent timestamp (the moment you ticked the GDPR checkbox at signup)
We do not collect: payment card details (handled by our billing provider), browsing history outside our site, social profiles, or any special-category data (health, political views, biometrics, etc.).
3. Purposes and legal basis (GDPR Art. 6)
| Purpose | Legal basis |
|---|---|
| Send patent briefings | Consent — Art. 6(1)(a) |
| AI keyword extraction and patent summarization | Contract performance — Art. 6(1)(b) |
| Relevance scoring and feedback calibration | Legitimate interest — Art. 6(1)(f) |
| Account management and authentication | Contract performance — Art. 6(1)(b) |
| Billing and subscription management | Contract performance — Art. 6(1)(b) |
| Security, fraud prevention, abuse detection | Legitimate interest — Art. 6(1)(f) |
4. AI disclosure (EU AI Act Art. 50)
PlainPatents uses artificial intelligence to provide its core service. Specifically, we use Anthropic Claude models to: extract keywords from your project description, classify keywords to IPC codes, generate plain-English summaries of patent claims and abstracts, filter patents by relevance, and translate summaries into your chosen language.
Patent summaries and relevance assessments are generated by artificial intelligence. AI outputs may contain errors or omissions. PlainPatents does not guarantee completeness or accuracy. Under the EU AI Act, our use of AI is classified as minimal risk (informational only, no automated decisions producing legal effects, no profiling of natural persons).
5. Sub-processors
We rely on the following processors. All are bound by Data Processing Agreements under GDPR Art. 28.
| Processor | What they see | Region |
|---|---|---|
| Supabase (database, auth) | All account data | EU (Ireland) |
| Vercel (hosting) | Request logs, IP addresses | EU (Dublin) |
| Resend (transactional + briefing email) | Email addresses, briefing content | US |
| Anthropic (AI summarization) | Project description, patent text, feedback | US |
| Google Cloud Vision (OCR) | Patent images only — no user PII | US |
| Microsoft Azure (translation) | Patent text only — no user PII | EU |
| European Patent Office (patent data source) | Public patent records — no user PII shared | EU |
6. International data transfers
Some sub-processors are based outside the EU/EEA, primarily in the United States. Transfers are protected by Standard Contractual Clauses (SCCs) or, where applicable, the EU-US Data Privacy Framework. You can request a copy of these safeguards by emailing privacy@plainpatents.com.
7. Cookies
We use only essential cookies required to keep you signed in (Supabase session cookie) and to protect form submissions (CSRF token). These do not require consent under the ePrivacy Directive.
We do not use advertising cookies, social-network tracking pixels, or third-party analytics that profile individual visitors.
8. Data retention
| Data | Retention period |
|---|---|
| Active account data | Duration of your account |
| Deleted accounts | 30 days soft-delete, then permanent purge |
| Patent data (public records) | Indefinite — not personal data |
| Feedback signals | Duration of your account |
| ETL processing logs | 1 year |
| Billing records (when applicable) | As required by tax law (typically 6 years in Spain) |
9. Your rights (GDPR)
You have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten")
- Restrict or object to processing
- Port your data to another service in a machine-readable format
- Withdraw consent at any time (one-click unsubscribe in every email, or delete your account at /account)
- Lodge a complaint with the Spanish data protection authority (Agencia Española de Protección de Datos, aepd.es) or your local supervisory authority
To exercise any of these rights, email privacy@plainpatents.com. We respond within 30 days, free of charge.
10. Children
PlainPatents is not directed at, and we do not knowingly collect data from, anyone under 16 years old.
11. Security
Data in transit is encrypted with TLS. Database access is gated by row-level security policies; passwords are hashed with bcrypt. We follow industry-standard practices but cannot guarantee absolute security.
12. Changes to this policy
We may update this policy as the service evolves. Material changes will be communicated by email at least 30 days before taking effect. The "Last updated" date at the top of this page always reflects the latest revision.