Who are your primary subprocessors?

Primary subprocessors currently include Google for AI inference, Vercel for application hosting, Cloudflare for object storage and delivery, and Stripe for payments and billing.

Trust & Security | PatentFig AI - 特許図面生成

Q: Do you train on customer data?

No. PatentFig does not use customer prompts, uploads, outputs, or project metadata to train its own models, and does not permit third-party AI providers to train on customer content submitted through the service.

Q: Can you sign a DPA or NDA?

Yes. PatentFig can provide DPA and NDA terms for business customers and can reaffirm no-training commitments contractually.

Q: What is your breach-notification commitment?

PatentFig notifies affected customers without undue delay and, where feasible, within 72 hours of confirmed discovery of a breach affecting customer data or customer content.

Overview

This page summarizes the privacy, confidentiality, and security commitments most often reviewed by law firms, in-house IP teams, and procurement teams before adopting PatentFig.

It is intended as a practical companion to our Privacy Policy and Terms of Service. If you need a signed DPA, NDA, or a current subprocessor list, contact contact@patentfig.ai.

Do You Train on Customer Data?

No.

We do not use customer prompts, uploads, outputs, or project metadata to train our own AI models.
We do not permit third-party AI providers to train on customer content submitted through our service.
We do not review customer content for AI training, benchmarking, or model-improvement purposes.

Customer content is used only to provide, secure, and support the service.

Confidential Treatment of Patent Materials

We understand that patent drawings, invention disclosures, and pre-filing technical materials often contain confidential or trade-secret information.

PatentFig treats uploaded materials and generated outputs as confidential customer content:

we do not sell, rent, publish, or index customer content;
we do not share customer content except with subprocessors strictly necessary to deliver the service;
access is limited to authorized personnel and only when needed for support, legal compliance, or investigation of a confirmed abuse or security issue.

Business customers may request a mutual NDA and a DPA for formal contractual coverage.

Primary Subprocessors

Our primary subprocessors currently include:

Provider	Purpose
Google LLC	AI model inference for generation features
Vercel, Inc.	Application hosting and delivery
Cloudflare, Inc.	Object storage and content delivery
Stripe, Inc.	Payment processing and billing

We may also use additional providers for supporting functions such as transactional email, analytics, authentication, and customer support. Business customers may request the current full subprocessor list.

DPA, NDA, and Business Terms

For business, law-firm, and enterprise customers, PatentFig can support:

Data Processing Agreements (DPA), including Standard Contractual Clauses where applicable;
mutual Non-Disclosure Agreements (NDA);
contractual no-training commitments;
custom retention terms and subprocessor update notices in appropriate commercial arrangements.

To start a review, contact contact@patentfig.ai.

Retention and Deletion

Our current retention approach is:

active account content is retained while the account remains active;
closed accounts are deleted within 30 days, subject to limited legal, tax, accounting, and anti-fraud retention obligations;
backups are rotated and purged on a 90-day cycle;
billing, transaction, audit, and security records may be retained for longer where required by law or operational necessity.

For a full statement of retention terms, see our Privacy Policy.

Security Controls

PatentFig applies administrative, technical, and organizational safeguards designed to protect customer data, including:

encryption in transit and at rest;
least-privilege access controls;
multi-factor authentication for administrative accounts;
audit logging and production monitoring;
provider diligence for core infrastructure and payment vendors.

No internet-based service can guarantee absolute security, but protecting confidential patent materials is a core design requirement for the service.

Breach Notification

If PatentFig confirms a breach affecting customer personal data or customer content, we notify affected customers without undue delay and, where feasible, within 72 hours of confirmed discovery.

Initial notices are intended to include:

the nature and scope of the incident;
the categories of data affected;
the mitigation steps taken or underway;
recommended customer actions, where relevant.

Procurement FAQ

Can you sign a DPA or NDA?

Yes. We can provide DPA and NDA templates for business customers.

Do you offer a no-training commitment?

Yes. Our no-training position is reflected in our policies and can also be reaffirmed contractually for business customers.

Do you provide a subprocessor list?

Yes. Primary subprocessors are listed above, and business customers may request the current full list.

Where can I start a privacy or security review?

Email contact@patentfig.ai and include any procurement questionnaire, NDA, or DPA requirements.