Privacy Policy | Patent Figure Generator — AI Patent Drawing Software

Overview

This Privacy Policy explains how PatentFig AI ("we", "us", "our") collects, uses, discloses, and protects information when you use our website and services, including AI-assisted patent figure generation tools.

By accessing or using the Service, you agree to this Privacy Policy.

Information We Collect

We may collect the following categories of information:

Account Information: name, email address, login provider details, profile data.
Billing Information: subscription plan, transaction IDs, payment status, and billing history (processed by payment providers).
User Content: prompts, uploaded images, sketches, generated outputs, and project metadata.
Usage Data: feature usage, clicks, page views, referrer URLs, and session information.
Device and Technical Data: IP address, browser type, operating system, device identifiers, and log records.
Support Communications: messages submitted through contact channels and support requests.

How We Use Information

We use information to:

provide, maintain, and operate the Service;
generate and edit patent figures and related outputs on your behalf;
authenticate users and secure accounts;
process subscriptions, credits, and payments;
detect fraud, abuse, security incidents, and service misuse;
communicate service updates, account notices, and support responses;
analyze performance and reliability of the Service;
comply with legal obligations and enforce our Terms.

Legal Bases (Where Required)

Depending on your jurisdiction, we process data based on one or more of the following:

your consent;
performance of a contract with you;
compliance with legal obligations;
legitimate interests (such as service security and operational reliability).

AI Processing and Model Training

We understand that how your data interacts with AI models is a primary concern, particularly for professionals handling patent and other confidential materials. Our commitments:

We do not use your prompts, uploaded images, generated outputs, or project metadata to train our own AI models.
We do not permit any third-party AI provider to train on your content. When we route requests through third-party AI providers to generate outputs on your behalf, we do so exclusively through API access under contractual terms that prohibit the provider from using customer inputs or outputs for model training, fine-tuning, or other improvement of their models.
No human review for training purposes. We do not review user content for the purpose of training, improving, or benchmarking AI models.
Limited human access to user content may occur only (i) when you submit a support request that requires it, (ii) where required by law, or (iii) to investigate a confirmed abuse or security incident, and in each case only by authorized personnel under confidentiality obligations.

Confidential Treatment of User Content

We recognize that patent drawings, invention disclosures, and related technical materials frequently contain confidential, trade-secret, or pre-filing information. All user content uploaded to or generated by the Service is treated as confidential customer content.

We do not sell, rent, or otherwise make user content available to third parties for their own purposes. We do not publicly display, index, or share user content. User content is used only to operate the Service for you.

Business customers handling sensitive materials may enter into a Confidentiality Agreement and a Data Processing Agreement (DPA) with us — see Business Customers and Data Processing Agreements below.

Cookies and Similar Technologies

We use cookies and similar technologies to:

keep you signed in;
remember preferences;
understand service usage;
improve stability and performance. See our Cookie Policy for more details.

We do not sell your personal information. We may share information with:

Service Providers and Subprocessors (see list below): hosting, storage, AI processing, analytics, authentication, email, and payment processors, acting on our behalf under written agreements.
Legal and Compliance Parties: when required by law, court order, or valid regulatory request.
Corporate Transaction Parties: in connection with mergers, acquisitions, financing, or asset sales, subject to continuity of this Privacy Policy. Recipients are permitted to process data only for the specified service purpose and under appropriate confidentiality and security safeguards.

Subprocessors

We engage a limited set of subprocessors to operate the Service. Primary subprocessors include:

Subprocessor	Purpose	Location
Vercel, Inc.	Application hosting and delivery	United States
Cloudflare, Inc.	Object storage (R2) and content delivery	Global (Cloudflare network)
Google LLC	AI model inference for generation features	United States
Stripe, Inc.	Payment processing and billing	United States

Additional subprocessors may be engaged for supporting functions such as product analytics, transactional email delivery, and customer support. Business customers may request the full, current subprocessor list and subscribe to update notifications by contacting us at contact@patentfig.ai.

We will provide reasonable advance notice of material changes to the subprocessor list to customers under a Data Processing Agreement.

Data Retention

We retain personal data for the following periods:

Active account content (projects, uploads, generated figures): retained while your account is active; deletable on demand through your dashboard. Deleted items are removed from primary storage immediately and purged from backups within 30 days.
Closed accounts: account data and associated user content are permanently deleted within 30 days of account closure, subject to the limited exceptions below.
Backups: rotated and purged on a 90-day cycle.
Billing, tax, and transaction records: retained for up to 7 years where required by tax, accounting, and anti-fraud regulations.
Support communications: retained for up to 24 months to provide continuity of service.
Audit and security logs: retained for up to 12 months. Business customers may agree to custom retention schedules through a Data Processing Agreement.

Data Security

We implement administrative, technical, and organizational safeguards designed to protect your information. These include:

Encryption: TLS 1.2 or higher in transit; AES-256 at rest for user content and backups.
Access control: role-based access, least-privilege provisioning for employees, and multi-factor authentication for all administrative accounts.
Key management: secrets managed through provider-grade key management services.
Monitoring: audit logging on privileged actions, anomaly detection, and error monitoring on production services.
Vendor diligence: primary subprocessors operate under recognized security programs such as SOC 2 or ISO 27001. No internet-based service can guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for configuring access within your organization.

Breach Notification

In the event of a confirmed data breach affecting your personal data or user content, we will notify affected customers without undue delay and, where feasible, within 72 hours of confirmed discovery. Notifications will include, to the extent known at the time:

the nature and scope of the incident;
the categories of data affected;
the steps we have taken or are taking to contain and remediate the incident;
recommended actions you may take. We will provide timely updates as additional information becomes available.

International Data Transfers

Your information may be processed in countries other than your own, including the United States. Where required by applicable law, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) and apply supplementary safeguards.

Your Rights and Choices

Depending on local law, you may have rights to:

access personal data;
correct inaccurate data;
delete data;
object to or restrict processing;
withdraw consent;
request portability of applicable data. To exercise rights, contact us at contact@patentfig.ai. We may need to verify your identity before processing requests, and we will respond within the timeframes required by applicable law.

Business Customers and Data Processing Agreements

For business, enterprise, and professional-services customers (including law firms and corporate IP teams), we offer:

Data Processing Agreement (DPA) including Standard Contractual Clauses where applicable.
Mutual Non-Disclosure Agreement (NDA) covering uploaded materials.
No-training guarantee reaffirmed contractually.
Custom retention schedules, subprocessor update notifications, and, for annual contracts, additional controls such as SSO and region-restricted processing. For a procurement-oriented summary of these commitments, see our Trust & Security page. To request any of the above, contact contact@patentfig.ai.

Children

The Service is not directed to children under 13 (or a higher minimum age where required by local law). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete it.

Third-Party Links and Services

The Service may contain links to third-party websites or tools. Their privacy practices are governed by their own policies, and we are not responsible for their content or practices.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material updates will be reflected by revising the date above and, where appropriate, by providing additional notice. Business customers under a DPA will receive notice of material changes as provided in the DPA.

Contact Us

For privacy questions, data subject requests, or to request a DPA or NDA, contact us at contact@patentfig.ai.