Privacy Policy

1. About This Policy and Data Controller

This Privacy Policy applies to ipnite.com, app.ipnite.com, and all related products, services, AI-assisted workflows, and communications (collectively, the "Services") operated by ik-holcan LLC, a Delaware limited liability company ("IPnite," "we," "us," or "our").

This Policy is designed to comply with the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the European Union General Data Protection Regulation (GDPR), Brazil's Lei Geral de Proteção de Dados (LGPD), and applicable consumer privacy laws in Mexico, Argentina, and other jurisdictions.

For privacy questions or to exercise your rights: info@ipnite.com.

2. Information We Collect

Information you provide directly:

• Account and identity data: name, email address, username, account ID, and password credentials.
• Professional information: professional affiliation or patent practitioner credentials, if voluntarily provided.
• Invention materials and patent content: invention disclosures, technical descriptions, drawings, documents, notes, prior-art references, trade secret materials, prompts, and any files submitted to the Services. We apply heightened protections to this category (see Section 6).
• Communications: support requests, feedback, and correspondence you send us.
• Payment metadata: transaction records, credit purchase history, and billing identifiers. We use third-party payment processors and do not store full payment card numbers.

Information collected automatically:

• Usage and activity data: pages visited, features used, session duration, interaction logs, and workflow activity.
• Device and network data: IP address, browser type, operating system, device identifiers, and referring URL.
• Cookies and similar technologies: described in Section 7.

We do not collect social security numbers, government identification numbers, precise geolocation beyond country or region level, biometric data, or health and medical information through the Services.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

• Contract performance: to create and manage your account and deliver the Services you request.
• Legal obligation: to comply with applicable legal requirements, tax obligations, and lawful government orders.
• Legitimate interests: for platform security, fraud prevention, abuse detection, product improvement, and service communications, balanced against your rights and interests.
• Consent: for optional activities such as marketing communications or any future opt-in programs. You may withdraw consent at any time without affecting the lawfulness of prior processing.

4. How We Use Your Information

We use information collected only for the following purposes:

• Account management: creating, securing, and maintaining your account.
• Service delivery: operating AI-assisted workflows, generating patent draft outputs, processing credits, and providing platform features.
• Payment processing: completing transactions through our payment processors.
• Security and fraud prevention: detecting and preventing unauthorized access, abuse, and fraudulent activity.
• Customer support: responding to requests and resolving issues.
• Legal compliance: meeting applicable legal, tax, and regulatory obligations.
• Platform analytics: aggregate, anonymized analysis of usage patterns to improve the Services. We do not build individual profiles for advertising purposes.
• Communications: transactional notices (account, billing, security alerts). Marketing communications only with your consent, which you may withdraw at any time.

We do not use your personal information for purposes incompatible with those described above without your prior consent.

5. Demographic and Aggregate Data

IPnite may analyze aggregate, non-identifiable demographic information — such as geographic region, professional category, and usage patterns — solely to improve platform features, understand user needs, and ensure the Services work effectively for different inventor and practitioner communities. This analysis does not identify individual users and is not shared with third parties in identifiable form.

We do not build individual user profiles for advertising, profiling, or sale to data brokers.

6. Invention Materials and Patent Content

Your invention disclosures, patent draft materials, technical descriptions, prior-art research, and related documents represent sensitive and potentially commercially valuable information. We apply the following specific protections:

• We do not use your invention disclosures, patent draft materials, claims, or technical descriptions to train general-purpose AI models, unless you expressly opt in or provide written consent.
• Patent writing sessions may be subject to a security countdown of approximately 48 hours, after which project information may be deleted, purged, anonymized, or made inaccessible from the platform.
• Access to your invention materials is restricted to systems and personnel necessary to deliver the Services.
• If you believe any invention material has been mishandled, contact us immediately at info@ipnite.com.

7. Cookies and Tracking Technologies

Essential cookies: required for authentication, session management, security, and core functionality. These cannot be disabled without disrupting the Services.

Analytics cookies: we may use aggregate, anonymized analytics tools to understand how users interact with the Services. We do not use these for cross-site tracking or advertising profiling.

No advertising cookies: we do not use third-party advertising cookies, cross-context behavioral tracking, or sell or share data with advertising networks.

You may manage cookies through your browser settings. Disabling essential cookies will affect Service functionality.

8. Service Providers and Data Processors

We engage trusted service providers to operate the Services, including providers of cloud hosting and infrastructure, authentication, payment processing, AI model infrastructure, analytics, email and communications, and security services. These providers:

• Access your information only as necessary to perform services on our behalf.
• Are bound by contractual obligations restricting their independent use of your data.
• For EEA/UK residents: transfers to service providers outside the EEA are governed by GDPR-compliant Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.
• For Brazil residents: transfers are governed by mechanisms compliant with LGPD Chapter V.

9. Data Sharing — We Do Not Sell Your Information

We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

We may disclose information only in the following circumstances:

• To service providers and data processors as described in Section 8.
• To comply with applicable law, valid legal process, or enforceable governmental requests.
• To protect the rights, property, or safety of IPnite, our users, or others.
• In connection with a merger, acquisition, or sale of substantially all of our assets, subject to appropriate confidentiality obligations.
• With your consent for any purpose not described in this Policy.

10. Data Retention

We retain information for the following periods:

• Account data: for the duration of your account and up to 7 years after closure, as required by legal and tax obligations.
• Invention materials and patent content: subject to workflow-specific retention periods, including the 72-hour countdown. After deletion, materials may be irretrievable.
• Payment records: as required by applicable law, typically 7 years.
• Usage and analytics data: up to 24 months in aggregate, anonymized form.
• Support and communications: up to 3 years after the last interaction.

When retention periods expire, we delete or anonymize data using commercially reasonable methods.

11. Security

We implement technical and organizational measures designed to protect your information, including encryption in transit (TLS), encryption at rest for sensitive content including invention materials, access controls, authentication requirements, audit logging, and incident detection and response procedures.

No method of electronic transmission or storage is 100% secure. While we use commercially reasonable safeguards, we cannot guarantee absolute security. If you believe your information has been compromised, contact us at info@ipnite.com.

12. International Data Transfers

IPnite is operated from the United States. If you are located in the EEA, United Kingdom, Brazil, or another jurisdiction with data protection laws, your information may be transferred to and processed in the United States or other countries.

For EEA/UK residents: such transfers are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission or other GDPR-approved mechanisms.

For Brazil residents: such transfers are governed by mechanisms compliant with LGPD Chapter V, including contractual clauses and specific consent where required.

13. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: request that we correct inaccurate or incomplete information.
• Deletion: request deletion of your personal information, subject to legal retention obligations.
• Portability: request your information in a structured, machine-readable format.
• Objection: object to certain processing activities.
• Restriction: request that we limit how we process your information.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any right, contact us at info@ipnite.com with the subject "Privacy Rights Request." We will verify your identity before processing requests. We aim to respond within 30 days, or as required by applicable law. We will not discriminate against you for exercising privacy rights.

14. California Residents — CCPA/CPRA

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Categories of personal information we collect: Identifiers (name, email, account ID, IP address); commercial information (credit purchase history, transactions); internet or network activity (usage logs, session data); professional information (if voluntarily provided); and inferences derived from the above.

Sensitive personal information: Invention disclosures and patent materials are treated as sensitive content. We use this information only to provide the Services and do not use it to infer characteristics about you beyond what is necessary for service delivery.

Your CCPA/CPRA rights:

• Right to know categories and specific pieces of personal information collected about you.
• Right to delete personal information we have collected, subject to exceptions.
• Right to correct inaccurate personal information.
• Right to opt-out of sale or sharing for cross-context behavioral advertising — we do not sell or share personal information for these purposes.
• Right to limit use of sensitive personal information to what is necessary to provide the Services.
• Right to non-discrimination for exercising any of the above rights.

To submit a California Privacy Request: email info@ipnite.com with the subject "California Privacy Request." We respond within 45 days, with a possible 45-day extension when reasonably necessary. Authorized agents may submit requests with written authorization from the California resident.

15. EEA and UK Residents — GDPR

If you are in the European Economic Area (EEA) or United Kingdom, in addition to the rights in Section 13, you have the right to:

• Object to processing based on our legitimate interests.
• Lodge a complaint with your national data protection supervisory authority. EU residents may find their national authority at edpb.europa.eu. UK residents may contact the ICO at ico.org.uk.
• Not be subject to solely automated decision-making with legal or similarly significant effects, unless you have given explicit consent or it is necessary for a contract.

We do not engage in profiling that produces legal or similarly significant effects based solely on automated processing of your personal data.

16. Brazil Residents — LGPD

If you are located in Brazil, you have rights under Lei Geral de Proteção de Dados (LGPD), including:

• Confirmation and access to your personal data.
• Correction of incomplete, inaccurate, or outdated data.
• Anonymization, blocking, or deletion of unnecessary or excessive data.
• Portability of your data in an interoperable format.
• Deletion of personal data processed with consent, upon request.
• Information about public and private entities with which we have shared your data.
• Revocation of consent at any time for consent-based processing.
• Right to object to processing that does not comply with LGPD.

Our Data Protection Officer (Encarregado) for LGPD purposes is reachable at info@ipnite.com.

Legal bases we rely on under LGPD: contract performance (Art. 7, II), legal obligation (Art. 7, II), consent (Art. 7, I), and legitimate interests (Art. 7, IX) balanced against data subject rights.

You may also lodge a complaint with Brazil's Autoridade Nacional de Proteção de Dados (ANPD) at www.gov.br/anpd.

17. Children's Privacy

The Services are not directed to children under 16 years of age (or under 13 under applicable US federal law). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child under the applicable age threshold, we will delete it promptly. If you believe we have collected information from a child, contact us at info@ipnite.com.

18. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post an updated policy on our website and, where appropriate, send a notice to your registered email address. The "Last updated" date at the top of this page will reflect the date of the most recent revision. Continued use of the Services after the effective date of changes constitutes acceptance of the updated Policy.

19. Contact Us

For privacy questions, to exercise your rights, or to reach our privacy team, contact us at info@ipnite.com with the subject line "Privacy Request." We aim to respond within 30 days.

For GDPR purposes, we serve as the data controller and our EU/UK privacy contact is reachable at info@ipnite.com.

For LGPD purposes, our Data Protection Officer (Encarregado) is reachable at info@ipnite.com.