Patent Scout Privacy Policy

Account Registration Information:

• Email address;
• Full name and/or organization/company name;
• Password (stored securely via Auth0).

Subscription and Payment Information:

• Billing address;
• Payment method details (processed and stored by Stripe; We do not store complete credit card numbers);
• Purchase history and transaction records.

User-Generated Content:

• Saved search queries and filters;
• Custom alert configurations;
• CPC classification preferences;
• Semantic search descriptions;
• Notes or annotations (if feature is enabled);
• Feedback or support communications.

Communications:

• Messages sent to support@phaethon.llc;
• Survey responses or feedback submissions;
• Any other correspondence with Us.

Usage Data:

• Search queries (keywords, semantic descriptions, etc.);
• Patents and publications viewed and interactions;
• Features used (search, trends, whitespace analysis, exports, etc.);
• Alert configuration and triggering events;
• Time spent on platform and session duration;
• Navigation paths and click patterns.

Technical Data:

• IP address;
• Browser type and version;
• Device type and operating system;
• Referring/exit pages and URLs;
• Date and time stamps;
• Cookies and similar tracking technologies (see Section 8).

Authentication Data:

• Login timestamps;
• Authentication method (e.g., email/password);
• Session tokens (stored temporarily);
• Failed login attempts.

Auth0 Authentication:

• Authentication tokens and security credentials

Payment Processors (Stripe):

• Payment success/failure status;
• Billing disputes or chargebacks;
• Fraud detection signals.

Public Patent Databases:

We access and process patent data from Google Patents (BigQuery), USPTO, Espacenet, and other public sources. This data is not "personal information" as it relates to published patent and publication documents, not individual users.

We do not collect sensitive personal information such as:

• Social Security numbers;
• Financial account numbers (beyond payment processing);
• Health or medical information;
• Biometric data;
• Precise geolocation (we may derive approximate location from IP address);
• Children's personal information (see Section 11).

• Create and manage your user account;
• Authenticate your identity and authorize access;
• Process searches and generate results;
• Deliver trend analysis and whitespace identification;
• Send automated patent alerts based on your configurations;
• Generate and deliver export files (CSV, PDF);
• Provide customer support and respond to inquiries;
• Store and maintain your preferences and settings.

• Process subscription payments and manage billing;
• Detect and prevent payment fraud;
• Send billing statements and payment confirmations;
• Manage subscription renewals and cancellations;
• Calculate and charge applicable taxes.

• Send transactional emails (account creation, password resets, alert notifications, etc.);
• Provide customer support responses;
• Send service announcements and updates;
• Notify you of changes to Terms of Service or Privacy Policy;
• Respond to your inquiries and requests.

• Analyze usage patterns and feature adoption;
• Identify bugs, errors, and performance issues;
• Test new features and conduct A/B testing;
• Develop machine learning models for semantic search improvements;
• Optimize search algorithms and relevance ranking;
• Improve user interface, user experience, and overall design.

• Detect and prevent unauthorized access;
• Monitor for suspicious activity and abuse;
• Investigate security incidents;
• Enforce Our Terms of Service;
• Comply with legal obligations and protect legal rights.

• Send promotional emails about new features or offerings (you may opt out);
• Conduct user surveys and research;
• Generate aggregated analytics reports (anonymized);
• Understand demographic trends and user preferences.

We do NOT sell your personal information to third parties without prior authorization from you.

We engage trusted third-party service providers to perform functions on Our behalf:

Infrastructure and Hosting:

• Vercel (web hosting and deployment): https://vercel.com/legal/privacy-policy
• Neon.tech (PostgreSQL database hosting): https://neon.tech/privacy-policy

Authentication:

• Auth0 (identity and access management): https://auth0.com/privacy

Payment Processing:

• Stripe (payment gateway and billing): https://stripe.com/privacy

Email Delivery:

• Mailgun (transactional email and alert delivery): https://www.mailgun.com/legal/privacy-policy/

AI and Machine Learning:

• AI embeddings generation (text embeddings for semantic search): https://openai.com/privacy/

Note: We send patent titles, abstracts, and claims text to a third-party API for embedding generation. No personal user data is sent to the API.

Analytics and Monitoring:

• Google Analytics (analytics and performance monitoring): https://policies.google.com/

These providers have access to your information only to perform tasks on Our behalf and are obligated to protect it and not use it for other purposes.

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal process (e.g., subpoena, court order, government request, etc.);
• Enforce Our Terms of Service or other agreements;
• Protect the rights, property, or safety of Phaethon Order LLC, Our users, or the public;
• Detect, prevent, or address fraud, security, or technical issues;
• Respond to claims of intellectual property infringement.

If We are involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on Our website before your information becomes subject to a different privacy policy.

We may share information with third parties when you explicitly consent or direct us to do so.

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. For example:

• "Patent Scout users searched for X CPC classification Y times this month";
• Aggregated trend reports for industry research.

Technical Safeguards:

• Encryption in transit (TLS/SSL) for all data transmission;
• Encryption at rest for database storage (pgvector in Neon.tech);
• Secure password hashing (via Auth0);
• Regular security patches and updates;
• Access controls and authentication requirements.

Administrative Safeguards:

• Limited employee access to personal data (need-to-know basis);
• Confidentiality agreements with employees and contractors;
• Security training for personnel;
• Incident response procedures.

Physical Safeguards:

• Secure data centers with restricted physical access (provided by hosting partners);
• Environmental controls and redundancy systems.

Our service providers (Auth0, Stripe, Vercel, Neon.tech, etc.) maintain industry-standard security certifications such as SOC 2, ISO 27001, and PCI DSS (for payment processing).

No system is completely secure.

While We strive to protect your personal information, We cannot guarantee absolute security. You are responsible for:

• Maintaining the confidentiality of your password;
• Using a strong, unique password;
• Logging out after using shared devices;
• Notifying us immediately of any suspected unauthorized access.

In the event of a data breach that affects your personal information, We will notify you and relevant authorities as required by applicable law.

The United States and other countries may not have the same data protection laws as your jurisdiction. We take steps to ensure adequate protection of your information when transferred internationally:

For EEA/UK/Swiss Users:

• We rely on Standard Contractual Clauses (SCCs) approved by the European Commission when transferring data to countries without adequacy decisions;
• Our service providers (e.g., Auth0 and Stripe) have implemented appropriate safeguards for international transfers;
• You have the right to request information about the safeguards We use (see Section 9).

For All International Users:

• By using the Service, you consent to the transfer of your information to the United States and other countries as necessary to provide the Service.

Cookies are small text files stored on your device by your web browser. They allow us to recognize your browser and capture certain information.

Essential Cookies (Strictly Necessary):

• Authentication and session management;
• Security and fraud prevention;
• Load balancing and performance;
• These cannot be disabled without affecting functionality.

Analytics Cookies (Performance):

• Usage statistics and traffic analysis;
• Feature adoption and user behavior tracking;
• Error monitoring and debugging;
• Google Analytics.

Preference Cookies (Functionality):

• Remember your settings and choices;
• Language preferences;
• Display preferences;
• Other preferences and/or settings.

Marketing Cookies (Targeting/Advertising):

• Deliver targeted advertising;
• Measure campaign effectiveness;
• We currently do NOT use marketing cookies. However, We reserve the right to implement marketing cookies without prior notification.

Some cookies are placed by third-party services:

• Auth0: Authentication and security;
• Stripe: Payment processing and fraud detection;
• Google Analytics: Usage tracking and analytics.

Browser Controls: Most browsers allow you to:

• View and delete cookies;
• Block third-party cookies;
• Receive warnings before cookies are stored;
• Disable cookies entirely (may impact functionality).

Opt-Out Tools:

• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout/
• Industry opt-out tools: http://optout.aboutads.info/ or http://www.youronlinechoices.eu/

Some browsers support "Do Not Track" (DNT) signals. We currently do not respond to DNT signals, as there is no industry standard for handling them. We will update this policy if standards are established.

• Access: Request a copy of the personal information We hold about you;
• Correction: Request correction of inaccurate or incomplete information;
• Deletion: Request deletion of your personal information (subject to legal retention requirements);
• Portability: Request a copy of your data in a structured, machine-readable format;
• Opt-Out of Marketing: Unsubscribe from promotional emails (transactional emails cannot be opted out);
• Account Closure: Close your account at any time through account settings or by contacting support.

• Right to Object: Object to processing based on legitimate interests;
• Right to Restrict Processing: Request limitation of processing under certain circumstances;
• Right to Withdraw Consent: Withdraw consent for processing based on consent (does not affect prior processing);
• Right to Lodge a Complaint: File a complaint with your local data protection authority (see Section 9.7);
• Right to Information about Safeguards: Request information about safeguards for international data transfers.

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of:

• Categories of personal information collected;
• Categories of sources;
• Business purposes for collection;
• Categories of third parties with whom information is shared;
• Specific pieces of information collected.

• Right to Delete: Request deletion of personal information (subject to exceptions);
• Right to Opt-Out of Sale/Sharing: We do NOT sell personal information, but if practices change, you can opt out;
• Right to Correct: Request correction of inaccurate information;
• Right to Limit Use of Sensitive Personal Information: We do not process sensitive personal information beyond what is necessary for the Service;
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights;
• Authorized Agents: You may designate an authorized agent to make requests on your behalf.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA): Similar rights to CCPA (access, correction, deletion, opt-out of targeted advertising and sale);

Other States: We extend similar rights to residents of all U.S. states where applicable.

To exercise any of these rights, please:

• Email: support@phaethon.llc with "Privacy Request" in the subject line;
• Account Settings: Some rights can be exercised directly through your account dashboard (e.g., update information, download data, delete account, etc.);
• Required Information: To verify your identity, We may request:
  • Email address associated with your account;
  • Account details or recent transaction information;
  • Government-issued ID (in limited circumstances for sensitive requests).

We will respond to your request within:

• 30 days (GDPR/EEA/UK);
• 45 days (CCPA/California), with possible 45-day extension if needed;
• 60 days (other U.S. state laws).

We will notify you if We need additional time or information.

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority:

• EEA: Find your authority at https://edpb.europa.eu/about-edpb/board/members_en/
• UK: Information Commissioner's Office (ICO) -- https://ico.org.uk/
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC) -- https://www.edoeb.admin.ch/

Transactional Emails (Cannot Opt Out):

• Account creation and verification;
• Password resets and security alerts;
• Alert notifications (based on your saved queries);
• Subscription and billing confirmations;
• Service announcements and critical updates;
• Customer support responses.

Marketing Emails (Can Opt Out):

• Product updates and new feature announcements;
• Educational content and best practices;
• Special offers or promotions;
• User surveys and feedback requests.

• Unsubscribe Link: Click the "unsubscribe" link at the bottom of any marketing email;
• Account Settings: Manage email preferences in your account dashboard;
• Email Us: Send opt-out request to support@phaethon.llc;
• Timeframe: We will process opt-out requests within 10 business days;
• Note: Opting out of marketing does not affect transactional emails necessary for the Service.

Material Changes: We will notify you of material changes by:

• Sending email notification to your registered email address;
• Posting a prominent notice on Our website;
• Displaying an in-app notification upon your next login.

Effective Date: The "Last Updated" date at the top of this policy will be revised. Changes take effect on the date posted unless otherwise stated.

Continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy. If you do not agree to changes, you must discontinue use and may request account deletion.

We maintain an archive of prior policy versions. Contact us to request a previous version for reference.

Public Patent Information: Patent Scout processes publicly available patent data from government databases. This data (patent and publication titles, abstracts, claims, inventor names, assignee names) is not "personal information" under most privacy laws, as it relates to published patent documents.

Your Search Data: Your search queries, saved alerts, and usage patterns ARE personal information and are protected under this Privacy Policy.

We use a third-party API for embedding models to enable semantic search functionality. Patent and publication text (titles, abstracts, claims) is sent to the API to generate vector embeddings.

We do not send your personal information, account details, or identifiable search queries to the API.

We may anonymize or aggregate your information for research, analytics, or product improvement. Anonymized data cannot reasonably be used to identify you and is not subject to this Privacy Policy.

We rely on you to provide accurate information. If your information changes, please update your account settings promptly.