1. Information We Collect
Iptorian, operated by Signlo, Inc. ("we," "us," or "our"), collects the following categories of information:
- Account Information: Name, email address, organization name, and role when you create an account.
- Patent Data: Patent numbers, claims, abstracts, assignee information, and other patent-related materials you upload or that we retrieve from public patent databases on your behalf.
- Target and Detection Data: Digital properties you configure for monitoring, scan results, detection findings, evidence packages, and workflow states.
- Usage Analytics: Feature usage patterns, page views, session duration, and interaction data to improve the Service.
- Technical Data: Browser type, device information, IP address, and error logs for debugging and security purposes.
2. How We Use Your Data
We use the information we collect for the following purposes:
- Patent Analysis: Decomposing patent claims into behavioral signatures and compiling fingerprints for infringement detection.
- Evidence Assembly: Generating litigation-ready evidence packages with chain-of-custody verification and timestamp proofs.
- Detection and Scanning: Running autonomous scan agents against configured targets and computing implementation probability through Bayesian inference.
- Product Improvement: Analyzing aggregated, anonymized usage patterns to improve detection accuracy, user experience, and platform reliability.
- Security and Compliance: Maintaining audit logs, enforcing access controls, and preventing unauthorized use of the Service.
3. Data Storage and Security
Your data is hosted on Supabase infrastructure in the US East (us-east-1) region. We implement comprehensive security measures including:
- Encryption at rest and in transit (TLS 1.3)
- Row-level security (RLS) policies ensuring strict data isolation between organizations
- Role-based access control (RBAC) with granular permission management
- CSRF protection, rate limiting, and SSRF safeguards on all API endpoints
- Comprehensive audit logging of all sensitive operations
- Immutable storage for evidence artifacts with chain-of-custody verification
4. Third-Party Services
We share data with the following third-party service providers, solely to deliver the Service:
- Anthropic (Claude API): Patent claim text is sent to Anthropic's Claude API for AI-powered decomposition and analysis. Anthropic does not use your data to train their models.
- USPTO Open Data Portal: Patent numbers are used to retrieve publicly available patent information from the United States Patent and Trademark Office.
- PostHog: Anonymized usage analytics and feature flags for product improvement. No patent data or confidential information is sent to PostHog.
- Sentry: Error tracking and performance monitoring. Error reports may include technical context but do not include patent content or detection results.
5. Data Retention
We retain your data for as long as your account is active and as needed to provide the Service. Upon account termination, you may request export of your data within thirty (30) days. After this period, we will delete your data from our active systems within ninety (90) days, except where retention is required by law or necessary for legitimate business purposes (such as resolving disputes or enforcing our agreements). Audit logs may be retained for up to seven (7) years for compliance purposes.
6. Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete personal data.
- Deletion: Request deletion of your personal data, subject to legal retention requirements.
- Export: Request a machine-readable export of your data, including patents, detections, evidence packages, and account information.
To exercise any of these rights, contact us at privacy@iptorian.ai. We will respond to your request within thirty (30) days.
7. Cookies
We use minimal cookies and local storage, limited to:
- Authentication Session: Essential cookies managed by Supabase Auth to maintain your login session. These are strictly necessary and cannot be disabled.
- Analytics: PostHog analytics cookies for anonymized usage tracking. These help us understand how the Service is used and improve the product experience.
- Preferences: Local storage entries for UI preferences such as theme selection and dismissed onboarding states.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.