Privacy Policy

Effective June 7, 2026. Version 1.

This Privacy Policy explains how Patentable, operated by Interactive Technology, LLC, collects and uses information when you use the Service.

1. What we collect

Account data. When you sign up we collect your email and (if you sign in with OAuth) your name and profile photo. We store an OAuth identity token to keep you signed in.

Source code we scan. When you connect a repository, we do not keep your raw code. The scanner fetches your files in memory, strips secrets before any AI call (more on that in section 3), runs the analysis, and then discards the raw code from memory. What we keep is the derived analysis: invention titles, plain-English descriptions, novelty and patentability scores, and a reference to where each finding came from (repository, file path, and commit SHA). We do not store the source files themselves.

One opt-in exception: if you explicitly flag an invention to be "retained as IP" (for example, a feature you've since deleted but still want to patent), we snapshot that specific chunk of code as filing evidence. That only happens when you choose it. It's never automatic.

Documents and invention descriptions you submit. When you type or upload a document or an invention description directly, we store it so you can return to it and keep working. You can delete it at any time from your dashboard.

Usage data. We log requests, errors, and feature usage so we can operate and improve the Service. This includes IP address, browser, timestamps, and which pages or features you used.

Cookies. We use a session cookie to keep you signed in and a minimal set of preference cookies (e.g. dark mode). We do not use third-party advertising cookies.

2. What we do with it

We use your data to:

  • Provide the Service (run analysis, store your work, return results).
  • Maintain the Service (debug errors, prevent abuse, scale infrastructure).
  • Communicate with you (transactional emails, alerts you opt into, important Service notices).
  • Improve the Service (aggregate trends, latency, error patterns).

We do not sell your data to advertisers or data brokers.

3. AI processing

Before any content leaves our servers for AI analysis, we scrub secrets. The scanner redacts API keys, access tokens, private keys, database connection strings, JWTs, and cloud provider keys, and it skips files like .env, .pem, .key, and credentials files entirely. Only the scrubbed text is sent onward.

To translate patent claims and analyze your submissions, we send that scrubbed content to Google's Gemini API. Gemini is governed by Google's terms, and we use settings that prohibit Google from training models on the content we submit.

Embeddings and search run entirely on our own infrastructure. We use our own PatentSBERTa model on Hetzner to generate embeddings and run similarity search. That work never leaves our servers and is never sent to a third-party AI provider.

4. Where we store data

  • Production database: Hetzner (Germany / Falkenstein).
  • Application hosting: Vercel (USA, Europe, distributed).
  • Email delivery: Resend (USA).

If you are in the European Economic Area, the United Kingdom, or Switzerland, data transferred to non-EEA countries (the USA) is protected under standard contractual clauses or applicable derogations.

5. Subprocessors

We rely on a small set of vendors to run the Service. Each processes some data on our behalf and is bound by its own data-protection terms.

SubprocessorWhat it isWhereWhat data it handles
HetznerOur Postgres database, embedding and search servers, and the servers that run code scansGermany (Falkenstein)Account data, derived invention analysis, your queries, and the in-memory code scan itself
VercelApplication hostingUSA and Europe (distributed)Requests to the app, including account data and submitted content in transit
ResendTransactional email deliveryUSAYour email address and the contents of Service emails we send you
Google Gemini APIAI analysis and patent claim translationUSAScrubbed text only, with secrets already removed. Configured so Google does not train models on it

We use our own PatentSBERTa model on Hetzner for embeddings and search, so that work stays on our infrastructure and is not handled by any third party.

If we add or change a subprocessor in a way that materially affects how your data is handled, we will update this list and note the change in our changelog.

6. How long we keep it

  • Account data: while your account exists, plus up to 30 days after deletion for backups to expire.
  • Content you submit: until you delete it, or your account is deleted.
  • Usage logs: typically 90 days.
  • Audit records (security events, legal acceptance records): retained for compliance.

You can request export or deletion of your data at any time by emailing patentable@thedevelopers.dev.

7. Your rights

Depending on your jurisdiction you may have rights to:

  • Access the data we hold about you.
  • Correct or update inaccurate data.
  • Delete your data.
  • Object to certain processing or request portability.
  • Lodge a complaint with your local data-protection authority.

To exercise these rights, email patentable@thedevelopers.dev.

8. Security

We protect data with industry-standard practices: TLS in transit, encryption at rest, network firewalls (production database is not exposed to the public internet), and access controls. No system is perfectly secure, but we treat security as a first-class concern.

9. Children

Patentable is not intended for users under 16. If you believe we have collected data from a child under 16, contact us and we will delete it.

10. Changes to this Policy

We may update this Policy. When we do, we will bump the version and prompt you to re-accept on your next login. Material changes will be summarized in a changelog.

11. Contact

Privacy questions: patentable@thedevelopers.dev. Data Protection Officer: same.


(c) Interactive Technology, LLC. All rights reserved.

Version 1, published June 7, 2026 at 12:34 AM