IP SIGNALS by Reinvent IP

1. Overview

This Privacy Policy explains how IP Signals by Reinvent IP ("IP Signals," "we," "us"), a Hong Kong SAR company, collects, uses, stores, and protects your information when you use our platform, API, website (ipsignals.ai), and related services (the "Service"). By using the Service, you consent to the practices described here. This Policy should be read alongside our Terms of Service.

2. What We Collect

2.1 Information You Provide

• Account details: Name, email, organization, billing address.
• Uploaded assets: Images, logos, designs, and creative works you submit for scanning.
• Communications: Messages to our support team, feedback, and survey responses.
• Payment information: Processed by our PCI-compliant payment provider (e.g., Stripe). We do not store card numbers on our servers.

2.2 Information Collected Automatically

• Usage data: Features used, scans submitted, pages visited, session duration.
• Device data: Device type, OS, browser, screen resolution, language.
• Log data: IP addresses, timestamps, API request metadata, error logs.
• Cookies: Essential and analytics cookies. See Section 10.

2.3 Third-Party Sources

We may receive transaction confirmations from payment processors, profile data from authentication providers (Google, GitHub) when you choose to sign in with them, and aggregated analytics from our analytics tools.

3. How We Use Your Information

• Service delivery: Processing scans, generating results, managing your account and billing, sending alerts and notifications.
• Improvement: Analyzing usage to fix issues and build better features, using anonymized and aggregated data only.

3.1 What We Do NOT Do

4. How We Process Your Content

When you upload content to IP Signals for IP risk analysis, we process it as follows:

1. Your uploaded file is temporarily stored on our encrypted servers.
2. For animated images and video files, individual frames are extracted and duplicate frames are removed to optimise processing efficiency.
3. The unique frames from your content are transmitted to third-party automated analysis services for intellectual property risk assessment. These services analyse visual elements of your content and return structured detection results.
4. We aggregate the detection results into a risk score and analysis report, which is stored in your account for your reference.
5. Your original uploaded file and extracted frames are automatically deleted within one (1) hour of processing completion. Only the risk score, detection summary, and small reference thumbnails of flagged frames are retained.

5. Third-Party Processing

IP Signals uses third-party automated analysis services to process visual content as part of our IP risk assessment workflow. These services:

• Process your content solely to return analysis results to IP Signals;
• Do not retain your content after processing is complete;
• Do not use your content to train or improve their systems;
• Are bound by Data Processing Agreements that require them to handle your content in compliance with applicable data protection laws.

We select processing partners that maintain SOC 2 Type II certification and comply with GDPR and CCPA requirements.

6. Data Retention — Tiered Schedule

We retain different types of data for different periods, applying the minimum retention necessary for each data type:

6.1 Immediate Deletion on Request

You may request deletion of your data at any time via account settings or by emailing privacy@reinventdao.io. We will permanently delete your assets and scan data from active systems within 48 hours. Encrypted backups are purged within 14 additional days. Data required by law is retained for the minimum legal period.

6.2 Account Deletion

When you close your account, all associated data is permanently deleted within 30 days, except billing records retained as required by law and anonymized analytics that cannot identify you.

7. Data Privacy

• Service providers: Cloud hosting, payment processing, analytics, and email delivery. All are bound by data processing agreements.
• Legal requirements: We may disclose data if required by law, regulation, or court order, or to protect the rights, safety, or property of IP Signals, our users, or the public.
• Business transfers: In a merger, acquisition, or asset sale, your data may transfer. We will notify you of any change in ownership.

We never sell your data. We never share your assets or scan results with other users, advertisers, or data brokers.

8. Security

We use industry-standard measures to protect your data:

• Encryption: TLS 1.2+ in transit, AES-256 at rest.
• Access controls: Role-based access; only authorized personnel can access your data.
• Infrastructure: Network firewalls, intrusion detection, DDoS protection, vulnerability scanning.
• Incident response: Documented plan with notification within 72 hours of a confirmed breach affecting your data.

No system is 100% secure. We cannot guarantee absolute security but we take every reasonable step to protect your information.

9. AI and Automated Processing

When you upload an asset, our AI models analyse it against public sources using image recognition, visual similarity, text matching, and pattern classification. This produces references and indications of potential IP infringement — not definitive legal determinations.

9.1 Automated Processing Disclosure (GDPR Art. 22)

IP Signals uses automated processing to analyse uploaded content and generate IP risk scores. This automated processing does not produce decisions with legal effect concerning you. Risk scores are informational only and require your independent judgement and, where appropriate, professional legal advice before any action is taken.

You have the right to request information about the logic involved in our automated processing. Contact privacy@reinventdao.io for details.

9.2 No Training on Your Assets

We do not use your assets for model training without explicit opt-in consent. Anonymized usage patterns may be used to improve service performance.

10. Cookies

• Essential: Required for authentication, sessions, and security. Cannot be disabled.
• Analytics: Help us understand usage patterns. Placed only with consent where required by law.
• Preferences: Remember your settings (language, display).

We do not use advertising or tracking cookies. Manage preferences via your browser settings or our cookie banner.

11. Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of the data we hold about you.
• Correct: Request correction of inaccurate data.
• Delete: Request deletion of your data (see Section 6.1).
• Port: Receive your data in a machine-readable format (CSV/JSON).
• Object: Object to certain processing, including direct marketing.
• Restrict: Request limited processing under certain conditions.
• Withdraw consent: Withdraw consent at any time (without affecting prior lawful processing).

Contact privacy@reinventdao.io to exercise any of these rights. We respond within 30 days.

12. Regional Compliance

12.1 GDPR (EU/EEA/UK/Switzerland)

We process personal data on the bases of: contract performance (delivering the Service), legitimate interest (operating and improving the Service), consent (marketing), and legal obligation (compliance). Pursuant to GDPR Article 13, we disclose our use of automated processing for IP risk analysis in Section 9. You have the right to lodge a complaint with your local supervisory authority.

12.2 CCPA (California)

California residents have the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal information. We will not discriminate against you for exercising your rights.

12.3 Hong Kong PDPO

We comply with the Personal Data (Privacy) Ordinance (Cap. 486), including the six Data Protection Principles: lawful collection, limited use, data accuracy, adequate security, transparent practices, and right of access and correction.

12.4 International Transfers

Your data may be transferred to and stored in jurisdictions outside your country. We implement Standard Contractual Clauses and encryption to safeguard international transfers.

13. Children

The Service is not for anyone under 18. We do not knowingly collect data from minors. If we learn we have, we will delete it promptly. Contact support@reinventdao.io if you believe a minor has provided us data.

14. Changes to This Policy

We may update this Policy from time to time. We will give at least 15 days' notice of material changes by email and/or website notification. Continued use after the effective date means you accept the updated Policy.

15. Contact