IP SIGNALS
by Reinvent IP
Privacy Policy
Version 3.0 | Effective: May 7, 2026
Reinvent IP Labs Limited | ipsignals.ai | support@reinventdao.io
1. Overview
This Privacy Policy explains how IP Signals by Reinvent IP (“IP Signals,” “we,” “us”), a Hong Kong SAR company, collects, uses, stores, and protects your information when you use our platform, API, website (ipsignals.ai), and related services (the “Service”). Read alongside our Terms of Service.
By using the Service, you consent to the practices described in this Policy.
2. What We Collect
2.1 Information You Provide
- Account: name, email, company name, company type. No credit card required for Free accounts.
- Payment: credit card details collected only when upgrading to Pro or Business, processed by Stripe (PCI-compliant). We do not store card numbers.
- Domains: website URLs you register for scanning.
- Team: names and emails of invited team members.
2.2 Information Our Agents Collect
When you initiate a scan, our autonomous agents collect from your public website: visual assets, page metadata, text content, asset metadata, and public business relationship signals. Agents do not access password-protected content, private systems, or email. They do not install cookies on your site.
2.3 Automatically Collected
- Usage data: features used, scans initiated, pages visited, session duration.
- Device data: device type, OS, browser, screen resolution, language.
- Log data: IP addresses, timestamps, API request metadata, error logs.
- Cookies: essential and analytics cookies (see Section 10).
2.4 Third-Party Authentication
If you sign in with Google OAuth, we receive your email address and basic profile information from Google. We do not receive or store your Google password.
3. How We Use Your Information
- Service delivery: scans, AI classification, risk scoring, report generation, billing, notifications.
- Autonomous monitoring: scheduled scans and alerts for paid subscribers.
- 3-day onboarding: during the onboarding window, we store your full scan data (including data beyond Free-tier visibility) to enable instant access if you upgrade. This data is deleted per Section 6 if you do not upgrade.
- Improvement: anonymized usage patterns only. We do not use your assets or scan results for model training.
- Security and communication: fraud prevention, transactional emails (receipts, scan alerts, account updates). Marketing emails only with your opt-in consent.
3.1 What We Do NOT Do
- Never sell your personal information to third parties.
- No advertising or behavioural profiling.
- No AI model training on your assets without explicit opt-in consent.
- No sharing of your scanned assets or results with other users, advertisers, or data brokers.
4. Content Processing — How Your Scans Work
When you initiate a scan, your content is processed through our five-agent pipeline. The table below describes each step, what data is involved, and how long it is retained.
| Agent Step | What Happens | Third-Party Involved | Data Retention |
|---|---|---|---|
| Step 1 — Crawler | Extracts images, metadata, text from public pages. Temporary memory only. | None | < 1 hour |
| Step 2 — Classifier | Images sent to AI vision model for risk classification. | AI vision model (SOC 2) | Not retained by provider |
| Step 3 — Matcher | Flagged assets sent to reverse image search. | Reverse image search API | Not retained by provider |
| Step 4 — Compliance | Page metadata sent to AI text model for compliance check. | AI text model (SOC 2) | Not retained by provider |
| Step 5 — Scorer | Deterministic scoring algorithm. No third-party. | None | Results stored in account |
| Step 6 — Storage | Risk score, detection summary, thumbnail references stored in your account. | Supabase (GCP) | Per tier retention schedule |
4.1 Video and Animated Content
For animated images and video files, individual frames are extracted and duplicate frames are removed to optimise processing efficiency. Extracted frames are transmitted to our AI vision model for analysis and are deleted immediately after analysis is complete. Your original uploaded file and all extracted frames are deleted within one (1) hour of processing completion.
4.2 What Is Retained
Following scan completion, only the following are retained in your account:
- Risk score and detection summary (aggregated results).
- Small reference thumbnails of flagged frames or assets.
- Compliance analysis output.
Raw crawled content, uploaded files, and extracted frames are not retained beyond 1 hour of scan completion.
5. Third-Party Processing
IP Signals uses the following third-party services. All processors are bound by Data Processing Agreements (DPAs) and are required to handle your data in compliance with GDPR, CCPA, and applicable data protection law.
| Service | Purpose | Data Sent | Retention |
|---|---|---|---|
| AI vision model | Asset classification | Image files | Not retained |
| Reverse image search API | Copyright matching | Flagged images | Not retained |
| Search API | Brand / trademark detection | Domain queries | Per provider policy |
| Stripe | Payment processing | Card + billing details | Per Stripe policy |
| Resend | Transactional email | Email + scan summary | Per Resend policy |
| Google OAuth | Authentication (optional) | Email, profile | Per Google policy |
| Supabase / GCP | Database and infrastructure | All account data | Per retention schedule |
AI analysis providers (AI vision model, reverse image search) are selected for SOC 2 Type II certification. They:
- Process your content solely to return analysis results to IP Signals.
- Do not retain your content after processing is complete.
- Do not use your content to train or improve their systems.
6. Data Retention
| Data Type | Free | Pro | Business | Notes |
|---|---|---|---|---|
| Uploaded / crawled assets (raw) | 1 hour | 1 hour | 1 hour | Auto-deleted post-scan |
| Extracted video frames | Immediate | Immediate | Immediate | Deleted after analysis |
| Scan results & flagged assets | 7 days | 30 days | 30 days | |
| Risk scores & score history | 7 days | Active account | Active account | |
| Client detection data | 7 days | 30 days | 30 days | |
| Team member data | — | Active + 7d | Active + 30d | |
| Account information | Until closure | Until closure | Until closure | Deleted within 30 days |
| Billing records | — | 7 years | 7 years | Legal requirement |
| Anonymized analytics | Indefinite | Indefinite | Indefinite | Non-identifiable |
6.1 3-Day Onboarding Data
During the 3-day onboarding window, your full scan data (including flagged assets and client names beyond Free-tier visibility) is stored but access-gated. If you upgrade within 7 days of signup, this data is preserved under the paid tier's 30-day retention. If you do not upgrade, this data is permanently deleted 7 days after signup. The dashboard countdown serves as notice.
6.2 Rolled-Over Scan Unit Metadata
We retain metadata about your scan unit balance (current balance, expiry dates, and — for paid tiers only — rollover balance) for the duration of your active account. Free tier units do not roll over and carry no rollover balance metadata. This data is deleted within 30 days of account closure.
6.3 On Cancellation
When you cancel a paid subscription: scanning stops immediately, your dashboard reverts to Free-tier view, and your scan data is retained for 30 days from the cancellation date. We send reminders at 7 days and 3 days before deletion. After 30 days, permanent deletion occurs unless you re-subscribe.
6.4 Deletion on Request
You may request deletion of your data at any time via account settings or by emailing support@reinventdao.io. Active systems are purged within 48 hours. Encrypted backups are cleared within 14 additional days. Billing records are retained for 7 years as required by law.
6.5 Account Deletion
When you close your account, all associated data is permanently deleted within 30 days, except billing records retained as required by law and anonymized analytics that cannot identify you.
7. Team Seats
When you invite team members, we collect their name and email address. Team members have the same data rights as the account owner under this Policy. Removal of a team member revokes their access immediately. The account owner is responsible for ensuring team members are aware of and comply with this Privacy Policy.
8. Payment Data
Credit card details are stored and processed by Stripe. We receive only the last 4 digits, card brand, and expiry date. We never store full card numbers on our servers. To delete your payment method, contact Stripe directly or email support@reinventdao.io.
9. Security
- Encryption: TLS 1.3 in transit, AES-256 at rest.
- Infrastructure: Google Cloud Platform (Cloud Run), Supabase with row-level security.
- Access controls: role-based access; only authorized personnel access your data.
- Incident response: documented plan with user notification within 72 hours of a confirmed breach affecting your data.
No system is 100% secure. We cannot guarantee absolute security but take every reasonable measure to protect your information.
10. AI and Automated Processing
10.1 How Automated Processing Works
When you upload an asset or initiate a scan, our AI models analyse it against public sources using image recognition, visual similarity, text matching, and pattern classification. This produces risk indicators and an aggregated score — not a legal determination of infringement.
10.2 GDPR Article 22 — Automated Processing Disclosure
IP Signals uses automated processing to analyse uploaded content and generate IP risk scores. This automated processing does not produce decisions with legal effect concerning you. Risk scores are informational only and require your independent judgment and, where appropriate, professional legal advice before any action is taken.
You have the right to request information about the logic involved in our automated processing. Contact support@reinventdao.io for details.
10.3 Autonomous Agent Monitoring
Paid subscribers may enable scheduled autonomous scanning. Agents operate without per-scan user approval on your nominated schedule. Scores are algorithmic and deterministic. Client detection is experimental and may include inaccurate associations. You may disable autonomous scanning at any time from your dashboard.
10.4 No Model Training on Your Assets
We do not use your uploaded assets, scan results, or personal data to train AI models without your explicit opt-in consent. Anonymized and aggregated usage patterns may be used to improve service performance.
11. Cookies
- Essential: Required for authentication, sessions, and security. Cannot be disabled.
- Analytics: Help us understand usage patterns. Placed only with your consent where required by law.
- Preferences: Remember your settings (language, display preferences).
We do not use advertising or tracking cookies. Manage preferences via your browser settings or our cookie banner.
12. Your Rights
Depending on your location, you may have the right to:
- Access: request a copy of the data we hold about you.
- Correct: request correction of inaccurate data.
- Delete: request deletion of your data (see Section 6.4).
- Port: receive your data in a machine-readable format (CSV/JSON).
- Object: object to certain processing, including direct marketing.
- Restrict: request limited processing under certain conditions.
- Withdraw consent: withdraw consent at any time (without affecting prior lawful processing).
- Automated processing: request information about the logic of automated processing (see Section 10.2).
Contact support@reinventdao.io to exercise any of these rights. We respond within 30 days.
13. Regional Compliance
13.1 GDPR (EU/EEA/UK/Switzerland)
We process personal data on the bases of: contract performance (delivering the Service), legitimate interest (operating and improving the Service), consent (marketing and optional cookies), and legal obligation (billing record retention). Pursuant to GDPR Articles 13 and 22, our automated processing disclosures are in Section 10. You have the right to lodge a complaint with your local supervisory authority.
13.2 CCPA (California)
California residents have the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal information. We will not discriminate against you for exercising your CCPA rights.
13.3 Hong Kong PDPO
We comply with the Personal Data (Privacy) Ordinance (Cap. 486), including the six Data Protection Principles: lawful collection, limited use, data accuracy, adequate security, transparent practices, and right of access and correction.
13.4 International Transfers
Your data may be transferred to and stored in jurisdictions outside your country (including the United States via GCP). We implement Standard Contractual Clauses (SCCs) and encryption to safeguard international transfers.
14. Children
The Service is not for anyone under 18. We do not knowingly collect data from minors. If we learn we have collected data from a minor, we will delete it promptly. Contact support@reinventdao.io if you believe a minor has provided us data.
15. Changes to This Policy
We may update this Policy from time to time. We will give at least 15 days' notice of material changes by email and/or website notification. Continued use after the effective date means you accept the updated Policy.
16. Contact
Reinvent IP Labs Limited
- Privacy enquiries: support@reinventdao.io
- Support: support@reinventdao.io
- Website: https://ipsignals.ai
— End of Privacy Policy v3.0 —