Cookie Policy

1. Introduction

IPRightsHub Limited ("we," "our," or "us") uses cookies and similar tracking technologies to provide, secure, and improve our intellectual property similarity scanning platform. This Cookie Policy explains what cookies are, how we use them, the types of cookies we deploy, and how you can control your cookie preferences.

This policy applies to all users accessing our website at iprightshub.com and our suite of AI-powered IP analysis tools. By continuing to use our services, you consent to our use of cookies as described in this policy, subject to applicable data protection laws including the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and ePrivacy Directive.

2. What Are Cookies and Similar Technologies?

Cookies are small text files stored on your device (computer, tablet, or mobile phone) when you visit a website. They allow the website to recognize your device and remember certain information about your visit, such as your preferences, language settings, or items in a shopping cart.

In addition to traditional cookies, we use similar technologies including:

• Local Storage: Browser-based storage mechanisms that persist data locally on your device, used for session management and application state
• Session Storage: Temporary storage cleared when your browser session ends, used for transient application data
• Web Beacons (Pixel Tags): Tiny graphics embedded in web pages or emails that track user behavior and engagement
• Server Logs: Automated collection of IP addresses, browser types, and access timestamps for security and analytics

Throughout this policy, references to "cookies" encompass all these tracking technologies unless specifically noted otherwise.

3. Types of Cookies We Use

We categorize cookies based on their purpose, lifespan, and origin. Understanding these categories helps you make informed decisions about your privacy preferences.

3.1 Strictly Necessary Cookies

These cookies are essential for our website to function and cannot be disabled in our systems. They are typically set in response to actions you take, such as initiating a scan, accessing your scan results, or processing payments.

Technologies Used:

• Session Management: Temporary identifiers that maintain your active session across multiple pages during a single visit
• Security Tokens: CSRF (Cross-Site Request Forgery) protection tokens that prevent unauthorized actions on your behalf
• Load Balancing: Technical cookies that distribute server requests efficiently to ensure platform stability
• Upstash Redis Storage: Temporary server-side storage for scan results with a strict 20-minute time-to-live (TTL) for privacy protection

Legal Basis (GDPR): Legitimate interest and contractual necessity (Article 6(1)(b) and (f) GDPR). These cookies are required to deliver the services you've requested.

3.2 Analytics and Performance Cookies

These cookies help us understand how users interact with our platform, identify technical issues, and improve service quality. All analytics data is processed in aggregate and anonymized where possible.

Technologies Used:

• PostHog Analytics: Our primary analytics platform that tracks user behavior, feature usage, and conversion funnels. PostHog stores data in the European Union with GDPR-compliant data processing agreements. We use PostHog to measure:
  • Page views and navigation patterns
  • Tool usage statistics (which scanners are most popular)
  • Session duration and bounce rates
  • Conversion tracking for PDF report purchases
  • Feature adoption and user engagement metrics
• Performance Monitoring: Real-time tracking of API response times, error rates, and system health to maintain service quality
• Heatmaps and Session Recordings: Visual representations of user interactions to identify usability issues (when enabled with explicit consent)

Legal Basis (GDPR): Legitimate interest (Article 6(1)(f) GDPR) for service improvement and optimization. You can opt out through browser settings or our cookie preference center.

Data Retention: Analytics data is retained for 24 months, after which it is automatically deleted or anonymized beyond recognition.

3.3 Advertising Cookies

These cookies are used to display relevant advertisements and measure advertising effectiveness. IPRightsHub participates in Google's advertising ecosystem to sustain our free scanning services.

Technologies Used:

• Google AdSense: Displays contextual and personalized advertisements based on your browsing behavior across the web. Google AdSense uses cookies to:
  • Determine which ads to show based on your interests
  • Measure ad impressions, clicks, and conversions
  • Prevent the same ad from continuously reappearing
  • Control ad frequency and placement
  • Build advertising profiles for targeted campaigns
• DoubleClick Cookies: Google's advertising exchange technology that serves ads across millions of websites
• Ad Measurement Partners: Third-party analytics providers that help us measure advertising performance and optimize ad placements

Legal Basis (GDPR): Consent (Article 6(1)(a) GDPR). We obtain explicit consent before deploying advertising cookies in EU/UK jurisdictions. Users can manage consent preferences at any time.

Advertising Choices: You can opt out of personalized advertising through Google's Ad Settings at adssettings.google.com or via industry opt-out platforms like the Digital Advertising Alliance ( optout.aboutads.info) or the Network Advertising Initiative ( optout.networkadvertising.org).

3.4 Payment Processing Cookies

When you purchase PDF reports or premium services, we use secure payment processing cookies to complete transactions safely.

Technologies Used:

• Stripe Payment Gateway: Industry-leading payment processor certified to PCI Service Provider Level 1 standards. Stripe uses cookies to:
  • Authenticate payment sessions and prevent fraud
  • Remember payment methods for returning customers (with consent)
  • Process 3D Secure authentication for enhanced security
  • Detect and prevent unauthorized transactions
• Fraud Detection: Machine learning algorithms that analyze transaction patterns to identify suspicious activity

Legal Basis (GDPR): Contractual necessity (Article 6(1)(b) GDPR) and compliance with legal obligations for financial record-keeping (Article 6(1)(c) GDPR).

Security Note: IPRightsHub never stores complete payment card details. All sensitive payment information is tokenized and encrypted by Stripe. We only retain transaction IDs, timestamps, and receipt data for customer support and regulatory compliance.

4. Third-Party Cookies and Data Sharing

We work with trusted third-party service providers who may set cookies when you use our platform. These partners process data on our behalf under strict contractual obligations.

4.1 Third-Party Service Providers

4.2 International Data Transfers

Some of our service providers operate globally and may process data outside the European Economic Area (EEA) or United Kingdom. We ensure all international transfers comply with GDPR requirements through:

• Standard Contractual Clauses (SCCs): EU Commission-approved contractual protections for data transfers to third countries
• EU-US Data Privacy Framework: Certification for US-based companies meeting European data protection standards (applicable to Google and Stripe)
• Data Localization: Where possible, we select providers with EU/UK data centers (e.g., PostHog EU Cloud, Upstash EU regions)
• Binding Corporate Rules: Internal policies governing data protection across multinational organizations

5. Your Cookie Choices and Controls

You have multiple options to control how cookies are used on your device. Your choices depend on your location, browser, and the type of cookies involved.

5.1 Browser-Based Controls

Most web browsers allow you to manage cookie preferences through their settings. You can:

• Block all cookies (may break website functionality)
• Block third-party cookies only (recommended for privacy-conscious users)
• Delete existing cookies stored on your device
• Set preferences for specific websites
• Receive notifications when cookies are being set

Browser-Specific Instructions:

• Google Chrome: Settings → Privacy and security → Cookies and other site data
• Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari (macOS): Preferences → Privacy → Manage Website Data
• Microsoft Edge: Settings → Cookies and site permissions → Cookies and data stored
• Safari (iOS): Settings → Safari → Block All Cookies
• Chrome (Android): Chrome → Settings → Site settings → Cookies

Important Note: Blocking strictly necessary cookies will prevent you from using our similarity scanning tools, as they are required for core functionality.

5.2 Advertising Opt-Out Options

You can opt out of personalized advertising without blocking all cookies:

• Google Ad Personalization: Visit adssettings.google.com to disable personalized ads across Google services
• Industry Opt-Out Tools: Use platforms like YourOnlineChoices.com (EU/UK) or AboutAds.info (US) to opt out of multiple advertising networks simultaneously
• Browser Privacy Extensions: Install tools like Privacy Badger, uBlock Origin, or Ghostery to automatically block tracking cookies
• Do Not Track (DNT): Enable your browser's DNT signal, though note that many websites do not honor this preference

5.3 Analytics Opt-Out

You can disable PostHog analytics tracking by:

• Using browser privacy extensions that block analytics scripts
• Enabling your browser's "Do Not Track" setting (PostHog respects this signal)
• Clearing your browser's local storage and cookies for iprightshub.com

5.4 Mobile Device Controls

If you access IPRightsHub on mobile devices, you can limit tracking through:

• iOS: Settings → Privacy → Tracking → Disable "Allow Apps to Request to Track"
• Android: Settings → Google → Ads → Opt out of Ads Personalization

6. GDPR, CCPA, and Regional Privacy Rights

Depending on your location, you may have specific rights regarding cookies and personal data collection.

6.1 European Union & United Kingdom (GDPR/UK GDPR)

If you are located in the EU or UK, you have the right to:

• Withdraw Consent: Revoke your consent for non-essential cookies at any time without affecting the lawfulness of processing based on consent before withdrawal
• Access Your Data: Request a copy of all personal data we hold about you, including cookie-collected information
• Data Portability: Receive your data in a structured, machine-readable format
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
• Object to Processing: Object to data processing based on legitimate interests
• Lodge Complaints: File complaints with your national data protection authority (see edpb.europa.eu for contact information)

6.2 California, USA (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know: Request information about the categories and specific pieces of personal information collected
• Delete: Request deletion of personal information, subject to exceptions
• Opt-Out of Sale: Opt out of the "sale" or "sharing" of personal information (note: IPRightsHub does not sell personal information for monetary compensation, but targeted advertising may qualify as "sharing" under CCPA)
• Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment

To exercise CCPA rights, contact us at privacy@iprightshub.com with "CCPA Request" in the subject line.

6.3 Other Jurisdictions

We respect privacy rights globally. If your jurisdiction has enacted data protection laws (e.g., Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act), please contact us at privacy@iprightshub.com to exercise your applicable rights.

7. Cookie Lifespan and Retention

Cookies have different lifespans depending on their purpose:

• Session Cookies: Deleted automatically when you close your browser (typically 20 minutes to 2 hours of inactivity)
• Persistent Cookies: Remain on your device for a set period, ranging from 24 hours to 2 years depending on cookie type:
  • Analytics cookies: 24 months maximum
  • Advertising cookies: Up to 13 months (Google AdSense standard)
  • Preference cookies: 12 months
  • Security cookies: 30 days
• Scan Data (Upstash Redis): Automatically deleted after exactly 20 minutes via time-to-live (TTL) mechanisms, ensuring your IP analysis queries are not retained longer than necessary

8. Children's Privacy

IPRightsHub is not directed at children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children through cookies or any other means. If you believe a child has provided us with personal information, please contact us immediately at privacy@iprightshub.com so we can delete such data.

9. Updates to This Cookie Policy

We may update this Cookie Policy periodically to reflect changes in our practices, technologies, legal requirements, or business operations. The "Last Reviewed" date at the top of this policy indicates when it was most recently revised.

Notification of Material Changes: If we make material changes that significantly affect your privacy rights, we will notify you through:

• A prominent notice on our website homepage for at least 30 days
• Email notification if you have registered an account with us
• Cookie consent banner updates requiring fresh consent for new cookie types

We encourage you to review this policy periodically to stay informed about how we use cookies and protect your privacy.

10. Contact Information

If you have questions, concerns, or requests regarding this Cookie Policy or our data practices, please contact us:

11. Additional Resources

For more information about cookies and online privacy, consult these independent resources:

• AllAboutCookies: allaboutcookies.org
• UK Information Commissioner's Office (ICO): ico.org.uk/cookies
• EU Data Protection Board: edpb.europa.eu
• California Attorney General (CCPA): oag.ca.gov/privacy/ccpa