Privacy Policy

1. Who We Are

IPRightsHub is an intellectual property intelligence platform that provides AI-powered similarity scanning tools, continuous IP monitoring through IP-SAM™, strategic business guidance, and educational content through our Hub (comprising Blog articles, Learn guides, and Case Analyses). Our platform is designed to help entrepreneurs, creators, and businesses identify potential intellectual property risks before they become costly problems.

We are not a law firm, and we do not provide legal advice. All analysis and information provided through our platform is for informational and educational purposes only. For further details, please refer to our Disclaimer.

2. Information We Collect

We collect different types of information depending on how you interact with the Platform. We follow a strict principle of minimal data collection — we only collect what is necessary to deliver the service you are using at that moment.

2.1 Scan Input Data

When you use any of our 36 IP similarity scanning tools, you may submit the following types of content for analysis:

• Text-based inputs: Names, slogans, taglines, descriptions, abstracts, domain names, social media handles, song lyrics, copyright text, product names, and other textual content relevant to the specific scanning tool you are using.
• Image-based inputs: Logo images, brand symbols, artwork, illustrations, packaging designs, clothing designs, and other visual content uploaded for similarity analysis.

This content is submitted voluntarily by you for the sole purpose of performing a similarity analysis. We do not use your submitted content for any purpose other than generating your scan results.

2.2 Strategic Guidance Inquiry Data

If you submit an inquiry through our strategic guidance page, we collect the following information:

• Your name
• Your email address
• Your company name (optional)
• The type of inquiry you select
• A description of your situation or question

This information is collected solely to respond to your inquiry and is transmitted via email. We do not add you to any mailing list or use this information for marketing purposes unless you explicitly request ongoing communication.

2.3 Payment Information

When you purchase a premium PDF scan report or an IP-SAM™ monitoring subscription, your payment is processed entirely by Stripe, our third-party payment processor. We do not directly collect, store, or have access to your full credit card number, debit card number, or bank account details. Stripe handles all payment data in accordance with PCI-DSS (Payment Card Industry Data Security Standard) compliance requirements.

The information Stripe may share with us is limited to a transaction confirmation, a truncated card reference (such as the last four digits), and billing metadata necessary to fulfil your purchase.

2.4 Automatically Collected Technical Data

When you visit and use the Platform, certain technical information is collected automatically through analytics and infrastructure services. This may include:

• Device and browser information: Browser type and version, operating system, device type, and screen resolution.
• Usage data: Pages visited, features used, time spent on pages, scanning tools accessed, and general interaction patterns.
• Network data: IP address (which may be used to determine approximate geographic location at a country or region level), referring URL, and access timestamps.
• Performance data: Page load times, error logs, and technical performance metrics used to maintain and improve the Platform.

This data is collected through PostHog, our product analytics platform, and through standard server-side logging. It is used in aggregate to understand how users interact with the Platform, identify technical issues, and improve our services. We do not use this data to identify individual users or build personal profiles.

2.5 Information We Do Not Collect

To be clear about the boundaries of our data practices:

• We do not require you to create an account or register to use our free scanning tools.
• We do not collect passwords or authentication credentials for scanning tool usage.
• We do not collect your date of birth, government-issued identification numbers, or sensitive personal categories such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.
• We do not purchase, acquire, or otherwise obtain personal data about you from third-party data brokers.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide Our Scanning Services

Your submitted scan content (text or images) is processed through our AI-powered similarity analysis engine to generate risk scores, similarity assessments, and actionable insights. This is the primary and sole purpose for which your scan data is used. The analysis is performed in near real-time, and results are made available to you immediately upon completion.

3.2 To Process Transactions

When you purchase a PDF scan report (priced at £2.99 per report) or an IP-SAM™ monitoring subscription (priced at £29 per month per asset), we use Stripe to process your payment. Transaction metadata is used solely for order fulfilment, invoicing, and responding to any payment-related queries or disputes.

3.3 To Respond to Inquiries

If you submit a strategic guidance inquiry, we use the information you provide to understand your situation, prepare a response, and communicate with you via the email address you supplied.

3.4 To Improve and Maintain the Platform

Aggregated and anonymised usage data is used to understand which tools and content are most valuable, identify and resolve technical issues, optimise the user experience, and guide product development decisions. This data is never used to identify or target individual users.

3.5 To Display Advertising

We use Google AdSense to display advertisements on the Platform. Google AdSense may use cookies and similar technologies to serve advertisements based on your prior visits to our Platform or other websites. For more information about how Google uses data from sites that use its services, please visit Google's privacy and terms page. You can opt out of personalised advertising by visiting Google's Ad Settings or the Network Advertising Initiative opt-out page.

3.6 To Comply with Legal Obligations

We may use or disclose your information where required by applicable law, regulation, legal process, or enforceable governmental request. This includes responding to lawful requests from public authorities, including national security or law enforcement requirements.

4. Data Retention and Deletion

We operate on a privacy-by-design model with aggressive automatic data deletion. Our retention practices are as follows:

4.1 Scan Data — 20-Minute Automatic Deletion

All scan data — including the content you submit and the results generated — is stored temporarily in our database using a Time-To-Live (TTL) mechanism. Scan data is automatically and permanently deleted within 20 minutes of being created. This is enforced at the infrastructure level and cannot be overridden manually.

Once your scan data has been deleted, it cannot be recovered by us or anyone else. This means:

• If you leave the results page and return after 20 minutes, your results will no longer be available.
• If you wish to retain a permanent record of your scan analysis, you must purchase the PDF report before the 20-minute deletion window expires.
• We cannot retrieve, reproduce, or resend expired scan results under any circumstances.

This aggressive deletion policy exists both to protect your privacy and to ensure that no submitted intellectual property content is retained on our systems longer than is strictly necessary to provide you with your results.

4.2 Image Data — Transient Processing Only

For image-based scanning tools (such as Logo Image, Brand Symbol, Art/Illustration, Packaging Design, and Clothing Design scanners), uploaded images are processed transiently. Image files are not stored in our primary database due to their size. They are transmitted directly to our analysis engine, processed, and discarded. No copies of your uploaded images are retained after your scan results have been generated.

4.3 Purchased PDF Reports

If you purchase a PDF scan report, access to download the generated PDF is available for 24 hours following your purchase. After this 24-hour window, the download link expires. We recommend downloading your PDF report promptly after purchase. The PDF report itself is generated on-demand from the scan data at the time of your request and is not pre-stored.

4.4 Strategic Guidance Inquiries

Information submitted through the strategic guidance inquiry form is transmitted to us via email. We retain this correspondence for as long as is reasonably necessary to respond to and resolve your inquiry, and for a reasonable period thereafter for record-keeping purposes. If you would like us to delete your inquiry data, you may contact us at the address provided in Section 12.

4.5 Analytics and Technical Data

Aggregated analytics data is retained in accordance with our analytics provider's standard retention periods. This data does not contain personally identifiable information and is used solely for product improvement and performance monitoring purposes.

4.6 IP-SAM™ Monitoring Data

If you subscribe to IP-SAM™, the asset information you provide for monitoring (such as brand names, logos, or other intellectual property identifiers) is retained for the duration of your active subscription. Upon cancellation of your subscription, your monitoring data will be deleted within 30 days of the end of your billing period, unless a longer retention period is required for legitimate business purposes such as resolving disputes or complying with legal obligations.

5. Third-Party Services and Data Sharing

We work with a limited number of trusted third-party service providers to operate the Platform. We do not sell, rent, trade, or otherwise make available your personal information to third parties for their own marketing or commercial purposes.

The third-party services we use include:

5.1 Stripe (Payment Processing)

Stripe processes all payments made on the Platform. Stripe is a PCI-DSS Level 1 certified payment processor. When you make a purchase, your payment details are transmitted directly to Stripe's secure servers and are never passed through or stored on our own infrastructure.

5.2 Google AdSense (Advertising)

Google AdSense displays advertisements on the Platform. Google may collect and use data about your browsing activity to serve relevant advertisements. This data collection is governed by Google's own Privacy Policy.

5.3 PostHog (Product Analytics)

We use PostHog for product analytics to understand how users interact with the Platform in aggregate. PostHog collects technical and usage data as described in Section 2.4. This data is used to improve the Platform and is not used to identify or profile individual users.

5.4 Resend (Email Communication)

We use Resend as our email delivery service for transmitting strategic guidance inquiry submissions and transactional communications. Resend processes email data in accordance with its own privacy policy.

5.5 Vercel (Hosting and Infrastructure)

The Platform is hosted on Vercel's infrastructure. Vercel may process certain technical data (such as IP addresses and request logs) as part of its standard hosting operations.

5.6 Upstash (Database and Background Processing)

We use Upstash Redis for temporary scan data storage (with the 20-minute TTL described in Section 4.1) and Upstash QStash for reliable background task processing. Data stored in Upstash is encrypted at rest and in transit.

5.7 AI Analysis Engine

Our similarity analysis is performed by our proprietary IP analysis engine, which uses advanced machine learning models to compare your submitted content against known databases, registries, and publicly available data. Submitted content is processed transiently — it is analysed and then discarded. Our analysis engine does not retain copies of your submitted content after processing is complete, and your submitted content is not used to train, fine-tune, or improve any machine learning models.

6. Cookies and Tracking Technologies

Our Platform uses cookies and similar technologies to provide core functionality, analyse usage, and display advertising. A detailed description of the types of cookies we use and how you can manage them is available in our separate Cookie Policy.

In summary:

• Essential cookies are required for the Platform to function correctly, including maintaining session state and enabling core features.
• Analytics cookies are used by PostHog to understand usage patterns and improve the Platform.
• Advertising cookies are used by Google AdSense to display relevant advertisements and measure advertising effectiveness.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform.

7. Data Security

We take reasonable and appropriate technical and organisational measures to protect your information from unauthorised access, disclosure, alteration, or destruction. These measures include:

• Encryption in transit: All data transmitted between your browser and our Platform is encrypted using TLS (Transport Layer Security) via HTTPS.
• Encryption at rest: Data stored in our database infrastructure is encrypted at rest.
• Automatic deletion: Our 20-minute TTL policy ensures that scan data exposure is time-limited by design.
• Access controls: Access to our infrastructure and administration tools is restricted to authorised personnel only.
• Secure payment processing: All payment data is handled by Stripe, a PCI-DSS Level 1 certified processor, and never touches our servers.
• No account system: By not requiring user accounts for scanning tools, we eliminate entire categories of data breach risk (such as credential theft or password database compromises).

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining industry-standard protections.

8. Your Rights

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal information. These rights may include:

8.1 Right of Access

You have the right to request information about what personal data we hold about you. Due to our minimal data collection practices and 20-minute automatic deletion of scan data, there is typically very little personal data to disclose.

8.2 Right to Rectification

You have the right to request correction of inaccurate personal data. If you have submitted a strategic guidance inquiry and need to correct any information, please contact us.

8.3 Right to Erasure

You have the right to request deletion of your personal data. Given our automatic deletion practices, scan data is already erased within 20 minutes without any action required on your part.

8.4 Right to Restrict Processing

You have the right to request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have contested.

8.5 Right to Data Portability

Where applicable, you have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format.

8.6 Right to Object

You have the right to object to processing of your personal data for certain purposes, including direct marketing. You can manage advertising personalisation through Google's Ad Settings.

8.7 Rights Related to Automated Decision-Making

Our similarity analysis tools use automated processing to generate scan results, including risk scores and similarity assessments. These results are provided for informational purposes only and do not constitute legal determinations or binding decisions.

9. International Data Transfers

IPRightsHub operates internationally. Your data may be processed by our third-party service providers in countries outside of your country of residence, including the United States and the European Economic Area.

10. Children's Privacy

IPRightsHub is not directed at children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such data promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make material changes, we will update the "Last updated" date at the top of this page.

12. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us at:

Email: privacy@iprightshub.com

General legal inquiries: legal@iprightshub.com

Platform: iprightshub.com

13. Summary of Key Points

For your convenience, here is a summary of the most important aspects of our privacy practices:

• No account required. Use our tools without providing personal information beyond the content you scan.
• 20-minute auto-deletion. All scan data is permanently and automatically deleted. We cannot recover it.
• Images are never stored. Uploaded images are processed transiently and discarded.
• Payments are handled by Stripe. We never see or store your full payment details.
• We do not sell your data. Your personal information is never sold, rented, or traded.
• Your content is not used for training. Submitted scan content is not used to train or improve any AI models.
• Minimal cookies. Only essential, analytics, and advertising cookies.
• You have rights. Contact us at privacy@iprightshub.com to exercise your rights.