Patenty.AI is an integrated patent management platform that supports patent specification drafting, prior art search, and office action response using AI technology.

What languages are supported?

We support Korean, English, Japanese, and Chinese, allowing you to create specifications that meet the requirements of each country's patent office.

Basic features are provided for free, and premium plans are available for advanced AI features and unlimited usage.

DataSecurityisOurTopPriority

Your patent data is protected by the strictest security standards

Core Trust Principles

How Patenty protects your data

No AI Model Training

Customer data is never used for AI model training

Neither Patenty nor third-party AI providers use your patent data for model training. Data is only used to deliver the requested services.

Highest-Level Logical Separation

Each user's data is completely separated

Row-Level Security (RLS) ensures complete data separation between users. No user can access another user's data.

End-to-End Encryption

Encrypted in transit and at rest

All data is encrypted with TLS 1.3 during transmission and AES-256 at rest.

Complete Deletion

Data fully removed upon deletion

When you delete your data, it is permanently and completely removed from the database, including all related files and metadata. Data is irrecoverably erased.

CSA STAR Level 1

Global cloud security certification

We have achieved Cloud Security Alliance's Security, Trust, Assurance and Risk (STAR) program Level 1 certification.

Third-Party Compliance

All infrastructure partners are security certified

All infrastructure partners including Vercel, Supabase, and Google Cloud hold global security certifications such as SOC 2 Type II and ISO 27001.

Security Certifications

Trusted global security standards compliance

CSA STAR Level 1

Infrastructure Partner Certifications

Vercel

SOC 2 Type II, GDPR, ISO 27001 Aligned

Supabase

SOC 2 Type II, HIPAA Eligible, GDPR

Google Vertex AI

ISO 27001, SOC 2, GDPR, FedRAMP

Groq

SOC 2 Type II, Zero Data Retention

OpenAI

SOC 2 Type II, GDPR, Zero Data Retention (API)

Mistral AI

SOC 2 Type II, GDPR, Zero Data Retention

Data Handling Policies

Storage & Management

Encryption applied both in transit and at rest
Complete tenant isolation structure per user
Hosted on secure cloud infrastructure (Supabase - AWS-based)

Deletion Policy

Complete removal from database when you delete
Permanent deletion in an irrecoverable manner
Complete deletion including related files and metadata

AI Usage Policy

Never reused for AI model training, internal analysis, or generating other users' specifications
Used only for processing the specific user's service requests
LLM providers also do not use customer data for model training

AI Data Governance

Customer data protection policies when using AI services

LLM Provider Data Sharing Policy

LLM providers use customer data only for providing Patenty services and do not use it for AI model training.

Zero Data Retention

Customer data transmitted via API is not recorded in permanent storage. It is immediately deleted after response generation.

No Customer Data Model Training

Sensitive customer data is not used for training our own AI models or third-party AI models.

PII Minimization

Only email addresses are collected for authentication. No other personally identifiable information (PII) is collected.

Data Hosting Location

Data is hosted on secure cloud infrastructure (Supabase - AWS-based).

Data Retention Policy

Data is retained only while there is a business need or regulatory requirement, then securely deleted.

Technical Security Implementation

Actual security features based on CSA STAR Level 1 certification

Authentication & Access Control

(6)

Zero Trust Authentication - Authentication and authorization verification for all requests

RBAC (Role-Based Access Control) - user, investor, admin role-based access control

Rate Limiting - Multi-layer request throttling

Suspicious Activity Detection - Detection and blocking of abnormal login attempts

Session Management - Secure session management and validity verification

Project-Level Access Control - Granular access permissions per project

Data Protection

(6)

Row-Level Security (RLS) - Database row-level security policies

Input Validation - Zod schema-based input validation

XSS Prevention - XSS attack prevention via DOMPurify

Sensitive Data Redaction - Automatic removal of sensitive information from logs

Security Headers - CSP, HSTS, X-Frame-Options

Secure Deletion - Safe deletion of related data when users delete accounts

Monitoring & Audit

(3)

Comprehensive Audit Logging - Audit logs for all user activities

Security Event Tracking - Security event tracking and severity classification

Sentry Integration - Real-time error monitoring (client & server)

Development Security

(3)

CI/CD Security Checks - Automated security checks (lint, type-check, build)

TypeScript Strict Mode - Strict type checking

E2E Security Tests - Security-focused E2E tests (XSS, sessions)

Compliance

(5)

GDPR Compliance - EU General Data Protection Regulation compliance

CCPA Compliance - California Consumer Privacy Act compliance

PIPA Compliance - Korea Personal Information Protection Act compliance

Multi-language Privacy Policies - Privacy policies in 4 languages

Data Subject Rights - Documentation of user rights (access, rectification, deletion, portability)

Learn More About Security

Review Patenty's detailed security policy or contact our security team

View Full Security Policy Contact Security Team

DataSecurityisOurTopPriority

Your patent data is protected by the strictest security standards

Core Trust Principles

How Patenty protects your data

No AI Model Training

Customer data is never used for AI model training

Neither Patenty nor third-party AI providers use your patent data for model training. Data is only used to deliver the requested services.

Highest-Level Logical Separation

Each user's data is completely separated

Row-Level Security (RLS) ensures complete data separation between users. No user can access another user's data.

End-to-End Encryption

Encrypted in transit and at rest

All data is encrypted with TLS 1.3 during transmission and AES-256 at rest.

Complete Deletion

Data fully removed upon deletion

When you delete your data, it is permanently and completely removed from the database, including all related files and metadata. Data is irrecoverably erased.

CSA STAR Level 1

Global cloud security certification

We have achieved Cloud Security Alliance's Security, Trust, Assurance and Risk (STAR) program Level 1 certification.

Third-Party Compliance

All infrastructure partners are security certified

All infrastructure partners including Vercel, Supabase, and Google Cloud hold global security certifications such as SOC 2 Type II and ISO 27001.

Security Certifications

Trusted global security standards compliance

CSA STAR Level 1

Infrastructure Partner Certifications

Vercel

SOC 2 Type II, GDPR, ISO 27001 Aligned

Supabase

SOC 2 Type II, HIPAA Eligible, GDPR

Google Vertex AI

ISO 27001, SOC 2, GDPR, FedRAMP

Groq

SOC 2 Type II, Zero Data Retention

OpenAI

SOC 2 Type II, GDPR, Zero Data Retention (API)

Mistral AI

SOC 2 Type II, GDPR, Zero Data Retention

Data Handling Policies

Storage & Management

Encryption applied both in transit and at rest
Complete tenant isolation structure per user
Hosted on secure cloud infrastructure (Supabase - AWS-based)

Deletion Policy

Complete removal from database when you delete
Permanent deletion in an irrecoverable manner
Complete deletion including related files and metadata

AI Usage Policy

Never reused for AI model training, internal analysis, or generating other users' specifications
Used only for processing the specific user's service requests
LLM providers also do not use customer data for model training

AI Data Governance

Customer data protection policies when using AI services

LLM Provider Data Sharing Policy

LLM providers use customer data only for providing Patenty services and do not use it for AI model training.

Zero Data Retention

Customer data transmitted via API is not recorded in permanent storage. It is immediately deleted after response generation.

No Customer Data Model Training

Sensitive customer data is not used for training our own AI models or third-party AI models.

PII Minimization

Only email addresses are collected for authentication. No other personally identifiable information (PII) is collected.

Data Hosting Location

Data is hosted on secure cloud infrastructure (Supabase - AWS-based).

Data Retention Policy

Data is retained only while there is a business need or regulatory requirement, then securely deleted.

Technical Security Implementation

Actual security features based on CSA STAR Level 1 certification

Authentication & Access Control

(6)

Zero Trust Authentication - Authentication and authorization verification for all requests

RBAC (Role-Based Access Control) - user, investor, admin role-based access control

Rate Limiting - Multi-layer request throttling

Suspicious Activity Detection - Detection and blocking of abnormal login attempts

Session Management - Secure session management and validity verification

Project-Level Access Control - Granular access permissions per project

Data Protection

(6)

Row-Level Security (RLS) - Database row-level security policies

Input Validation - Zod schema-based input validation

XSS Prevention - XSS attack prevention via DOMPurify

Sensitive Data Redaction - Automatic removal of sensitive information from logs

Security Headers - CSP, HSTS, X-Frame-Options

Secure Deletion - Safe deletion of related data when users delete accounts

Monitoring & Audit

(3)

Comprehensive Audit Logging - Audit logs for all user activities

Security Event Tracking - Security event tracking and severity classification

Sentry Integration - Real-time error monitoring (client & server)

Development Security

(3)

CI/CD Security Checks - Automated security checks (lint, type-check, build)

TypeScript Strict Mode - Strict type checking

E2E Security Tests - Security-focused E2E tests (XSS, sessions)

Compliance

(5)

GDPR Compliance - EU General Data Protection Regulation compliance

CCPA Compliance - California Consumer Privacy Act compliance

PIPA Compliance - Korea Personal Information Protection Act compliance

Multi-language Privacy Policies - Privacy policies in 4 languages

Data Subject Rights - Documentation of user rights (access, rectification, deletion, portability)

Learn More About Security

Review Patenty's detailed security policy or contact our security team

View Full Security Policy Contact Security Team