Privacy Policy

We collect information in three categories:

1.1 Information You Provide Directly

• Account Information: Name, email address, password, company name, job title, and country
• Profile Information: Firm size, practice areas, jurisdictions of interest, and professional affiliations
• Billing Information: Payment card details, billing address, and invoice history (processed securely through Paddle, our payment processor and Merchant of Record)
• Communications: Messages you send to our support team, feedback, survey responses, and feature requests
• User Content: Saved searches, watchlists, notes, custom labels, and exported reports

1.2 Information Collected Automatically

• Usage Data: Features used, search queries, pages visited, time spent, click patterns, and interaction with analytics tools
• Device Information: Browser type, operating system, device identifiers, screen resolution, and language preferences
• Log Data: IP address, access timestamps, referring URLs, and error logs
• Performance Data: Page load times, API response metrics, and application errors

1.3 Information from Third Parties

• Authentication Providers: If you sign in via Google or other OAuth providers, we receive your name, email, and profile picture
• Business Partners: We may receive business contact information from partners for marketing purposes (with appropriate consent)
• Public Sources: We collect publicly available patent data from official patent offices (KIPRIS, EPO, USPTO, J-PlatPat) which may include names of inventors, applicants, and patent attorneys

2.1 Direct Interactions

When you register for an account, subscribe to our Service, fill out forms, communicate with us, or interact with our platform features.

2.2 Automated Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing behavior. See our Cookie Policy for details.

2.3 Third-Party Sources

We receive data from authentication providers when you choose to sign in with them, and from public patent databases as part of our core service functionality.

We use the information we collect for the following purposes:

3.1 Service Delivery

• Providing, maintaining, and improving the FlowIP platform
• Processing your subscription and payments
• Personalizing your experience and recommendations
• Enabling features like saved searches, watchlists, and alerts

3.2 Communication

• Sending transactional emails (account confirmation, password resets, subscription updates)
• Providing customer support and responding to inquiries
• Sending product updates, feature announcements, and educational content
• Sending marketing communications (with your consent, where required)

3.3 Analytics and Improvement

• Understanding how users interact with our Service
• Identifying trends and usage patterns
• Measuring the effectiveness of features and marketing
• Conducting research and development for new features

3.4 Security and Compliance

• Protecting against fraud, abuse, and unauthorized access
• Enforcing our Terms of Service
• Complying with legal obligations
• Responding to legal requests and preventing harm

3.5 Aggregated Insights

We may create anonymized, aggregated data from user information that cannot be used to identify individuals. This aggregated data may be used for market research, industry reports, or benchmarking purposes.

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you have requested (account management, service delivery, payment processing)
• Legitimate Interests: Processing for our legitimate business interests that do not override your rights (analytics, security, service improvement, direct marketing to existing customers)
• Consent: Processing based on your explicit consent (marketing to prospective customers, certain cookies)
• Legal Obligation: Processing required to comply with applicable laws (tax records, responding to legal requests)

You may withdraw consent at any time where processing is based on consent. This will not affect the lawfulness of processing before withdrawal.

We do not sell your personal information. We share information only in the following circumstances:

5.1 Service Providers

We engage trusted third-party companies to perform services on our behalf, such as:

• Paddle: Payment processing, invoicing, subscription management, and tax handling (Merchant of Record). See Paddle's Privacy Policy
• Supabase: Database hosting, user authentication, and transactional email delivery
• Vercel: Application hosting and deployment infrastructure
• Google Cloud (BigQuery): Patent data processing and analytics infrastructure

These providers are bound by contractual obligations to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.

5.3 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your choices regarding your information.

5.4 With Your Consent

We may share information with third parties when you have given us explicit consent to do so.

FlowIP is headquartered in the Republic of Korea. If you access the Service from outside Korea, your information may be transferred to, stored, and processed in Korea or other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland to countries not deemed to provide adequate data protection, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with our service providers
• Technical and organizational security measures

You may request a copy of the safeguards we use by contacting us at privacy@flowip.io.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

We implement robust technical and organizational measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls, multi-factor authentication for administrative access, and regular access reviews
• Infrastructure Security: Hosted on SOC 2 Type II certified cloud infrastructure with automated security monitoring
• Secure Development: Security-focused code reviews, dependency vulnerability scanning, and regular penetration testing
• Incident Response: Documented incident response procedures with notification protocols
• Employee Training: Regular security awareness training for all team members

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

How to Exercise Your Rights:

• Account settings: Update profile, export data, or delete your account
• Email: Submit requests to privacy@flowip.io
• Marketing opt-out: Unsubscribe link in every marketing email

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

We use cookies and similar technologies for the following purposes:

10.1 Essential Cookies

Required for the Service to function properly. These enable core functionality like authentication, security, and session management. You cannot opt out of essential cookies.

10.2 Functional Cookies

Remember your preferences, such as language settings, dashboard layout, and dark/light mode preferences.

10.3 Analytics Cookies

Help us understand how users interact with the Service, which features are most popular, and where improvements are needed. We use Supabase's built-in analytics and may introduce additional analytics tools in the future with appropriate notice.

10.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect Service functionality. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block cookies from specific sites
• Block all cookies or clear all cookies when you close the browser

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

Key third-party services we use include:

• Supabase: Database hosting, user authentication, and email delivery
• Vercel: Application hosting and deployment
• Google Cloud BigQuery: Patent data processing and storage

Patent Data Sources: We aggregate publicly available patent data from official government patent offices:

• KIPRIS: Korea Intellectual Property Rights Information Service (Korean patents)
• EPO OPS: European Patent Office Open Patent Services (European patents)
• USPTO/PatentsView: United States Patent and Trademark Office (US patents)
• J-PlatPat: Japan Platform for Patent Information (Japanese patents)

The Service is intended for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@flowip.io, and we will take steps to delete such information.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Exercise your rights without discriminatory treatment

To exercise your California privacy rights, contact us at privacy@flowip.io or through your account settings. We will verify your identity before processing requests.

Categories of Personal Information Collected: Identifiers, commercial information, internet activity, geolocation data, professional information, and inferences drawn from the above.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:

• We will update the "Effective Date" at the top of this policy
• We will provide notice via email and/or prominent notice on the Service
• For significant changes affecting your rights, we may seek your renewed consent

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For users in the EEA, you have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates applicable law.