1. Scope

This Privacy Policy explains how Fat Tailed Solutions LLC collects, uses, discloses, retains, and protects personal information and customer content when you use ipstrategy.tech, related websites, hosted authentication, billing flows, practice workbenches, search APIs, evidence binders, reports, support, and communications.

For online plan users, Fat Tailed Solutions generally acts as the business or controller for account, billing, security, support, product-operations data, and workspace content handled under the online terms. For enterprise customers, Fat Tailed Solutions may act as a processor or service provider for customer content submitted inside a contracted workspace, as described in the applicable DPA or signed agreement.

2. Information we collect

Account and identity data: name, email address, organization, role, authentication identifiers, current organization, product access state, session metadata, and related login records.

Workspace and search data: practice profile, matter type, workspace name, data mode, search fields, confirmations, quotes, run IDs, evidence items, source URLs, excerpts, annotations, report sections, limitations, review status, feedback, and exported report metadata.

Billing and commercial data: selected plan, checkout status, subscription state, payment processor identifiers, billing portal events, invoices, credits, usage rows, metering events, support level, signed-term status, and overage or cap information. Payment card numbers are handled by payment processors and are not intentionally stored by ipstrategy.tech.

Technical, security, and usage data: IP address, user agent, device and browser data, timestamps, request routes, error categories, service status, session state, access status, Operator activity, approval decisions, audit events, product usage events, and reliability telemetry.

Communications: emails, support requests, sales conversations, security review materials, procurement requests, and feedback you send to us.

Public and third-party source data: patent publications, public patent metadata, public source URLs, and other public reference data used to produce evidence-first search results.

3. How we use information

We use information to provide the service, authenticate users, create and secure workspaces, enforce organization and workspace boundaries, prepare quotes, run searches, retrieve evidence, draft and export reports, provide guided assistance, operate billing, meter usage, provide support, and communicate with you.

We use information to enforce data-use boundaries, access state, online or signed-term requirements, allowance confirmation, allowance caps, workspace access states, role-based controls, and authorized-matter policy.

We use technical and audit information to protect the service, detect abuse, investigate security issues, diagnose service errors, maintain reliability, prevent fraud, preserve legal evidence, and comply with law.

We may use aggregated or de-identified information to understand product performance, conversion, onboarding blockers, search quality, and service reliability.

4. AI, search, and model processing

The service may send search inputs, draft fields, user messages, evidence context, and related metadata to model, search, and patent-data providers to provide planning, retrieval, ranking, summarization, drafting, and search assistance.

Guided assistance may suggest next steps, but sensitive actions require user approval or service-side checks before they are applied.

Customer searches are limited by the selected search type, accepted data-use terms, and credit controls. Model providers are configured with available data controls intended to prevent training on customer content unless an applicable signed agreement says otherwise.

Provider retention, abuse-monitoring, and enterprise privacy commitments are also governed by the provider terms and data controls applicable to Fat Tailed Solutions.

Do not enter confidential client facts, restricted data, or regulated data into public demo or sanitized evaluation workspaces. Authorized matter workspaces require online terms and data-use terms. Regulated, protective-order, export-controlled, payment-card, health, government-identifier, or other restricted data requires enterprise terms that expressly allow that data type.

5. How we disclose information

Service providers and subprocessors: we may disclose information to hosting, storage, authentication, billing, payment, model, search, monitoring, analytics, email, support, and security providers that help operate the service. We publish the current subprocessor list at /subprocessors.

Within your organization: workspace owners, admins, invited users, and authorized personnel may see workspace content, reports, usage, audit records, and billing information according to their roles and access grants.

Legal and safety: we may disclose information if required by law, subpoena, court order, regulator, professional obligation, security incident response, fraud investigation, rights enforcement, or to protect users, the public, or the service.

Business transfers: information may be disclosed or transferred in connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets, subject to appropriate protections.

We do not sell customer content. We do not intentionally share customer content with third parties for cross-context behavioral advertising.

6. Security and tenant isolation

We use safeguards intended to reduce unauthorized access, including authentication, access controls, organization and workspace isolation, audit trails, and storage protections.

Application records and report files are handled within those workspace boundaries.

No security measure is perfect. You are responsible for protecting your devices, accounts, email, credentials, billing portal access, and invited users, and for promptly reporting suspected unauthorized access.

7. Cookies and analytics

We use cookies and similar technologies for authentication, session management, sign-in state, security, preferences, and service operation.

We may use product analytics and server-side event logging to understand public-demo visits, signup starts, checkout progression, onboarding completion, search quotes, run blocks, evidence review, report exports, feedback, and Operator activity.

Optional browser analytics are controlled through Privacy choices. Where consent is required, optional analytics stay off unless you allow them. If your browser sends a Global Privacy Control or similar opt-out signal, optional browser analytics stay off for that browser.

Analytics should be configured to avoid raw secrets and direct personal identifiers where practical. Required cookies remain necessary for account and workbench functions.

8. Retention

We retain personal information and customer content only for as long as needed to provide the service, comply with legal obligations, resolve disputes, maintain security, prevent abuse, enforce agreements, and maintain required billing and audit records. The retention schedule below describes the default periods for the main data categories.

When customer content is deleted, we delete it from active production systems within the applicable plan or order window unless a longer period is required by law, security, fraud prevention, dispute resolution, or legal hold. Backup copies are overwritten on the normal backup cycle and are isolated from ordinary production use before they expire.

Embeddings, derived search artifacts, candidate dossiers, and report materials tied to customer content are deleted or de-identified on substantially the same schedule as the customer content from which they were derived, except for limited billing, audit, security, and legal records. Search and quote audit records may retain redacted or minimal metadata needed for allowance controls, reproducibility, abuse prevention, billing, and audit.

Billing, tax, security, privacy-request, and legal records may be retained longer where required or appropriate. Public demo data may be reset or regenerated. Aggregated or de-identified data may be retained without identifying you.

9. Your choices and rights

Depending on your location and relationship with us, you may have rights to access, correct, delete, export, restrict, or object to certain personal information. You may also have the right to opt out of certain sharing or marketing communications.

You can open Privacy choices from the site footer to turn optional browser analytics on or off for your browser.

Enterprise users should usually route workspace-content requests through their organization administrator because the customer may control that content. Online plan users may contact us directly.

Online subscription users can cancel online from Billing Settings. Cancellation stops future renewal charges; it does not delete records we must keep for billing, security, legal, audit, dispute, or compliance reasons.

We may need to verify your identity and authority before acting on a request. Some information may be retained where necessary for billing, security, legal, audit, dispute, or compliance reasons.

10. California, GDPR, and international use

California residents may request access, deletion, correction, portability, and information about categories of personal information collected, sources, purposes, disclosures, and retention. We do not knowingly sell personal information as "sale" is commonly understood, and we do not intentionally share customer content for cross-context behavioral advertising.

If GDPR, UK GDPR, or similar law applies, our legal bases may include contract performance, legitimate interests, consent, compliance with legal obligations, and, for customer-controlled workspace content, processing under customer instructions.

Information may be processed in the United States and other countries where we or our service providers operate. Enterprise data transfer terms may be addressed in a DPA or signed agreement.

11. Children and regulated data

The service is intended for professional users and is not directed to children. Do not submit children's data unless expressly authorized in a signed agreement.

Do not submit payment card data, Social Security numbers, health data, export-controlled data, protective-order materials, or other regulated data unless your signed agreement specifically permits that data type and the workspace is approved for it.

12. Changes and contact

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and may provide additional notice for material changes.

Questions, security concerns, or privacy requests may be sent to legal@fattailed.ai or Fat Tailed Solutions LLC, 207 South McDowell Blvd., #1040, Petaluma, CA 94954. Include enough detail for us to identify the relevant account, organization, workspace, or request.