Legal
Privacy Policy
This policy covers account, workspace, billing, evidence, report, audit, security, and support data handled by ipstrategy.tech.
Quick Data Notice
| Category | Examples | Main purposes |
|---|---|---|
| Identifiers | Name, email, organization, account ID, online identifiers, IP address | Account creation, authentication, support, security, billing |
| Customer records | Billing contacts, checkout metadata, plan and subscription records | Payment administration, accounting, tax, dispute handling |
| Commercial information | Plan, credits, usage, invoices, checkout and portal events | Billing, access controls, usage controls, customer support |
| Internet or network activity | Device, browser, routes, timestamps, errors, audit events | Security, diagnostics, reliability, analytics |
| Professional information | Practice role, practice focus, matter type, organization role | Workspace setup and workflow customization |
| Customer content | Workflow inputs, evidence notes, reports, feedback, annotations | Providing workbench, search, evidence, and report functions |
Retention Schedule
| Data category | Default retention | Deletion/export behavior |
|---|---|---|
| Account identity | Account life plus up to 6 years | Export admin/user list; delete or de-identify after closure where feasible |
| Org and workspace membership | Account life plus up to 2 years | Export org roster and role history for audit reconstruction |
| Billing records, invoices, and taxes | Up to 7 years | Export invoices; retain where accounting or legal rules require it |
| Payment card data | Handled by payment processor | No intentional local card-number storage; tokens or last4 only where needed |
| Quotes and confirmations | Workspace life plus up to 1 year | Export quote history and confirmations |
| Run plans and normalized search intent | Workspace life plus up to 1 year after termination | Export by run or report; delete with workspace unless ledger exception applies |
| Run ledgers | Up to 6 years, redacted where feasible | Retain minimal audit, billing, security, and reproducibility metadata |
| Reports, report versions, and evidence dossiers | Workspace life plus 90 days after termination by default | Export before deletion; enterprise schedules may differ |
| Uploaded customer content | Workspace life plus 90 days after termination by default | Delete from active systems after export/deletion window unless exception applies |
| Embeddings and vector records derived from customer content | Same as source content | Delete with source content |
| Public patent corpus serving tables | Indefinite | Not scoped to customer deletion; public-source corpus |
| Usage analytics | Up to 2 years, then aggregate or de-identify | No customer-content fields intended |
| Security telemetry and audit logs | 1 year default; up to 2 years for enterprise/private tenant | Export limited security summaries where contractually supported |
| Security incident records | Up to 6 years | Retained for legal, security, and insurance records |
| Support tickets | Up to 3 years after closure | Export on request where feasible; redact customer content where appropriate |
| Privacy requests and responses | At least 24 months | Retain request record securely |
| Marketing communications | Until opt-out plus suppression record | Delete profile where feasible; keep suppression record to honor opt-out |
| Backups | 35-90 days rolling | Not immediately deleted, then overwritten on normal cycle |
| Legal hold | Until hold released | Deletion paused while hold applies |
| Model request/response content | Fat Tailed retention only as needed for the run/report | Provider-side retention depends on the data controls and abuse-monitoring commitments available for the service |
1. Scope
This Privacy Policy explains how Fat Tailed Solutions LLC collects, uses, discloses, retains, and protects personal information and customer content when you use ipstrategy.tech, related websites, hosted authentication, billing flows, practice workbenches, workflow APIs, evidence binders, reports, support, and communications.
For online plan users, Fat Tailed Solutions generally acts as the business or controller for account, billing, security, support, and product-operations data. For enterprise customers, Fat Tailed Solutions may act as a processor or service provider for customer content submitted inside an approved workspace, as described in the applicable DPA or signed agreement.
2. Information we collect
Account and identity data: name, email address, organization, role, authentication identifiers, active organization, product access state, session metadata, and related login records.
Workspace and workflow data: practice profile, matter type, workspace name, data mode, workflow fields, confirmations, quotes, run IDs, evidence items, source URLs, excerpts, annotations, report sections, limitations, review status, feedback, and exported report metadata.
Billing and commercial data: selected plan, checkout status, subscription state, payment processor identifiers, billing portal events, invoices, credits, usage rows, metering events, support level, signed-term status, and overage or cap information. Payment card numbers are handled by payment processors and are not intentionally stored by ipstrategy.tech.
Technical, security, and usage data: IP address, user agent, device and browser data, timestamps, request routes, error categories, service status, session state, access status, Operator activity, approval decisions, audit events, product-funnel events, and reliability telemetry.
Communications: emails, support requests, sales conversations, security review materials, procurement requests, and feedback you send to us.
Public and third-party source data: patent publications, public patent metadata, public source URLs, and other public reference data used to produce evidence-first search results.
3. How we use information
We use information to provide the service, authenticate users, create and secure workspaces, enforce organization and workspace boundaries, prepare quotes, run workflows, retrieve evidence, draft and export reports, provide guided assistance, operate billing, meter usage, provide support, and communicate with you.
We use information to enforce data boundaries, access state, signed-term requirements, spend confirmation, credit caps, workspace access states, role-based controls, and approved-matter policy.
We use technical and audit information to protect the service, detect abuse, investigate security issues, debug errors, maintain reliability, prevent fraud, preserve legal evidence, and comply with law.
We may use aggregated or de-identified information to understand product performance, conversion, onboarding blockers, workflow quality, and service reliability.
4. AI, search, and model processing
The service may send workflow inputs, draft fields, user messages, evidence context, and related metadata to model, search, and patent-data providers to provide planning, retrieval, ranking, summarization, drafting, and workflow assistance.
Guided assistance operates through defined workspace operations, policy checks, approvals, and conversation context. The assistant can propose next steps; application services decide whether to execute, block, audit, or require approval for sensitive changes.
Customer searches use server-controlled search templates and spend caps. Model calls do not have authority to issue unrestricted database queries. Model calls used by this app are configured with data controls intended to avoid provider training on customer content unless an applicable signed agreement says otherwise.
Provider retention, abuse-monitoring, and enterprise privacy commitments are also governed by the provider terms and data controls applicable to Fat Tailed Solutions.
Do not enter confidential client facts, restricted data, or regulated data into public demo or sanitized evaluation workspaces. Approved-matter workspaces require the applicable signed terms and data boundary.
5. How we disclose information
Service providers and subprocessors: we may disclose information to hosting, storage, authentication, billing, payment, model, search, monitoring, analytics, email, support, and security providers that help operate the service. We publish the current subprocessor list at /subprocessors.
Within your organization: workspace owners, admins, invited users, and authorized personnel may see workspace content, reports, usage, audit records, and billing information according to their roles and access grants.
Legal and safety: we may disclose information if required by law, subpoena, court order, regulator, professional obligation, security incident response, fraud investigation, rights enforcement, or to protect users, the public, or the service.
Business transfers: information may be disclosed or transferred in connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets, subject to appropriate protections.
We do not sell customer content. We do not intentionally share customer content with third parties for cross-context behavioral advertising.
6. Security and tenant isolation
We use safeguards intended to reduce unauthorized access, including hosted authentication, secure session cookies, same-origin application controls, service-to-service access controls, organization and workspace scoping, policy checks, audit trails, and storage controls.
Application records are scoped by organization and workspace. Report files are stored in controlled storage. Live patent workflow access uses short-lived or controlled service credentials.
No security measure is perfect. You are responsible for protecting your devices, accounts, email, credentials, billing portal access, and invited users, and for promptly reporting suspected unauthorized access.
7. Cookies and analytics
We use cookies and similar technologies for authentication, session management, sign-in state, security, preferences, and service operation.
We may use product analytics and server-side event logging to understand public-demo visits, signup starts, checkout progression, onboarding completion, workflow quotes, run blocks, evidence review, report exports, feedback, and Operator activity.
Optional browser analytics are controlled through Privacy choices. Where consent is required, optional analytics stay off unless you allow them. If your browser sends a Global Privacy Control or similar opt-out signal, optional browser analytics stay off for that browser.
Analytics should be configured to avoid raw secrets and direct personal identifiers where practical. Required cookies remain necessary for account and workbench functions.
8. Retention
We retain personal information and customer content only for as long as needed to provide the service, comply with legal obligations, resolve disputes, maintain security, prevent abuse, enforce agreements, and maintain auditable billing and run records. Once production deletion and export controls are fully implemented and tested, we will publish more specific retention periods by data category.
When customer content is deleted, we delete it from active production systems within the applicable plan or order window unless a longer period is required by law, security, fraud prevention, dispute resolution, or legal hold. Backup copies are overwritten on the normal backup cycle and are isolated from ordinary production use before they expire.
Embeddings, derived search artifacts, candidate dossiers, and report materials tied to customer content are deleted or de-identified on substantially the same schedule as the customer content from which they were derived, except for limited billing, audit, security, and legal records. Run ledgers may retain redacted or minimal metadata needed for quote-first spend controls, reproducibility, abuse prevention, billing, and audit.
Billing, tax, security, privacy-request, and legal records may be retained longer where required or appropriate. Public demo data may be reset or regenerated. Aggregated or de-identified data may be retained without identifying you.
9. Your choices and rights
Depending on your location and relationship with us, you may have rights to access, correct, delete, export, restrict, or object to certain personal information. You may also have the right to opt out of certain sharing or marketing communications.
You can open Privacy choices from the site footer to turn optional browser analytics on or off for your browser.
Enterprise users should usually route workspace-content requests through their organization administrator because the customer may control that content. Self-serve users may contact us directly.
Self-serve subscription users can cancel online from Billing Settings. Cancellation stops future renewal charges; it does not delete records we must keep for billing, security, legal, audit, dispute, or compliance reasons.
We may need to verify your identity and authority before acting on a request. Some information may be retained where necessary for billing, security, legal, audit, dispute, or compliance reasons.
10. California, GDPR, and international use
California residents may request access, deletion, correction, portability, and information about categories of personal information collected, sources, purposes, disclosures, and retention. We do not knowingly sell personal information as "sale" is commonly understood, and we do not intentionally share customer content for cross-context behavioral advertising.
If GDPR, UK GDPR, or similar law applies, our legal bases may include contract performance, legitimate interests, consent, compliance with legal obligations, and, for customer-controlled workspace content, processing under customer instructions.
Information may be processed in the United States and other countries where we or our service providers operate. Enterprise data transfer terms may be addressed in a DPA or signed agreement.
11. Children and regulated data
The service is intended for professional users and is not directed to children. Do not submit children's data unless expressly authorized in a signed agreement.
Do not submit payment card data, Social Security numbers, health data, export-controlled data, protective-order materials, or other regulated data unless your signed agreement specifically permits that data type and the workspace is approved for it.
12. Changes and contact
We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and may provide additional notice for material changes.
Questions, security concerns, or privacy requests may be sent to legal@fattailed.ai or Fat Tailed Solutions LLC, 207 South McDowell Blvd., #1040, Petaluma, CA 94954. Include enough detail for us to identify the relevant account, organization, workspace, or request.