Privacy is non-negotiable when it comes to patent data. Your inventions represent months or years of research, and before they’re published, they are trade secrets. We understand the weight of that responsibility.
At PatentAssist.ai, we don’t just comply with privacy regulations — we engineer privacy into the foundation of our platform. This post lays out exactly how we protect your data, both by law and by design. If you disagree with anything here or have questions, reach out to us — we welcome the conversation.
Privacy by Law
Compliance isn’t a checkbox for us. It’s the baseline.
- Data Residency in India. All PatentAssist.ai databases are hosted on Microsoft Azure’s India data centers (Central India and South India regions). Your data never leaves Indian soil.
- DPDP Act Compliance. We comply with India’s Digital Personal Data Protection Act, 2023 — the country’s principal data protection legislation governing the collection, storage, and processing of personal data.
- IT Act, 2000 & SPDI Rules. We adhere to the Information Technology Act, 2000 and the Sensitive Personal Data or Information (SPDI) Rules, 2011, which govern how sensitive personal information must be collected, stored, and transferred.
- ISO/IEC 27001 Aligned Practices. Our security practices are aligned with ISO/IEC 27001 standards for information security management — covering risk assessment, access controls, incident response, and continuous monitoring.
- No Data Selling. Ever. We do not sell, share, or monetize your data in any form. You pay for the service. That’s our business model.
- Azure Compliance Certifications. Our infrastructure provider (Microsoft Azure) holds SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27018, and HIPAA certifications. We inherit these infrastructure-level protections.
Privacy by Design
Laws set the floor. Engineering sets the standard.
Encryption at Rest
All databases are encrypted using AES 256-bit encryption. This is handled at the infrastructure level by Azure Database for PostgreSQL — it’s always on and cannot be disabled. Every byte of your patent data, including backups and temporary files, is encrypted on disk.
Encryption in Transit
Every connection to PatentAssist.ai is encrypted via TLS 1.2+ over HTTPS. Data moving between your browser, our servers, and our database is never transmitted in plaintext. API calls to our AI processing backend are also encrypted end-to-end.
Access Controls
- Role-based access. Our application enforces strict role-based authorization — free users, pro users, and admins each have different access levels, enforced at the API layer via middleware.
- Session-based authentication. We use session-based auth with secure, HTTP-only cookies. No long-lived tokens stored in localStorage.
- No shared accounts. Each user has an isolated account with their own data scope. Patent agents cannot see each other’s invention disclosures.
Data Isolation
- Each patent application’s data (invention disclosures, generated drafts, claims, figures) is scoped to the authenticated user who created it.
- We do not pool user data into shared datasets.
- AI generation requests are processed in isolation — your invention disclosure is never mixed with another user’s data.
AI and Your Data
This is the question we get most often, so let’s be direct:
- We do not train AI models on your data. Your invention disclosures, patent drafts, and claims are never used to train or fine-tune any AI model.
- We use Azure OpenAI Service. Our AI processing runs on Azure OpenAI, which provides a contractual guarantee that your data is not used to train OpenAI’s models. This is a documented commitment from Microsoft.
- We cannot see your data. Our team does not have access to your patent content during normal operations. Access to production databases requires explicit, logged authorization and is used only for critical debugging.
Infrastructure Security
- Azure India Data Centers. Our PostgreSQL databases, blob storage, and compute run in Azure’s Central India region.
- Automated Backups. Azure automatically backs up our databases with point-in-time restore capability. Backups are also encrypted with AES-256.
- Blob Storage Encryption. All files you upload (PDFs, DOCX, images) are stored in Azure Blob Storage, which encrypts data at rest using AES-256 with Microsoft-managed keys.
- Monitoring and Alerting. We use Sentry for real-time error tracking and application monitoring across all services.
What We Don’t Do
Sometimes what you don’t do matters more than what you do.
- We don’t read your emails. PatentAssist.ai sends transactional emails (verification, notifications). We don’t scan or analyze your email content.
- We don’t track you across the web. We don’t use third-party tracking pixels or sell browsing data to advertisers.
- We don’t store payment card details. All payment processing is handled by our payment provider (Dodo Payments). We never see or store your card number.
- We don’t retain data after deletion. When you delete a patent application, we remove it from our database and queue the associated files in blob storage for permanent deletion.
Our Commitment
Patent data is uniquely sensitive. Before publication, an invention disclosure is a trade secret. A leaked draft could destroy novelty. We don’t take that lightly.
We chose Azure India not just for latency — but because Indian patent professionals deserve infrastructure that respects data sovereignty. We chose session-based auth over JWTs because security isn’t a place to cut corners. We chose Azure OpenAI over direct API calls because the contractual data protection guarantees matter.
If you have questions about how we handle your data, or if you’d like to see our security practices in more detail, write to us at support@patentassist.ai. We’re happy to be transparent — it’s how we’re built.
Raj Sutariya is the Founder of PatentAssist.ai. He believes that privacy and innovation aren’t at odds — they’re prerequisites for each other.