Privacy policy.

§At a glance

• We only ask for what we need: demo requests, account info, and basic server logs.
• Patent data in the graph is public record — nothing about you is in it.
• Your agent queries are encrypted in transit and are not used to train models.
• You can ask for access, correction, or deletion of your data at any time.

§Who is responsible

Joint controllers

IPable, operated by its co-founders [Mouad Abid] and [Yacoub Cherouali] as a GbR under German law (Art. 26 GDPR).

Legal form

Pre-incorporation; in formation as a German UG / GmbH.

Postal address

c/o Campus Founders gGmbH, Bildungscampus 11, 74076 Heilbronn, Germany.

Privacy contact

privacy@ipable.ai

DPO

Not designated — not required at current scale (Art. 37 GDPR).

Supervisory authority

Landesbeauftragter für den Datenschutz Baden-Württemberg (lfd.bw).

§What we collect

Demo request form. When you book a demo we collect your name, work email, and whatever you voluntarily provide (company, role, team size, use case, preferred time, free-form notes). The submission goes directly from your browser to our CRM (HubSpot), which also records the page URL and a timestamp for context.

Account & API usage. If you sign up for the platform or issue an API key, we store the account email, the hashed credentials, and metadata about API calls (endpoint, status code, latency, approximate location derived from IP). We do not store the content of your queries beyond short-lived troubleshooting logs unless you explicitly opt in.

Site traffic. Basic server logs (IP address, user agent, request path, referrer) are written by our hosting provider and rotated on a rolling [30]-day window.

Analytics (consent-gated). If you accept the cookie banner, we load HubSpot's page-tracking script, which records page views, referrer, approximate device info, and — if you later submit the demo form — stitches those visits onto your contact record. If you decline or send a GPC signal, the script never loads.

Cookies. See the Cookie policy for the full list and your controls.

§Why we collect it

Under GDPR Article 6, each purpose is tied to a specific legal basis:

• Respond to your demo request — Art. 6(1)(b), taking pre-contractual steps at your request.
• Provide the platform and MCP server — Art. 6(1)(b), performance of our contract with you.
• Keep the service secure and debug incidents — Art. 6(1)(f), legitimate interest in operating a reliable service.
• Send service updates you've asked for — Art. 6(1)(a), your consent (withdrawable at any time).
• Measure how people use the site — Art. 6(1)(a), your consent via the cookie banner (withdrawable any time from the footer).
• Comply with legal obligations — Art. 6(1)(c), e.g. tax or accounting records.

§Who processes it

We share personal data only with service providers who help us run the product. Each one is bound by a data processing agreement:

HubSpot, Inc. — CRM

Demo-request form ingestion. Data is sent directly from your browser to HubSpot when you submit the booking form. Servers in the EU (region eu1).

HubSpot, Inc. — analytics

Page-view tracking, loaded only after you accept the cookie banner. Sets the hubspotutk/__hstc/__hssc/__hssrc cookies on ipable.ai. Opt out any time via the footer.

Google LLC

Google Fonts CDN (font file delivery only — no IPable data is sent).

[Hosting provider]

Static web hosting for ipable.ai.

[Email provider]

Transactional & outbound email.

[Observability]

Error reporting and uptime monitoring.

We do not sell personal data, we do not share it with advertisers, and we do not use it to train machine-learning models.

§International transfers

Some of our processors are established in the United States. Where personal data leaves the EU/EEA or the UK, we rely on the European Commission's Standard Contractual Clauses (2021/914/EU) and, where applicable, the EU–US Data Privacy Framework. A copy of the safeguards is available on request.

§Retention

• Demo request entries — kept for [24 months] and then deleted, unless you become a customer.
• Account records — for the life of the account plus [12 months] after deletion, then purged.
• Server logs — rolling [30 days].
• Invoices & tax records — the statutory minimum required in our jurisdiction (typically 7–10 years).

§Your rights

Regardless of where you live, you can email privacy@ipable.ai to:

• Access the personal data we hold about you.
• Ask us to correct information that is wrong.
• Ask us to delete your data (subject to legal retention obligations).
• Ask us to restrict or object to specific processing.
• Receive a portable copy of the data you gave us.
• Withdraw consent, where processing is based on consent.

If you are in the EU/EEA or UK and think we have mishandled your data, you have the right to lodge a complaint with your national data protection authority.

§Security

We encrypt data in transit with TLS 1.2+, restrict access on a least-privilege basis, rotate credentials, and run periodic backups. We are working toward ISO/IEC 27001 certification — ask for our current security posture if you need it for a vendor review.

§Children

IPable is a B2B service. We do not knowingly collect personal data from anyone under 16. If you believe a minor has submitted data, write to us and we will delete it.

§Changes

When we make material changes, we update the "Updated" date at the top of this page and, where required, notify you by email. Non-material edits (typos, structural cleanups) are made silently.

§Contact

For any privacy question, write to privacy@ipable.ai or send postal mail to the address under "Who is responsible".