Back to homeLegal

Privacy and Cookies Policy

PatentDrawingAI - Last Updated February 26, 2026

Welcome to PatentDrawingAI. We provide an AI-assisted tool to help attorneys, agents, inventors, and teams create patent drawings. This Privacy and Cookies Policy explains how we collect, use, and protect personal data when you use our website, platform, and guest preview features.

This policy applies to all users, including unauthenticated guests. By accessing or using the Services, you agree to this policy.

1. Who Processes Your Personal Data

1.1 Controller

Your personal data is processed by TMHQ, LLC, doing business as PatentDrawingAI ("Controller," "we," "us," or "our").

1.2 Contact

Questions about privacy can be sent to support@patentdrawingai.com.

2. What Personal Data Is Processed

2.1 Personal Data

We may collect name, email address, account credentials, billing information, and other information you provide when creating an account, purchasing, or contacting support.

2.2 Uploaded Content (Inputs)

You may upload images, prompts, edit instructions, and related information. We process these Inputs through LLM Providers to deliver the Services. We do not use Inputs to train AI models.

2.3 Generated Content (Outputs)

We store generated drawings, SVGs, and related outputs so you can access, download, and manage them.

2.4 Guest Session Data

In guest preview mode, we collect a guest session identifier and hashed IP identifier for abuse prevention, rate limits, and guest-to-account claim workflows.

2.5 Abuse Prevention Data

We may record allow/deny events, reasons, and associated hashed identifiers. This does not include plain-text IP addresses.

2.6 Payment Data

Payment processing is handled by Stripe. We do not store full card numbers.

2.7 Technical Information

We and service providers may collect technical logs such as browser/device details, page interactions, timestamps, and IP address.

2.8 Cookies

Cookies are small data files placed on your device. We use:

  • Functional cookies for core features and sessions.
  • Security cookies for fraud and abuse prevention.
  • Analytics cookies (with consent where required).
  • Marketing cookies (with consent where required).

Cookie providers include Stripe, security/fraud systems, and analytics providers (PostHog, Plausible).

3. Purposes and Legal Basis for Processing

3.1 Provide the Services

We process data to create/administer accounts, provide features, process billing, communicate updates, and provide support. GDPR legal basis: contract performance (Art. 6(1)(b)).

3.2 AI Processing

Inputs are transmitted to LLM Providers solely to generate Outputs. GDPR legal basis: contract performance for registered users and legitimate interests for guests.

3.3 Abuse Prevention and Security

We process hashed identifiers and technical data to prevent abuse and maintain service integrity. GDPR legal basis: legitimate interests (Art. 6(1)(f)).

3.4 Marketing

We may send marketing where permitted by law or consent.

3.5 Improve and Secure Services

We use technical data to improve reliability, performance, and abuse detection.

4. Recipients of Personal Data

4.1 Internal Access

Authorized personnel may access personal data as needed for operations, support, and security.

4.2 External Recipients

We disclose data to subprocessors where needed to provide and secure the Services, including:

  • Cloud hosting/infrastructure (Cloudflare / Raydian.dev)
  • Payment processing (Stripe)
  • AI model providers (for output generation only)
  • Workflow automation services
  • Analytics providers
  • Email delivery providers

We may also disclose data when required by law or to protect rights, property, or safety.

5. International Transfers

We may transfer data outside the EU/EEA where service providers operate internationally. Where required, we use appropriate safeguards such as Standard Contractual Clauses.

6. Storage Period

  • Account data: while account is active plus 30 days.
  • Billing records: up to 7 years.
  • Uploaded/generated files: while active, then deletion window.
  • Guest session data and guest files: up to 30 days.
  • Abuse logs: up to 12 months.
  • Technical logs: up to 90 days.

7. Your Rights

Depending on your jurisdiction, you may have rights of access, correction, deletion, restriction, and consent withdrawal.

To exercise rights, contact support@patentdrawingai.com. We may request identity verification and respond within applicable legal timelines.

8. Security

We use reasonable security controls including access controls, encryption in transit, and signed URL protections to reduce unauthorized access risks.

9. AI-Specific Disclosures

Inputs are processed by third-party LLM Providers solely to generate Outputs. We do not use your data to train AI models.

10. California Notice (CCPA/CPRA)

California residents have rights under CCPA/CPRA, including access, deletion, correction, non-discrimination, and authorized agent rights.

We do not sell personal information and do not share personal information for cross-context behavioral advertising.

11. Do Not Track

Our Services do not currently respond to browser "Do Not Track" signals.

12. Third-Party Links

The Services may contain links to third-party websites. We are not responsible for third-party content or privacy practices.

13. Contact

Questions about this policy can be sent to support@patentdrawingai.com.

Stripe privacy policy: https://stripe.com/privacy

Terms of ServiceBack to PatentDrawingAI