<!-- ref: /tmp/iusora-seam-map.md §3 Phase 2 step 2.2 (FN8-402 Legal Pack at launch) + step 2.3 (FN8-416 EU Data Residency declaration). Anchor for required-sections expansion per dispatch §3. -->
Iusora Privacy Policy
Status: Pre-launch draft. Last updated 2026-05-29.
Controller: Floor No. 8 SRL (Romania), București, EU. Contact: privacy@iusora.com
1. Plain-language summary
We collect: your email (for sign-in), your case queries (patent IDs + descriptions), and findings you generate. We use Magic.link for authentication (no passwords stored). We never sell your data. EU customers' data is processed under EU SCCs Module 2 where subprocessors are outside the EEA. You can export everything and delete your account anytime.
2. What data we collect
- Account data: email address (sole identifier), display name (optional), firm (optional).
- Case data: patent identifiers (US/EP/JP/CN/WO numbers), claim text, descriptions you write, prior art references retrieved.
- Findings: AI-generated source-traced reports you produce.
- Operational data: anonymous request logs (timestamps, latency, error codes), aggregated quorum statistics.
- Billing data (Phase 2, once Stripe ships): Stripe customer identifier, plan tier, last 4 digits of payment instrument (we never see full card numbers — Stripe holds them).
<!-- ref: dispatch §3 required Magic Embedded section -->
3. Magic Embedded email handling
Iusora uses Magic.link's Embedded (passwordless) flow for authentication. The Magic JavaScript SDK sends your email to Magic's authentication service, which issues a Decentralized ID (DID) token that we validate server-side. We store: your email (lowercased) and the Magic issuer DID as your stable user identifier. Magic retains the email under its own [Privacy Policy](https://magic.link/legal/privacy-policy). Token expiry: 7 days (rotating session cookie HMAC-signed with SESSION_SECRET).
Retention of authentication data: as long as your account exists + 30 days post-deletion.
4. What we don't collect
- We don't store passwords (Magic.link handles authentication via cryptographic tokens).
- We don't fingerprint your browser beyond standard session cookies.
- We don't use third-party analytics that track across sites.
- We don't share your case queries or findings with any party outside the subprocessors listed in §6.
5. Legal basis
- Performance of contract (GDPR Art. 6(1)(b)): account data + case data necessary to provide the service.
- Legitimate interest (GDPR Art. 6(1)(f)): anonymous operational logs for service reliability + security.
- Consent (GDPR Art. 6(1)(a)): only for optional marketing communications (default off).
- Legal obligation (GDPR Art. 6(1)(c)): billing records retained per Romanian tax law (10 years).
6. Subprocessors
See [/subprocessors](/subprocessors) for the verbatim list of every third-party processor with data category, residency, and legal basis. The same list is also rendered in our Trust dashboard at [/app/trust](/app/trust). Updated whenever a subprocessor is added or removed.
<!-- ref: dispatch §3 required Neon EU-resident database section -->
7. Database hosting — Neon EU (Frankfurt)
Your account, case, and finding records are stored in a Neon Postgres database hosted in Frankfurt (eu-central-1 region). Neon is our Tier-A subprocessor for primary data storage. Connection encryption: TLS 1.3. Backups: Neon's branch-snapshot history (retention per Neon's defaults) plus our weekly logical exports retained 30 days in EU object storage.
Neon's role under GDPR: Article 28 processor. Standard contractual clauses: incorporated through Neon's [DPA](https://neon.tech/dpa).
<!-- ref: dispatch §3 required patent claim data section -->
8. Patent claim data submitted by you
When you submit a patent identifier, claim text, or description through Iusora, we:
- send the text to our backend API (encrypted in transit, TLS 1.3);
- run it through the multi-vendor LLM quorum (see §9);
- retrieve prior art references from EXA + external patent registries;
- persist the input + outputs in your case record (Neon Frankfurt).
You retain ownership of your claim text. We do not use your submissions to train any model. The text is processed under EU SCCs Module 2 when any LLM provider operates outside the EEA (Anthropic in the US; see §9).
<!-- ref: dispatch §3 required LLM processing section + EU AI Act classification -->
9. LLM processing (Anthropic / Vertex AI / OpenRouter)
[LAWYER_REVIEW_REQUIRED — EU AI Act Article 50 transparency language + cross-border transfer disclosures must be vetted by counsel before public launch.]
We invoke foundation-model providers via API for claim decomposition, prior-art reasoning, and report drafting. Today:
- Anthropic (Claude family, US region) — primary reasoning vendor for inventive-step + clarity analyses. Cross-border transfer governed by EU SCCs Module 2.
- Google Vertex AI (Gemini Pro, europe-west1) — co-vendor in the multi-vendor quorum; data stays EU-resident.
- OpenRouter (fallback) — rarely used; vendor-agnostic gateway.
Iusora is classified as a limited-risk AI system under EU AI Act Article 6(3) — see [/legal/eu-ai-act](/legal/eu-ai-act).
<!-- ref: GDPR Regulation 2016/679 Articles 15–21 verbatim rights enumeration -->
10. User rights under GDPR
You can: access your data (Art. 15), rectify it (Art. 16), erase it (Art. 17), restrict processing (Art. 18), port it (Art. 20), object (Art. 21), and withdraw consent at any time. Email privacy@iusora.com to exercise any right. We respond within 30 days.
<!-- ref: dispatch §3 required data retention + deletion timeline -->
11. Data retention + deletion timeline
- Account data: retained while account is active + 30 days after deletion (for billing/audit).
- Case data: retained per your plan (Self-Serve = 1 month rolling; Team+ = unlimited until account deletion).
- Findings: same as case data.
- Operational logs: 90 days.
- Billing records (post-Stripe): 10 years (Romanian tax law) — minimised to invoice metadata + Stripe customer ID only.
You may request immediate deletion of case data + findings at any time via privacy@iusora.com without deleting your account.
12. International transfers
Where data is transferred outside the EEA (e.g. to Anthropic in the US), we rely on EU Standard Contractual Clauses Module 2 (2021/914/EU). See [/subprocessors](/subprocessors) for per-vendor details + transfer mechanisms.
13. EU AI Act compliance
See [/legal/eu-ai-act](/legal/eu-ai-act) for our position on AI Act Article 50 (transparency) and the limited-risk classification of Iusora under Article 6(3).
14. Contact + DPO
Privacy questions: privacy@iusora.com EU representative: Floor No. 8 SRL, București, Sector 1 Romanian DPA (ANSPDCP): https://www.dataprotection.ro
---
Phase 2 commitment: full Privacy Policy with cookie inventory, retention matrix per data category, and ANSPDCP filing details will replace this draft before paid plans go live. Stripe billing data clauses activate when Stripe integration ships (deferred phase per 2026-05-29 directive).