scenic-srs is engineered with privacy and regulatory compliance at its foundation. Our platform adheres to COPPA, GDPR, CCPA, and USPTO standards — ensuring your inventions and personal data are handled with the highest levels of legal accountability and transparency.
AI-powered patent assistance built with privacy and regulatory standards at its core — so inventors of all ages can create, collaborate, and file with confidence.
scenic-srs operates under a comprehensive compliance framework covering data privacy, infrastructure security, and multi-jurisdiction legal standards — so you can focus on inventing with confidence.
Data Privacy & Protection
We handle your invention data, patent drafts, and personal information with rigorous privacy controls aligned to GDPR, CCPA, and PIPEDA. Your intellectual property remains yours — always.
End-to-end encryption for all patent documents and drafts
GDPR-compliant data subject rights (access, erasure, portability)
CCPA opt-out controls for California residents
Zero third-party sale of personal or invention data
Configurable data retention and automatic purge policies
Built on locally hosted GPU infrastructure with layered defences. Every API call, session, and filing is authenticated, rate-limited, and logged — so your work stays protected from ideation to USPTO submission.
AES-256 encryption at rest; TLS 1.3 in transit
Role-Based Access Control (RBAC) with JWT session management
Redis-backed rate limiting against brute-force attacks
Automated audit logging for all sensitive operations
SOC 2-aligned infrastructure controls on Cloud Wash GPU nodes
scenic-srs navigates multi-jurisdiction patent regulations including USPTO, CIPO, and WIPO standards. All AI-generated documents carry required disclaimers, and our platform enforces COPPA for youth inventors.
Important Disclaimer: scenic-srs is not a licensed patent attorney and all AI-generated documents carry a mandatory disclaimer recommending professional legal review before filing. Our platform is designed to assist and guide — not to replace qualified legal counsel.
Data Protection
Your Data Is Protected By Design
scenic-srs implements enterprise-grade data protection practices across all tiers. We comply with GDPR, CCPA, and COPPA — not as a checkbox exercise, but as a core architectural commitment.
GDPR Compliant
CCPA Ready
COPPA Compliant
SOC 2 Aligned
Encryption Standard
AES-256 at Rest & TLS 1.3 in Transit
All data stored on scenic-srs infrastructure is encrypted using AES-256. Every byte travelling between your browser and our servers is protected by TLS 1.3 — the strongest commercially available transport encryption.
Encryption is applied at every layer — not just the database. Patent drafts, prior-art search queries, AI conversations, and billing tokens are all encrypted independently, ensuring that even internal compromise of one layer cannot expose another.
Zero-knowledge LLM processing: When your query is sent to our AI layer, no third-party model provider (Grok, Claude API) retains your data after the inference window closes. We contractually enforce this.
AES-256 encryption at rest for all stored user data and documents
TLS 1.3 in transit — all API traffic is encrypted end-to-end
Encryption keys rotated every 90 days via automated key management
Database-level column encryption for PII fields (email, name, payment tokens)
Zero-knowledge architecture: Anthropic and third-party LLMs do not retain query data
Data Isolation
Per-User & Per-Team Logical Tenancy
Every user's data exists in an isolated namespace. Team workspaces operate as separate logical tenants — no cross-contamination of patent documents, drafts, or collaboration history is possible by design.
RBAC EnforcedScoped TokensNamespace Isolation
Strict Multi-Tenant Separation
Patent filings, documents, and AI conversations are owned by individual users and never shared across accounts without explicit consent. Team collaboration features use scoped access tokens reviewed at the API gateway — not just the application layer.
Architectural enforcement: Data isolation is guaranteed at the database query level using row-level security policies, not just application-layer filters that can be bypassed.
Per-user data namespacing — cross-user data access is architecturally prevented
Team workspaces operate as isolated logical tenants with scoped access tokens
Role-Based Access Control (RBAC) enforced at the API gateway layer
Patent documents visible only to the owning user and explicitly invited collaborators
Retention Policy
Defined Retention for Every Data Category
We only keep data as long as legally required or operationally necessary. Retention periods are clearly defined per category and automatically enforced by scheduled purge jobs.
Data Category
Retention
Active Account Data
Duration of account
Patent Draft Documents
7 years
Billing & Payment Records
7 years
Audit & Activity Logs
2 years
Session & Analytics Data
90 days
Automatic Purging — No Indefinite Storage
scenic-srs does not store data indefinitely. When you close your account, a 30-day deletion window begins after which all personal data, documents, and AI history are permanently purged from production databases and backups.
Regulatory compliance: Patent-related documents are retained for 7 years in accordance with USPTO and CIPO filing record requirements. This period cannot be shortened even on account closure.
General Data Protection Regulation (EU)
scenic-srs complies with GDPR for all EU/EEA users: lawful basis for processing, data minimisation, privacy-by-design architecture, and a dedicated Data Protection Officer contact.
California Consumer Privacy Act (US)
California residents may opt out of data sale (we do not sell data), request disclosure of categories collected, and exercise deletion rights via the Settings page.
Children's Online Privacy Protection Act
Users under 13 require verifiable parental consent. scenic-srs restricts data collection for minors and does not use their data for advertising or profiling.
User Rights
Your Rights Under GDPR & CCPA
You have meaningful control over your data. All rights requests are processed within 30 days and can be submitted directly from your Settings page — no legal team intermediary required.
30-day Response SLASelf-Service via Settings
Transparent, Self-Service Data Rights
We believe data rights should be exercisable without friction. Every right listed below is accessible directly from your account settings — no forms, no waiting for a support ticket queue.
No dark patterns: Deleting your account is as simple as registering. We do not introduce cooling-off delays, retention offers, or opt-out friction designed to discourage deletion.
Right of Access
Request a complete export of all personal data scenic-srs holds about you at any time.
Right to Erasure
Request permanent deletion of your account and associated data within 30 days.
Data Portability
Receive your data in machine-readable JSON or CSV format for transfer to other services.
Right to Rectification
Correct or update inaccurate personal information held in your profile at any time.
scenic-srs is built on a security-first architecture. From end-to-end encryption to zero-plain-text credential management, every layer of our platform is designed to protect your intellectual property and personal data.
Critical
TLS 1.3 Transit Encryption
All data transmitted between clients and our servers is encrypted using TLS 1.3, the most current and secure transport layer protocol. Older protocol versions (TLS 1.0, 1.1) are explicitly disabled.
TLS 1.3HSTSPerfect Forward Secrecy
Critical
AES-256 Encryption at Rest
All stored data — including patent drafts, user credentials, and filing records — is encrypted at rest using AES-256. Database volumes and object storage buckets are encrypted by default.
AES-256Encrypted VolumesS3-Compatible
Active
Multi-Factor Authentication
MFA is available for all user accounts and mandatory for administrator access. Supported methods include TOTP authenticator apps and hardware security keys (WebAuthn/FIDO2).
TOTPWebAuthnFIDO2
Critical
USPTO Credential Vault
USPTO filing credentials are stored in a dedicated secrets vault using envelope encryption. Plain-text storage of credentials is strictly prohibited; all secrets are stored encrypted and accessed via short-lived tokens.
Secrets VaultZero Plain-TextToken Rotation
Active
Automatic Failover
Our infrastructure uses active-passive failover with health checks on all critical services. Automatic promotion of standby nodes ensures minimal downtime during hardware or network failures.
Active-PassiveHealth ChecksAuto-Promote
Standard
RBAC & Least Privilege
Role-Based Access Control enforces least-privilege principles across all internal services and user roles. Permissions are granted on a need-to-know basis and reviewed quarterly.
RBACLeast PrivilegeQuarterly Review
Multi-Factor Authentication
How MFA protects your account
Enable MFA from your Account Security settings
Scan the QR code with any TOTP app (Google Authenticator, Authy, 1Password)
Enter the 6-digit verification code to confirm enrollment
Store your backup recovery codes in a secure location
Admin accounts require MFA — no exceptions at the platform level
USPTO Credential Vault
Zero plain-text credential policy
USPTO OAuth credentials encrypted with AES-256 and stored in the secrets vault
Access tokens are short-lived (15 min) and rotated automatically
No credential is ever written to application logs or error traces
Vault access is gated by service identity and network policy
Secret rotation events are recorded in the immutable audit log
Uptime & Reliability Commitment
99.9%
Guaranteed SLA
99.9%
Guaranteed Uptime SLA
< 200ms
API P95 Response Time
< 5 min
Failover RTO
0 RPO
Data Loss Objective
Security Enhancement Roadmap
Q1 2026Completed
TLS 1.3 Migration & Legacy Protocol Deprecation
Disabled TLS 1.0/1.1 across all endpoints. Enforced HSTS with 1-year max-age and preload submission.
Migrated all USPTO filing credentials from environment variables to encrypted vault with automatic token rotation.
Q2 2026In Progress
WebAuthn / FIDO2 Hardware Key Support
Expanding MFA to support physical security keys (YubiKey, Windows Hello) alongside existing TOTP methods.
Q3 2026Planned
SOC 2 Type II Audit Initiation
Engaging third-party auditor to begin 6-month observation period for SOC 2 Type II certification covering Security and Availability trust criteria.
Q4 2026Planned
Penetration Testing & Bug Bounty Program Launch
Annual external penetration test by independent security firm plus public bug bounty program for responsible disclosure.
Legal Disclaimers
Limitations & Legal Notices
Please read the following disclaimers carefully. They define the scope of scenic-srs services, your responsibilities as a user, and the limitations of our liability with respect to AI-generated content and automated patent filing.
Not Legal Advice. scenic-srs is a technology tool, not a law firm. No content generated by this platform constitutes legal advice. Always consult a registered patent attorney before filing any patent application.
scenic-srs uses large language models (LLMs), including locally hosted open-source models and third-party APIs (Grok, Claude), to generate patent-related documents, claim analyses, and legal summaries. All AI-generated content is provided for informational and drafting assistance purposes only.
The quality and accuracy of generated documents are bounded by the capabilities of the underlying models and the fine-tuning data used. AI outputs may contain errors, omissions, or legally inaccurate statements. scenic-srs continuously evaluates and updates its models but cannot guarantee the completeness or legal sufficiency of any generated content.
Important: Every AI-generated patent document carries an embedded disclaimer recommending professional legal review before submission to any patent office. This is a non-negotiable system constraint (C-1) built into our platform.
scenic-srs is an AI-powered drafting and filing assistance tool. It is not a law firm and does not provide legal advice. The conversational AI mentor is not a licensed patent attorney, patent agent, or legal professional.
Patent law is complex and jurisdiction-specific. Requirements differ significantly across USPTO, CIPO, EPO, WIPO, and other patent offices.
Prior-art searches conducted via Bing Search API and USPTO databases are not exhaustive and do not constitute a professional patentability opinion.
Claim drafting assistance does not guarantee patent allowance, enforceability, or freedom-to-operate clearance.
Trademark assistance provided by scenic-srs is informational only and does not constitute trademark legal advice.
Users are strongly encouraged to consult a registered patent attorney or agent — particularly before filing any patent application with a patent office — to ensure compliance with applicable legal standards.
To the maximum extent permitted by applicable law, scenic-srs, its parent company Cloud Wash Laundry, the ALGO development team, and their respective officers, directors, employees, and agents shall not be liable for any direct, indirect, incidental, consequential, special, or exemplary damages arising from:
Reliance on AI-generated patent documents, claims, or legal summaries without independent professional review.
Rejection, invalidation, or unenforceability of any patent application prepared using scenic-srs.
Errors, delays, or failures in automated USPTO or CIPO electronic filing resulting from changes to external filing interfaces.
Inaccuracies in prior-art search results obtained via Bing Search API or USPTO patent databases.
Loss of data, missed deadlines, or filing errors caused by system outages, infrastructure failures, or third-party API disruptions.
Aggregate Liability Cap: In no event shall our total aggregate liability to any user exceed the amount paid by that user to scenic-srs in the twelve (12) months immediately preceding the claim.
By using scenic-srs automated USPTO or CIPO filing features, you acknowledge and accept full responsibility for:
Reviewing all patent documents, claims, and application data before authorising submission to any patent office.
Ensuring the accuracy and completeness of inventor information, assignment records, and priority claims.
Paying all applicable official filing fees, maintenance fees, and response fees directly to the relevant patent office.
Monitoring application status and responding to office actions within statutory deadlines.
Complying with inventor duty of disclosure obligations (e.g., USPTO Rule 56) regarding prior art known to the inventors.
scenic-srs provides filing automation as a convenience service. You remain the responsible party for all communications with patent offices and for the legal adequacy of your application.
scenic-srs integrates with several third-party services to deliver its features. The availability, accuracy, and continuity of these integrations are subject to conditions outside our control:
USPTO electronic filing interfaces (EFS-Web / Patent Center): Automated filing depends on the continued stability of USPTO systems. Changes to USPTO APIs may require adaptation and could temporarily interrupt filing capabilities.
Bing Search API: Prior-art search results depend on Bing's index, ranking, and API availability. Results are supplementary and not exhaustive.
Grok API (xAI): Used in the Pro tier multi-model verification debate. Availability and pricing are controlled by xAI and subject to change.
Claude API (Anthropic): Used in the Pro tier multi-model verification debate. Availability, rate limits, and pricing are controlled by Anthropic.
Payment Gateways: Subscription billing is processed via third-party payment providers. scenic-srs does not store raw payment card data.
scenic-srs disclaims all liability for service interruptions, data inaccuracies, or feature changes caused by third-party providers. We will endeavour to communicate material changes to third-party integrations with reasonable advance notice.
No Prior-Art Search Guarantee: No automated prior-art tool — including scenic-srs — is a substitute for a professional patentability opinion conducted by a qualified patent attorney (Constraint C-5).
COPPA Compliance
Protecting Young Inventors: COPPA & Youth Privacy
scenic-srs is designed to support inventors of all ages, including those under 13. We are fully committed to the Children's Online Privacy Protection Act (COPPA) and maintain robust safeguards to protect the personal data, activity, and financial information of young users. Parental or guardian involvement is mandatory before any minor account becomes active.
Age-Gating Enforced at Registration
Any user who enters a date of birth indicating they are under 13 years of age is immediately redirected to the youth consent flow. No data beyond age bracket is retained until parental approval is granted.
U13
Parental Consent Flow
01
Age Verification at Registration
Users entering a date of birth under 13 are automatically routed through the youth registration flow before any account is created.
02
Parental Consent Email
A verifiable parental consent (VPC) email is dispatched to the parent or guardian's address with a secure, time-limited approval link.
03
Guardian Approval Gateway
The child's account remains inactive until the parent clicks the approval link and completes identity confirmation via our secure portal.
04
Linked Parent Dashboard
Upon approval, a parent dashboard is created and linked. Parents can review activity, modify permissions, and revoke access at any time.
05
Annual Re-Consent Review
Parents receive an annual re-consent notification. Failure to re-confirm within 30 days results in automatic account suspension.
06
Instant Revocation
Parents can submit a deletion request at any time. All personal data for the child's account is purged within 72 hours of request.
Youth Account Protections
Activity Visibility
Parents access a complete, real-time log of all chatbot interactions, patent drafts, searches, and filings initiated by their child's account.
Spending Approval Workflow
No subscription upgrades or in-app purchases can be completed without explicit parent approval via a push notification or email confirmation code.
Content Filtering
Youth accounts operate under an enforced safe-content layer. Prompts and responses are filtered to exclude adult legal nuance, sensitive IP litigation details, and unrestricted external links.
Restricted Data Collection
For users under 13, scenic-srs collects only the minimum data necessary to operate the service. No behavioural advertising profiles are built. No data is sold or shared with third-party marketers.
Parental Account Access
Parents can log in as a secondary user on their child's account to review, edit, or permanently delete any content, draft, or personal information stored by scenic-srs.
Youth-Safe Communication
Any outbound emails or notifications sent to a child user are co-addressed to the registered parent. Direct marketing to minors is strictly prohibited under our internal policy and COPPA mandates.
Data Handling for Users Under 13
Data Type
Collected
Retained
Shared
Notes
Display Name (child-chosen alias)
Yes
Yes
No
Used for AI mentor personalisation only
Parent/Guardian Email
Yes
Yes
No
Required for consent verification and alerts
Date of Birth
Yes
Conditional
No
Stored as age bracket only after verification
Patent Drafts & Searches
Yes
Yes
No
Accessible by parent; deleted on request
Behavioural / Ad Profiles
No
No
No
Strictly prohibited for under-13 accounts
Payment Information
Conditional
No
Conditional
Collected from parent only; not stored on our servers
Regulatory Notice: scenic-srs's COPPA practices are governed by the Federal Trade Commission's Children's Online Privacy Protection Rule (16 C.F.R. Part 312). Parents or guardians wishing to review, update, or request deletion of their child's personal information should contact our Privacy Team at privacy@scenic-srs.com. Requests are fulfilled within 72 hours. scenic-srs does not condition a child's participation on the disclosure of more personal information than is reasonably necessary.
International Compliance
Multi-Jurisdictional Patent Office Compliance
scenic-srs is built to serve inventors across global patent jurisdictions. Review our data protection standards, office-specific requirements, and compliance posture for each supported or planned patent authority.
🇺🇸
United States Patent & Trademark Office
USPTO — USA
Fully Compliant
scenic-srs is designed to meet all USPTO electronic filing requirements, supporting EFS-Web and Patent Center submission workflows. Our AI-generated documents are formatted to USPTO standards for utility, provisional, and design patent applications.
No attorney-client relationship formed by AI output
Automated filing dependent on USPTO system availability
Human review recommended before any official submission
⚠️
Important: scenic-srs is not a licensed patent attorney or law firm. All AI-generated patent documents are advisory only and should be reviewed by a qualified patent professional before official submission to any patent office. Compliance postures described above reflect scenic-srs platform capabilities and do not constitute legal advice. International filing requirements are subject to change — always verify current requirements directly with the relevant patent authority.
Audit & Compliance Trail
Immutable Audit Logging
scenic-srs maintains a comprehensive, tamper-proof audit trail of all platform activity. Every user action, team contribution, document version, filing submission, and administrative change is recorded — providing full accountability and regulatory traceability.
All User Actions Tracked
Every login, document creation, patent filing submission, and profile change is automatically captured with full context.
Document Version History
Patent drafts, claim revisions, and filing submissions are versioned. Every edit is attributed to a specific team member.
Administrative Changes
Role assignments, permission grants, subscription upgrades, and admin overrides are logged with before/after state.
Team Collaboration Logs
Comment threads, shared workspace access events, and collaborative editing sessions are retained as part of the audit record.
Retention Policy
All audit logs are retained for a minimum of 7 years, meeting enterprise and regulated-industry compliance standards (SOC 2, ISO 27001, and applicable data protection frameworks). Logs are stored in geo-redundant, encrypted object storage.
Immutability Guarantee
Audit records are cryptographically signed and write-once. No user — including system administrators — can modify or delete a log entry after it is written. Integrity is verified continuously via hash-chain validation.
Sample Audit Log EntriesExample Only
Timestamp (UTC)
User
Action
Resource
IP Address
Status
2026-05-05 09:14:32 UTC
AF
amelia.foster@cloudinv.io
Patent Document Created
/api/documents/pat-00841
198.51.100.42
Success
2026-05-05 09:02:11 UTC
DP
dev.patel@cloudinv.io
USPTO Filing Submitted
/api/filings/usp-2026-0441
203.0.113.77
Success
2026-05-04 22:47:08 UTC
GS
guest_session_8821
Login Attempt
/api/auth/login
192.0.2.15
Denied
2026-05-04 18:30:55 UTC
TN
taylor.ng@cloudinv.io
Role Assigned: Pro Tier
/api/admin/users/usr-0291/role
10.0.1.4
Success
2026-05-04 14:12:44 UTC
AF
amelia.foster@cloudinv.io
Prior-Art Search Export
/api/research/export/rpt-7740
198.51.100.42
Rate Limited
2026-05-04 11:05:22 UTC
SA
sys.automation
Subscription Renewed
/api/billing/subscriptions/sub-0088
10.0.0.1
Success
2026-05-05 09:14:32 UTCSuccess
Useramelia.foster@cloudinv.io
ActionPatent Document Created
Resource/api/documents/pat-00841
IP198.51.100.42
2026-05-05 09:02:11 UTCSuccess
Userdev.patel@cloudinv.io
ActionUSPTO Filing Submitted
Resource/api/filings/usp-2026-0441
IP203.0.113.77
2026-05-04 22:47:08 UTCDenied
Userguest_session_8821
ActionLogin Attempt
Resource/api/auth/login
IP192.0.2.15
2026-05-04 18:30:55 UTCSuccess
Usertaylor.ng@cloudinv.io
ActionRole Assigned: Pro Tier
Resource/api/admin/users/usr-0291/role
IP10.0.1.4
2026-05-04 14:12:44 UTCRate Limited
Useramelia.foster@cloudinv.io
ActionPrior-Art Search Export
Resource/api/research/export/rpt-7740
IP198.51.100.42
2026-05-04 11:05:22 UTCSuccess
Usersys.automation
ActionSubscription Renewed
Resource/api/billing/subscriptions/sub-0088
IP10.0.0.1
Third-Party Attestations
Security Certifications & Standards
scenic-srs maintains independent certifications and ongoing compliance with international privacy and security frameworks. Each certification is verified by accredited third-party auditors.
SOC 2 Type II
AICPA / Independent Auditor
Active
Annual third-party audit verifying our security, availability, and confidentiality controls meet AICPA Trust Service Criteria.
Verified compliance with COPPA regulations protecting children under 13. Parental consent workflows, restricted data collection, and youth-safe feature controls are enforced.
All certifications are maintained through ongoing internal controls and annual independent audits. Audit reports and attestation letters are available to enterprise customers and partners upon request via our compliance team.
Answers to common questions about how scenic-srs handles your invention data, credentials, document retention, and privacy across all subscription tiers.
No. Your invention data, patent drafts, and ideation notes are strictly confidential. scenic-srs does not sell, license, or share your invention data with any third party. When using the Pro tier multi-model debate feature, your content is transmitted to third-party LLM APIs (Grok, Claude) solely to generate patent review responses — these providers are bound by data processing agreements that prohibit training on your data or retaining it beyond the immediate inference request. Data Protection Policy.
Privacy
Your patent documents, drafts, and filing records are retained for the duration of your active subscription, plus a 90-day grace period after cancellation during which you can export or download your data. After 90 days, documents are permanently deleted from our servers and object storage. Audit logs are retained for 12 months to satisfy compliance obligations. You can request early deletion of your data at any time by contacting our support team. Audit Trail.
Data Retention
Yes. scenic-srs provides full data portability. You can export all your patent documents, drafts, prior-art research, and filing records in standard formats (PDF, DOCX, JSON) at any time from your Dashboard or Settings page. Bulk export is available for Pro tier subscribers. We support GDPR Article 20 data portability rights — simply navigate to Settings > Data & Privacy > Export My Data to initiate a full account export. Settings, Dashboard.
Data Rights
In the event of service discontinuation, we are committed to giving users a minimum 90-day notice period during which full data export functionality will remain available. All patent documents and filing records will be made available for download in standard formats. We maintain escrow arrangements for critical source code and documentation to ensure continuity. Your USPTO-submitted applications remain legally valid regardless of our service status, as they are filed directly with and held by the USPTO. Terms of Service.
Continuity
USPTO credentials (EFS-Web / Patent Center login details) are never stored in plaintext. If you choose to enable automated USPTO filing, your credentials are encrypted using AES-256 at rest and transmitted exclusively over TLS 1.3. Credentials are stored in an isolated, access-controlled secrets vault (HashiCorp Vault or equivalent) and are only decrypted in memory at the moment of a filing request. You can revoke stored credentials at any time from Settings > Filing Credentials. Filing, Settings.
Security
The Pro tier multi-model debate feature routes your patent claims through multiple LLM APIs — currently our local fine-tuned model, Grok API, and Claude API — to provide cross-validated patentability analysis. Each API call transmits only the specific patent claims or document section under review; your full account data and personal information are never shared. Each provider (xAI for Grok, Anthropic for Claude) operates under a Data Processing Agreement (DPA) prohibiting use of your content for model training. You can review and toggle multi-model processing on a per-session basis from your Pro Dashboard. Patentability, Subscription.
Privacy
Still have questions?Our compliance team is available to address any concerns about data handling, security practices, or legal obligations.
Our compliance documentation is designed to be transparent and accessible. Review our full Privacy Policy and Terms of Service, or reach out directly to our dedicated compliance team — we respond to every inquiry with care.
scenic-srs is not a licensed law firm and does not provide legal advice. All generated patent documents carry a disclaimer recommending professional legal review before filing. For urgent legal matters, please consult a qualified patent attorney.
No comments yet. Be the first!