Privacy Policy

1. Introduction

Welcome to GleanMark, operated by TMZap Incorporated ("we," "our," or "us"). We're committed to protecting your privacy and being transparent about our data practices. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our trademark monitoring and portfolio management platform.

By using GleanMark, you agree to the practices described in this policy. If you don't agree with our practices, please don't use our service.

1A. Data Controller

The data controller responsible for your personal information is:

TMZap Incorporated

d/b/a GleanMark

7 Rye Ridge Plaza, Suite 660

Rye Brook, NY 10573

United States

Email: privacy@gleanmark.com

As the data controller, we determine the purposes and means of processing your personal data in connection with our trademark monitoring and analysis services. If you have questions about our data processing practices, please contact us at the address above.

2. Information We Collect

Account Information

Email address - Used for authentication, account recovery, and sending important alerts
Name and profile photo - If you sign up with Google OAuth, we receive your name and profile picture from Google
Password - Securely hashed and stored (we never see your actual password)

Usage Data

Search queries - Trademark searches you perform
Saved trademarks - Marks you choose to monitor
Portfolio data - Portfolios you create and manage
Tracked owners - Trademark owners you choose to track
Alert configurations - Your notification preferences

Payment Information

We use Stripe for payment processing. Important clarifications:

We do NOT store credit card numbers - Stripe handles all payment card data securely
What we store - Your subscription status, billing cycle, and plan tier
Stripe's responsibility - All payment data is handled by Stripe's PCI-compliant infrastructure

Technical Information

Browser data - Browser type, version, and operating system
IP address - For security and analytics purposes
Device information - Screen resolution, device type (for responsive design)
Session data - Login times, session duration
Cookies - See our cookie section below for details

Public Trademark Data

We access and display public trademark data from the United States Patent and Trademark Office (USPTO). This data is publicly available and not considered personal information. We do not control the accuracy or completeness of USPTO data.

3. How We Use Your Information

We use your data to provide and improve our service:

Service Provision

To provide trademark search, monitoring, portfolio management, and alert functionality

Email Notifications

To send you important alerts when your monitored trademarks change status. You can unsubscribe from marketing emails, but we recommend keeping status alerts enabled to avoid missing critical deadlines.

Account Security

To protect your account from unauthorized access and detect suspicious activity

Service Improvement

To analyze usage patterns, identify bugs, and improve our search algorithms and user experience

Customer Support

To respond to your questions, troubleshoot issues, and provide technical assistance

Legal Compliance

To comply with legal obligations, enforce our terms of service, and protect our rights and those of our users

3A. AI-Powered Features and Data Processing

GleanMark uses artificial intelligence (AI) to provide enhanced analysis features. This section explains how your data is processed by AI systems.

AI Features We Offer

Prosecution History Summaries: AI analysis of USPTO Office Actions and responses
TTAB Proceeding Summaries: AI analysis of opposition and cancellation proceedings
Confusion Analysis: AI-powered likelihood of confusion assessments using DuPont factors
Similarity Search: Algorithmic identification of potentially conflicting marks

Data Sent to AI Services

When you use AI-powered features, the following data may be sent to our AI service providers:

Trademark application and registration details (serial numbers, mark text, goods/services descriptions)
USPTO prosecution documents (Office Actions, applicant responses, examiner amendments)
TTAB proceeding documents (complaints, answers, briefs, board decisions)
Trademark comparison data for confusion analysis

Our AI Service Providers

We use Anthropic (Claude AI) and OpenAI (GPT) as our AI service providers. Both providers process data sent through their APIs in accordance with their privacy practices:

Anthropic (Claude AI):

No Training on Your Data: Anthropic does not use data submitted via their API to train their AI models
Data Retention: Anthropic retains API inputs and outputs for up to 30 days for trust and safety purposes, then deletes them
Security: Data is encrypted in transit and at rest

See Anthropic's Privacy Policy.

OpenAI (GPT):

No Training on Your Data: OpenAI does not use data submitted via their API to train their AI models (API usage is opted out of training by default)
Data Retention: OpenAI retains API data for up to 30 days for abuse and misuse monitoring, then deletes it
Security: Data is encrypted in transit and at rest

See OpenAI's Privacy Policy.

AI Analysis Caching

To improve performance and reduce costs, we cache AI-generated summaries and analyses. Cached results are stored in our database and associated with the relevant trademark or proceeding. You can request a fresh analysis at any time, which will replace the cached version.

Automated Decision-Making

Our AI features provide informational analysis to assist your research. They do not make automated decisions that produce legal effects or significantly affect you. AI-generated risk scores and assessments are advisory only and require human review before any action is taken. You always retain control over decisions regarding your trademarks.

4. Third-Party Services We Use

We partner with trusted service providers to deliver our platform. Here's exactly what data we share with each:

Supabase (Database & Authentication)

What they do: Host our database on AWS infrastructure

Data shared: All account data, usage data, and portfolio information

Security: Row-Level Security (RLS) policies ensure you can only access your own data. All connections encrypted via HTTPS. Infrastructure hosted on AWS in secure data centers.

Stripe (Payment Processing)

What they do: Process payments and manage subscription billing

Data shared: Your email address, subscription plan, and billing information you provide to Stripe

Security: Stripe is PCI DSS Level 1 certified (the highest level of payment security). We NEVER see or store your credit card numbers. See Stripe's Privacy Policy.

Google OAuth (Authentication)

What they do: Allow you to sign in with your Google account

Data shared: Google shares your name, email address, and profile photo with us (only if you choose Google sign-in)

Your control: You can revoke GleanMark's access in your Google Account settings at any time.

Anthropic (AI Processing)

What they do: Process trademark documents and generate AI summaries, analyses, and insights

Data shared: Trademark application data, prosecution documents, and TTAB proceeding documents when you use AI-powered features

Security: Anthropic does NOT use API data to train their AI models. Data is retained for up to 30 days for safety monitoring, then deleted. See Anthropic's Privacy Policy.

OpenAI (AI Processing)

What they do: Process trademark documents and generate AI summaries, analyses, and insights

Data shared: Trademark application data, prosecution documents, and TTAB proceeding documents when you use AI-powered features

Security: OpenAI does NOT use API data to train their AI models (API usage is opted out of training by default). Data is retained for up to 30 days for abuse monitoring, then deleted. See OpenAI's Privacy Policy.

Resend (Email Delivery)

What they do: Deliver alert emails and notifications to your inbox

Data shared: Your email address and email content (trademark alerts, status updates)

Security: Resend uses industry-standard email delivery infrastructure and encryption.

USPTO (Trademark Data Source)

What they do: Provide public trademark data

Data accessed: We access publicly available USPTO trademark data via their official APIs and bulk data files

Important: USPTO data is public domain. We do not control its accuracy, completeness, or timeliness.

5. How We Protect Your Data

We take data security seriously and implement industry-standard protections:

🔒 Encryption

All data transmitted between your browser and our servers is encrypted using industry-standard HTTPS/TLS protocols.

🛡️ Row-Level Security

Database policies ensure users can only access their own data. Even our team can't see your private information without explicit authorization.

🔐 Password Protection

Passwords are hashed using bcrypt with strong salts. We never store passwords in plain text.

💳 Payment Security

Stripe handles all payment card data with PCI DSS Level 1 compliance. We never touch your credit card numbers.

🔍 Security Monitoring

We monitor for suspicious activity, unusual login patterns, and potential security threats.

⚙️ Regular Updates

We keep our systems updated with the latest security patches and conduct regular security reviews.

Important: No method of transmission over the internet is 100% secure. While we strive to protect your data using industry-standard practices, we cannot guarantee absolute security.

6. How Long We Keep Your Data

Active Accounts

We retain your data for as long as your account is active and for a reasonable period after to allow you to reactivate if needed.

Account Deletion

When you delete your account, we provide a 30-day grace period during which you can change your mind and restore your account. After 30 days, your data is permanently deleted from our systems.

Payment Records

Stripe retains payment records according to their retention policies and legal requirements. We keep basic subscription history for accounting and tax purposes (typically 7 years as required by law).

Legal Obligations

We may retain certain data longer if required by law, to resolve disputes, enforce our agreements, or for legitimate business purposes (like fraud prevention).

AI Analysis Data

AI-generated summaries and analyses are cached in our database to improve performance. These cached results are retained indefinitely unless you request deletion or generate a new analysis. Our AI providers (Anthropic and OpenAI) retain API inputs and outputs for up to 30 days for safety and abuse monitoring, then permanently delete them.

7. Your Data Rights

You have control over your personal data. Here are your rights under GDPR (for EU users) and CCPA (for California residents):

Right to Access

You can request a copy of all personal data we have about you. We'll provide it in a structured, machine-readable format.

Right to Correction

You can update or correct your personal information at any time through your account settings or by contacting us.

Right to Deletion

You can delete your account and all associated data at any time. Go to Account Settings → Delete Account, or contact support@gleanmark.com.

Right to Data Portability

You can export your data (saved trademarks, portfolios, searches) in a portable format. Look for the "Export Data" option in your account settings.

Right to Opt-Out

You can opt out of marketing emails at any time by clicking "unsubscribe" in any email. Note: We'll still send critical account and trademark status alerts unless you disable them in your alert settings.

Right to Restriction

You can request that we limit how we process your data in certain circumstances (e.g., while we verify its accuracy).

Right to Object

You can object to our processing of your data for marketing purposes or when we process it based on legitimate interests.

To exercise these rights: Email privacy@gleanmark.com or support@gleanmark.com. We'll respond within 30 days.

7A. California Residents - CCPA Disclosures

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. This section provides CCPA-specific disclosures and explains your California privacy rights.

Categories of Personal Information We Collect

Under CCPA, we are required to disclose the categories of personal information we collect and the purposes for which we use each category. Over the past 12 months, we have collected:

Identifiers: Email address, name, account ID, IP address
Commercial Information: Subscription history, payment information (through Stripe), billing records
Internet Activity: Search queries, browsing history on our platform, usage patterns
Geolocation Data: General location based on IP address
Professional Information: If provided, information about trademark portfolios you manage

Your California Privacy Rights

California residents have the right to:

Know: Request disclosure of personal information we've collected about you in the past 12 months
Delete: Request deletion of personal information we've collected, subject to certain exceptions
Opt-Out: Opt out of the "sale" of personal information (Note: We do NOT sell your personal information)
Non-Discrimination: Receive equal service and pricing even if you exercise your privacy rights
Correct: Request correction of inaccurate personal information
Limit Use: Request that we limit the use of sensitive personal information (if applicable)

We Do Not Sell Your Personal Information

GleanMark does NOT sell your personal information to third parties. We do not and will not sell, rent, or trade your personal data for monetary or other valuable consideration. You therefore do not need to opt out of any sales.

Third Parties We Share Information With

We share personal information with the following categories of third parties for business purposes:

Service Providers: Supabase (database hosting), Stripe (payment processing), Google (authentication)
Government Entities: USPTO (we access public trademark data, but do not share your personal data with them)
Legal/Compliance: Law enforcement or regulatory agencies when required by law

How to Exercise Your CCPA Rights

To submit a CCPA request:

Email privacy@gleanmark.com with "CCPA Request" in the subject line
Include your name, email address, and specific request (e.g., "Right to Know," "Right to Delete")
We will verify your identity before processing your request
We will respond within 45 days (may be extended by 45 additional days if needed)
You can also designate an authorized agent to make a request on your behalf

No Discrimination

We will not discriminate against you for exercising your CCPA rights. This means we will not:

Deny you goods or services
Charge you different prices or rates
Provide you a different level or quality of service
Suggest that you may receive different pricing or service quality

Retention of Personal Information

We retain your personal information for as long as reasonably necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. See Section 6 (Data Retention) for more details.

California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes. As stated above, we do not share personal information with third parties for their direct marketing purposes.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and understand how you use our service.

Essential Cookies

Required for the service to function. These handle authentication, session management, and security. You cannot opt out of these cookies.

Analytics Cookies

Help us understand how users interact with our platform so we can improve it. These are optional and you can control them via our cookie consent banner.

Preference Cookies

Remember your settings and preferences (like theme choice, default view options). These improve your user experience.

For more details about our cookie practices, see our Cookie Policy.

9. International Data Transfers

Our infrastructure is hosted on Amazon Web Services (AWS) through Supabase. Your data may be stored and processed in data centers located in the United States and other countries.

For EU users: We ensure appropriate safeguards are in place for international data transfers, including standard contractual clauses approved by the European Commission.

For all users: We work with service providers (Supabase, Stripe) that maintain strong data protection standards regardless of where data is processed.

10. Data Breach Notification

While we implement industry-standard security measures to protect your data, we recognize that no system is completely secure. In the unlikely event of a data breach that affects your personal information, we are committed to transparency and prompt notification.

What We Will Do

If we discover a data breach that compromises your personal information, we will:

Notify you via email within 72 hours of discovering the breach
Describe what information was affected (e.g., email addresses, account data)
Explain what steps we are taking to contain and remediate the breach
Provide recommendations for protecting yourself (e.g., password changes)
Notify relevant authorities as required by law (GDPR, CCPA, state breach notification laws)

What You Should Do

If you receive a data breach notification from us:

Change your GleanMark password immediately
If you use the same password on other services, change those passwords as well
Monitor your accounts for suspicious activity
Consider enabling two-factor authentication on all services that support it
Contact us if you notice any unauthorized activity on your account

Our Commitment to Security

We continuously monitor for security threats, conduct regular security audits, and maintain incident response procedures to detect and respond to breaches quickly. Your trust is paramount to us, and we take our responsibility to protect your data very seriously.

11. Children's Privacy

GleanMark is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at privacy@gleanmark.com and we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How we notify you:

We'll update the "Last Updated" date at the top of this page
For material changes, we'll send you an email notification at least 30 days before changes take effect
We may also display an in-app notification when you next log in

Your continued use of GleanMark after changes take effect constitutes your acceptance of the updated policy. If you don't agree with the changes, you should stop using the service and delete your account.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, we're here to help:

GleanMark Privacy Team

Privacy inquiries: privacy@gleanmark.com

General support: support@gleanmark.com

Data subject requests: Email either address above with "Data Request" in the subject line

Mailing address:

TMZap Incorporated (d/b/a GleanMark)