Privacy Policy

Last updated: 24/03/2026

You must read through the entire Privacy Policy below and agree with all the details before you use any of our Services.

We are committed to protecting your privacy. This Privacy Policy describes what information we collect, how we use it, and the distinct protections that apply to each category of data.

Default operating mode: 23VIP processes all drafting requests through sovereign open-source models hosted entirely in Europe by European providers. These default models never retain or train on your data and keep every interaction inside the EU. Commercial models such as OpenAI, Anthropic, and Google (Gemini) remain available only on explicit demand and can be disabled per user or organisation.

Two Categories of Data

This Privacy Policy governs two distinct categories of data. Where the protections differ, each section below states explicitly which category it addresses.

Invention Data — the technical content you submit to and receive from our drafting tools, including invention disclosures, claims, patent specifications, drawings, and draft outputs. This is the data that is subject to pre-filing confidentiality.

Account Data — personal and administrative information such as your name, email address, company name, billing address, VAT number, payment transactions, login credentials, 2FA secrets, and usage analytics (frequency, duration, cookies). This is standard personal data governed by the GDPR.

Guiding principle: Invention Data receives the highest level of protection. 23VIP never accesses, retains, or trains on your Invention Data. Account Data is collected and processed only to the minimum extent necessary to operate the service and comply with legal obligations.

What We Collect

Invention Data

Invention Data is submitted by you directly into our drafting tools (Claim Drafter, Web Drafter). We do not collect, copy, or store Invention Data outside of the drafting session itself. In the default mode, the sovereign open-source AI models process your Invention Data in real time and perform zero retention once the session is complete. We have zero access to your Invention Data inputs or outputs across all tools.

Account Data

We collect Account Data that you voluntarily provide when you register or use the Services:

  • Name, email address, company name, billing address, and VAT number
  • Payment transaction information
  • Login credentials (username and password, stored in hashed form)
  • If you enable two-factor authentication (2FA): the minimal information needed to provide this feature (e.g., a TOTP secret key or a telephone number for verification codes), stored in encrypted form and used solely for authentication
  • Usage information: interactions with the Services, frequency, and duration of use
  • Cookies and similar tracking technologies (controllable via your browser settings)

How We Use Your Data

Invention Data

Your Invention Data is used for one purpose only: to generate the drafting output you requested during that session. It is never used for analytics, product improvement, model training, marketing, or any other purpose. It is never accessed by 23VIP personnel.

Account Data

We use Account Data to:

  • Provide and maintain the Services (account management, authentication)
  • Process payments
  • Respond to your enquiries and provide customer support
  • Send service-related communications (e.g., billing confirmations, security alerts)

We may also use de-identified, aggregated Account Data for statistical analysis and research. Invention Data is never included in any aggregation or analysis.

Sharing and Disclosure

Invention Data

We do not share, sell, disclose, or grant access to your Invention Data to any third party, including 23VIP employees. In the default mode, your Invention Data is processed exclusively by sovereign open-source models hosted in Europe and is never transmitted outside the EU. If you explicitly opt into a commercial model, your Invention Data is transmitted to the chosen provider under business terms that contractually prohibit training.

Account Data

We do not sell your Account Data. We may share Account Data with a limited set of service providers who perform services on our behalf:

  • Payment processors (to handle billing)
  • Cloud hosting providers (to host our application infrastructure within Europe)

These service providers are contractually obligated to use your information only to provide the services we have requested. We may also disclose Account Data if required by law, such as to comply with a subpoena or court order, or if we believe disclosure is necessary to protect our rights or the safety of others.

For the avoidance of doubt: a legal demand for Account Data (e.g., billing records) never entails disclosure of Invention Data, because we do not hold Invention Data.

Data Retention and Deletion

Invention Data

In the default mode, Invention Data is configured for ephemeral processing within EU-hosted infrastructure and is not retained after the session. This default path is designed to keep processing within the EU-hosted environment used for the service.

If you explicitly choose a commercial model, your Invention Data is subject to that provider's retention terms (see links under Data Processing below), but all providers are contractually prohibited from using it for training.

Account Data

We retain your Account Data for as long as your account remains active. If your account is inactive for more than 6 months, we will send you a reminder email. If you do not reactivate your account, we will delete all Account Data associated with it.

You may request deletion of your Account Data at any time by emailing Christophe.Ego@23vip.be. We will process your request within 30 days.

Data Security, Confidentiality, and Privacy

At 23VIP, we prioritise the security, confidentiality, and privacy of your data. We employ industry-standard measures to safeguard your information from unauthorised access. Below, we explain how each protection applies to Invention Data and Account Data.

  1. Secure Transmission: All data — both Invention Data and Account Data — is encrypted using TLS 1.3 during transmission to and from our servers.
  2. Optional Two-Factor Authentication (2FA): Applies to Account Data. You can enable 2FA from your profile settings, requiring a one-time code in addition to your password. (2FA protects access to your account; Invention Data is additionally protected by the zero-access and zero-retention architecture described below.)
  3. Data Processing — Invention Data: By default, your Invention Data is processed by sovereign open-source models hosted in Europe by European providers. In that mode, the system is configured not to use your data for model training and is intended to process requests within EU-hosted infrastructure. The service is also designed to prevent internal access to inputs and outputs. If you or your organisation explicitly choose a commercial model path, your Invention Data may instead be processed by one or more of the following providers, under business terms that prohibit training:
  4. Data Processing — Account Data: Account Data is processed by 23VIP's application logic running on a trusted European-hosted cloud platform. Account Data is never sent to the AI models.
  5. Encrypted Results: All outputs (Invention Data) are encrypted using TLS 1.3 during transmission back to you, whether displayed in the output window or provided for download.
  6. Secure Delivery: Any generated Word document is encrypted in transit and delivered directly to your browser when ready. It is not retained by 23VIP for later retrieval. Account Data (billing records, profile information) is stored separately, also encrypted at rest.
  7. Trusted Cloud Platform: Our application infrastructure runs on a trusted European-hosted cloud platform that processes data on our behalf and protects confidentiality. This platform handles Account Data and application logic; it does not store or access your Invention Data beyond real-time processing.

By using our Services, you acknowledge and agree that your data will be processed by 23VIP and our third-party subprocessors as described above and in our Terms of Service. This includes the default European-hosted sovereign open-source model providers (for Invention Data) and, if you explicitly choose them, commercial model providers. Account Data subprocessors include our payment processor and European cloud hosting provider.

We are committed to maintaining the highest standards of data security and privacy. If you have any questions or concerns, please contact us at Christophe.Ego@23vip.be.

Your Rights (GDPR)

As a Belgian company with application logic and databases hosted in Europe, 23VIP is designed with GDPR requirements and European data protection principles in mind. Your rights under the GDPR apply to your Account Data:

  • Right of access: You can request a copy of the Account Data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate Account Data.
  • Right to erasure: You can request deletion of your Account Data at any time.
  • Right to restriction and objection: You can ask us to restrict or stop processing your Account Data in certain circumstances.
  • Data portability: You can request your Account Data in a structured, machine-readable format.

To exercise any of these rights, contact us at Christophe.Ego@23vip.be.

Note on Invention Data and GDPR rights: In the default mode, the service is designed to prevent retention and internal access to Invention Data. As a result, there is no Invention Data held by 23VIP that could be subject to an access, rectification, or erasure request.

Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website. Your continued use of the Services after any changes constitutes your acceptance of the new Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at Christophe.Ego@23vip.be.