Havenmark IP is an awareness tool · not a legal service · information only, not legal advice

havenmark IP
Map a project
LearnHow it worksSecurityAbout

Security & trust

Your description is yours.
We’re built that way on purpose.

Havenmark IP is operated to the principles behind GDPR and international data protection standards. This page sets out how we handle your data, which third parties touch it, and what we do and do not do.

Havenmark IP is operated by an individual based in Turkey. We do not collect emails or names, we do not run analytics, and we do not retain your project descriptions after the analysis runs. For full operator identification, supervisory authority details, and your rights under GDPR and KVKK, see the Legal notice.

Operating principles

Six commitments that hold across every release.

Data minimisation

We collect the minimum information needed to produce a map: the description of your project and your clarifying answers. We do not ask for your name, email, location, or any other identifying detail. There are no account sign-ups, no email forms, no analytics that identify you.

No retention by default

Your description and clarifying answers are sent to the AI model for the single purpose of generating your map, then discarded. The map itself is never written to a database; it exists only in your browser session. Reload the page and it is gone.

No training on your data

Your inputs are used solely to generate your map and for no other purpose. We do not use, sell, or share your inputs with any third party for model training or any other commercial purpose.

Encryption in transit

Every connection between your browser, our servers, and the upstream APIs (Anthropic, EUIPO, USPTO) uses TLS 1.2 or higher. Cryptographic protocols are managed by our hosting provider and kept current with industry standards.

Authoritative-source only

When the map cites an IP office, the URL is rendered from a hand-curated whitelist in our code, never authored by the AI. Live trademark similarity hits come directly from the EUIPO and USPTO public APIs. We never invent links, applicants, or registration numbers, and the AI is explicitly forbidden from doing so by our prompt rules. We search where we can, but we do not guarantee complete coverage of any register.

Hallucination guardrails

The AI is prohibited from claiming a specific mark is registered anywhere, inventing applicant names, citing statutes or case names, or producing any URL. Every observation must tie back to something you actually wrote. Each layer self-reports confidence, and low-confidence output is downgraded to grey in the UI so shaky text never appears as a confident determination.

Standards alignment

Aligned with the standards that matter.

We are precise about the difference between aligning our practices with a standard and holding a formal third-party certification under that standard. The table here spells out exactly where we are.

  • GDPR

    Aligned

    We implement the principles of the EU General Data Protection Regulation: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, and integrity. Because we do not retain personal data after analysis and do not build user profiles, most GDPR data-subject rights are satisfied by the architecture itself.

Sub-processors

Everyone who might touch your inputs.

Disclosed proactively, in plain language, with purpose and location. This list changes only when Havenmark IP materially changes; check back if you want to confirm.

Anthropic (Claude API)

United States

PurposeGenerates the map analysis from the description and clarifying answers you provide.

Data handlingInputs and outputs are processed for the single purpose of returning the analysis. Not used by Anthropic to train its models, per Anthropic's published API customer terms.

EUIPO (Trademark Search API)

European Union

PurposeLive similarity search against the EU trade-mark register for brand names you mention.

Data handlingOnly the candidate brand-name strings and a guess at Nice classes are sent. No user description, no clarifying answers.

USPTO (TSDR / Trademark Search API)

United States

PurposeLive similarity search against the US trade-mark register for brand names you mention.

Data handlingSame as EUIPO: only the candidate brand-name strings and a Nice-class hint are sent.

Vercel Inc.

United States

PurposeRuns the Havenmark IP web service and serves the site over HTTPS.

Data handlingProvides TLS termination and platform-level access controls. Has no application-level access to user content.

What we don’t do

The absences matter as much as the presences.

  • We do not collect email addresses or build a mailing list.

    There are no email forms anywhere on the site.

  • We do not run third-party analytics or advertising trackers.

    No Google Analytics, no Facebook Pixel, no fingerprinting, no behavioural advertising scripts.

  • We do not store your description or clarifying answers.

    They are sent to the AI for analysis once, then dropped. They are not written to any database under our control.

  • We do not sell or share your inputs with third parties.

    Beyond the sub-processors listed above (each operating under a defined purpose), nothing leaves the analysis pipeline.

  • We do not let the AI invent links, applicants, or registration data.

    Authoritative facts come from real API calls; anything else is treated as hallucination and stripped at the route level.

Vulnerability reporting

Responsible disclosure

If you find a security issue, please email hello@havenmarkip.com. We commit to acknowledging reports within 72 hours and to keeping the reporter informed through to resolution. We will not pursue legal action against good-faith security researchers operating within standard responsible-disclosure norms.

Want the legal version

Terms & disclaimer spells out the same commitments in legal language.

Read the termsMap my project