Privacy Policy

Last Updated: April 1, 2026

GoVeda Pte. Ltd. and its affiliates ("GoVeda," "we," "our," or "us") respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website www.goveda.com, our AI-powered patent search platform, all sites, domains and applications provided, maintained or operated by GoVeda and related tools (collectively, the "Services").

By using our Services, you agree to the terms of this Privacy Policy.

1. Who We Are

GoVeda Pte. Ltd. (UEN No. 202512897E), a company incorporated in Singapore and having its registered address at:

RIVERBANK @ FERNVALE 17 FERNVALE CLOSE #19-029, Singapore 797478

If you have questions or requests, please contact us at contact@goveda.com.

2. Information We Collect

We collect and process data which enables an individual to be identified ("Personal Data") that is necessary to provide and improve our Services. This includes:

(a) Information You Provide

  • Account Information: Name, email address, and password when you create an account.
  • Payment Information: Payment details such as cardholder name and billing information, processed securely through Stripe.
  • Search Inputs and Uploads: Patent texts, keywords, and documents that you upload for analysis or report generation.
  • Support Communications: Information you provide when contacting our support team.

(b) Developer Tools Data

When you use GoVeda's Developer Tools (MCP Server, API, CLI, or Skills), we additionally collect:

  • OAuth Tokens and API Keys: OAuth 2.0 access tokens (typically short-lived) and, where applicable, refresh tokens issued during authorization. Access tokens expire automatically; refresh tokens are retained until they expire, are revoked, or are invalidated for security reasons. API keys you create for programmatic access are stored in hashed form; we retain limited metadata (key identifier, creation date, last-used timestamp) for security and billing purposes.
  • Tool Invocations: Records of which tools were called, input parameters (e.g., search queries, patent numbers, invention descriptions), timestamps, and credit consumption.
  • IP Addresses and Request Metadata: Logged for rate limiting, security monitoring, and abuse prevention.

(c) Information Collected Automatically

  • Usage Data: IP address, browser type, device information, access times, and pages viewed.
  • Analytics Data: Collected via Heap and similar tools to understand usage trends and improve our Services.
  • Cookies and Tracking Technologies: Used to enhance your experience, remember preferences, and measure engagement.

You may manage cookie preferences through your browser settings.

(d) Lawful Basis

Where the General Data Protection Regulation (GDPR) applies, we are required to identify a legal basis for each category of personal data we process. We process account registration and authentication data, as well as OAuth tokens, API keys, and Developer Tool credentials, on the basis of contractual necessity, as this processing is required to provide the Services you have signed up for. Tool invocation logs, IP addresses, and request metadata are processed on the basis of our legitimate interests in maintaining the security, integrity, and performance of our platform and in preventing fraud and abuse. Where you have queries about our legitimate interests balancing assessment, you may contact us. Billing and credit usage records are processed on the basis of both contractual necessity and our legal obligations under applicable financial and tax law. Where we send you marketing communications, we do so on the basis of your consent, which you may withdraw at any time by contacting contact@goveda.com. Where we process anonymised or aggregated data derived from your usage for the purpose of improving our Services, we do so on the basis of legitimate interests, subject to your right to opt out.

3. How We Use Your Information

We use your data to:

  1. Provide and maintain the Services;
  2. Generate and deliver patentability, prior art, or freedom-to-operate reports;
  3. Process payments and manage your account;
  4. Respond to inquiries and provide customer support;
  5. Improve the performance, security, and user experience of our Services;
  6. Conduct research and development to enhance our AI capabilities;
  7. Comply with legal obligations or enforce our Terms of Service.

We will only use your personal data for the purposes stated above and will not sell, rent, or trade your data.

4. Data Retention and Anonymization

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

  • Your search and report data may be stored so that you can revisit your results and history (purpose (b)).
  • We may anonymize and aggregate data for internal research and AI model improvement only if you choose not to opt out of such use.
    • You can opt out at any time by contacting contact@goveda.com.
    • Once anonymized, the data is no longer personally identifiable and may be used to enhance our algorithms.

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. OAuth access tokens are retained only until they expire, which is typically within one hour of issuance. OAuth refresh tokens are retained until they expire naturally, are revoked by you through your account settings, or are invalidated by us for security reasons. API key metadata, including the key identifier, creation date, and last-used timestamp, is retained for the duration of your account and for 90 days following account deletion. Tool invocation logs, including tool name, input parameters, timestamps, and credit consumption, are retained for 12 months from the date of creation for billing, debugging, and security purposes. IP addresses and request metadata are retained for 90 days from the date of collection and used solely for rate limiting and abuse prevention. Identity caches, such as temporary email-to-user-ID mappings used to reduce authentication latency, are retained for up to 7 days. Billing and credit usage records are retained for 7 years in order to meet our legal and tax obligations. Support communications are retained for 3 years from the date a support case is closed. Data that has been fully anonymized or aggregated such that it can no longer identify any individual may be retained indefinitely, as it no longer constitutes personal data. Where retention is required by applicable law or is necessary in connection with an active legal dispute, we may retain relevant data beyond these periods for the minimum time necessary. You may request early deletion of your personal data subject to the rights and obligations set out in this Privacy Policy and applicable law.

5. Disclosure of Information

We may from time to time also disclose Personal Data to the following (whether inside or outside of Singapore) for the purposes stated in this Privacy Policy:

  • Service Providers: Such as Stripe, Google Cloud, HubSpot, MailChimp and Heap, for secure payment processing, cloud hosting, marketing and analytics. We also use third-party AI and infrastructure providers for machine learning inference, data processing, and search capabilities in connection with our Developer Tools.
  • Legal Authorities: Where required by applicable law or valid legal request.
  • Business Transfers: In case of a merger, acquisition, or sale of assets, we may transfer data as part of the transaction.

We do not share personal data with third parties for marketing or advertising purposes.

Developer Tools Data Retention

Data collected and processed through our Developer Tools is retained and handled in accordance with the retention principles and periods described in Section 4 of this Privacy Policy. Tool response content is streamed to your AI client and not persistently stored by GoVeda as standalone payloads beyond delivery; however, related data (such as saved searches, reports, API logs, and billing records) may be retained as described in Section 4. Responses delivered to your AI client are subject to that client's own data retention policies.

6. Data Storage and Security

We host our Services on third-party service providers such as Google Cloud, Amazon AWS Cloud services, Microsoft etc., therefore your information may be transferred to and stored on servers in various locations both in and outside of Singapore. We maintain control of your information and protect your information by implementing robust physical, administrative, and technical safeguards to protect your data. We also use up-to-date antivirus protection, encryption, access control, privacy filters and regular security reviews to mitigate risks.

While we strive to protect your information, no system is entirely secure. You acknowledge that data transmission over the internet carries inherent risks.

7. Your Rights Under the PDPA

Under Singapore's Personal Data Protection Act (PDPA), you have the right to:

  • Access: Request a copy of your personal data that we hold;
  • Correction/Update: Request corrections to any inaccurate or incomplete data or updates to your Personal Data; and
  • Deletion: Request that we delete your personal data, unless retention is required by law or for legitimate business purposes.

To exercise these rights, please email contact@goveda.com. We may verify your identity before processing your request and respond within a reasonable timeframe.

8. Using our Services Outside of Singapore

If you are using our Services from outside Singapore, please be aware that your Personal Data and information may be transferred to, stored and processed in Singapore where our servers are located and our central database is operated. The data protection and other laws of Singapore and other countries might not be as comprehensive as those in your country. Please be assured that we seek to take reasonable steps to ensure that your privacy is protected. By using our services, you understand that your Personal Data and information may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Policy.

9. Children's Privacy

Our Services are not directed toward children under the age of 18.

We do not knowingly collect personal data from minors. If we discover that we have inadvertently collected such data, we will delete it promptly.

10. Your Rights

Depending on your jurisdiction, you may have a number of rights in relation to the personal data we hold about you. You have the right to request access to the personal data we hold about you and to receive a copy of it. You have the right to request that we correct any inaccurate or incomplete personal data. You have the right to request that we delete your personal data, subject to any legal obligations that require us to retain it. You have the right to request that we restrict our processing of your personal data in certain circumstances, such as where you contest its accuracy or have objected to our processing. Where processing is carried out by automated means and is based on your consent or on contractual necessity, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You have the right to object to processing that is based on our legitimate interests, including any profiling carried out on that basis. Where we process your data on the basis of consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. If you use our Developer Tools, you may revoke OAuth tokens and API keys at any time through your account settings. Please note that revoking a token or key does not automatically delete associated invocation logs. You may separately request deletion of those logs by contacting us directly.

To exercise any of the rights described above, please contact us at contact@goveda.com with the subject line "Data Subject Request." We will respond within 30 days of receiving your request, although we may extend this period by a further 30 days where your request is complex or where we have received a high volume of requests, in which case we will notify you of the extension and the reason for it. We may ask you to verify your identity before we process your request. If you are located in the European Economic Area or the United Kingdom and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when it was last revised.

Changes will take effect when posted on our website. We encourage you to review this page periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

GoVeda Pte. Ltd. RIVERBANK @ FERNVALE 17 FERNVALE CLOSE #19-029 Singapore 797478

contact@goveda.com