Security & Confidentiality

The trust of our users is paramount. As a platform created by a European Patent Attorney, we understand that confidentiality is not just a feature: it is the foundation of all patent work.

To provide our services, we (“Powerclaim”; operated by Powerclaim GmbH) handle your data with the following purpose-built security protocols:

User Data and Billing

What is stored here: All information related to your account, including credit purchase history, billing records, and your Powerclaim Credits. This data is necessary for service operation and consumption tracking.

Processing Location: Your user and billing data is managed by the WordPress installation powering our credit system. This system is hosted by hosting.de in their data centers located in Aachen, Germany.

Application Processing and Runtime

What is processed here: This environment runs the core application logic, handles user interface interactions, authenticates requests, and acts as the secure intermediary between your device and the AI model.

Processing Location: The application is deployed as a set of Serverless Functions on Vercel. These functions run in the Frankfurt, Germany (fra1) region.

Artificial Intelligence Model

What is processed here: This is where the data you submit to the application (e.g., an invention description) is sent via prompts for generative processing (i.e., generating a response).

Processing Location: The application uses the Vertex AI Gemini API, which allows for regional lock-down. The user prompts and the resulting generated outputs are processed via the dedicated regional endpoint in Frankfurt, Germany (Google Cloud region europe-west3).

Static Asset Delivery

What is served here: This includes the static files that constitute the application’s user interface—the HTML, CSS, images, and the compiled React JavaScript bundle.

Processing Location: These static assets are served via Vercel’s global Content Delivery Network (CDN), typically from the Point of Presence (PoP) closest to the user.

Security Impact: This global delivery is for performance optimization and does not pose a security risk because:

  1. Non-Sensitive Data: The files delivered by the CDN contain only the public, non-sensitive code for the user interface.
  2. No Processing: The CDN does not process or store any sensitive user input, credentials, or personal data. The secure data boundary begins when the user’s browser transmits a prompt to the Frankfurt-based Serverless Function.

Summary of Data Flow and Residency

When you use any Powerclaim software application, the data flows are as follows:

  1. Your device receives static files globally from the nearest CDN PoP.
  2. Your device communicates with the Vercel Functions in Frankfurt, Germany (fra1).
  3. The Vercel Function processes credit verification (data stored in Aachen, Germany).
  4. The Vercel Function sends your data input to the Vertex AI Endpoint in Frankfurt, Germany (europe-west3).
  5. The Gemini model processes the request within the Frankfurt, Germany (europe-west3) region and returns the output to the Vercel Function.
  6. The Vercel Function streams the final result back to your device.

For any questions about Powerclaim’s security practices, please reach out to Bastian Best at bastian@powerclaim.io.