← Patten Labs

Patten Labs LLC

Privacy Policy

Last updated: 2026-05-20

Who we are

Patten Labs LLC is a Texas-domiciled software company operating pattenlabs.com and the Cortivex product suite (Cortivex, Synapse, OddRune, Houseproof, Casemoat, ConveyWorks, and related engines). When this policy says "we," "us," or "Patten Labs," it means Patten Labs LLC.

What we collect

  • Email address (account creation, magic-link sign-in, transactional email)
  • Stripe billing metadata (last 4 of card, billing zip — Stripe stores the card itself, not us)
  • Product usage (events, errors, feature interactions — to fix bugs and improve products)
  • Inputs you submit to engines (project details, prompts, uploads — only stored to deliver the service)
  • Cookies + local storage (see Cookie Policy)
  • IP address + user-agent (security, abuse prevention, server logs — typically purged after 30 days)

What we do NOT collect

  • We do not sell your data. Ever.
  • We do not use your inputs to train public models without explicit opt-in.
  • We do not store payment card numbers — Stripe handles PCI.
  • We do not run third-party advertising trackers (no Google Ads, no Meta Pixel, no LinkedIn Insight).

How we use it

To deliver the products you signed up for, to bill you, to email you about your account, to fix bugs, to improve products with aggregated/anonymized telemetry, and to comply with legal obligations (tax, fraud, court orders). That's it.

Subprocessors we share data with

  • Supabase — database + auth + file storage (US-West, AWS)
  • Vercel — hosting + edge functions (US, global edge)
  • Cloudflare — DNS, CDN, edge workers, email routing
  • Stripe — payment processing (PCI Level 1)
  • Anthropic, OpenAI, Google — LLM inference for AI features (zero-retention API tiers where available)
  • Twilio — SMS notifications (only if you opt in)
  • Resend / Cloudflare Email — transactional email delivery

How long we keep your data

Account data: as long as your account is active, plus 90 days after deletion (legal retention). Stripe billing records: 7 years (tax law). Server logs: 30 days. Engine inputs/outputs: per-product (see each product's in-app data settings). You can request earlier deletion via DSR.

Your rights (CCPA + GDPR + Texas)

If you are a California, EU/UK, or Texas resident (or anywhere with similar law), you have the right to:

  • Know what we've collected about you
  • Get a copy of your data (data portability)
  • Correct inaccurate data
  • Delete your data (right to be forgotten)
  • Opt out of any sale or sharing (we do neither, but you can opt out anyway)
  • Object to processing or restrict it
  • Not be discriminated against for exercising any right

File a Data Subject Request by emailing legal@pattenlabs.com with the subject line "DSR" and your account email. We respond within 30 days (45 for complex requests).

Children

The products are not directed at children under 13 (or under 16 in the EU). If you believe a child has created an account, email legal@pattenlabs.com and we'll delete it.

International transfers

Our infrastructure runs in the United States. If you access the products from outside the US, you consent to your data being transferred to and processed in the US. We use Standard Contractual Clauses where required.

Security

TLS 1.3 in transit, AES-256 at rest, OAuth tokens encrypted with AES-256-GCM in DB. No system is unbreakable — if we have a breach affecting your data, we'll notify you within 72 hours per GDPR and applicable state law.

Changes to this policy

We'll update the "Last updated" date above when we change anything. Material changes get an email to your account address at least 14 days before they take effect.

Contact

legal@pattenlabs.com · Patten Labs LLC, Austin, TX