Meet us at INTA 2026 Annual Meeting in London!
Breeze IP

Privacy Policy

Last updated: March 4, 2026

Who we are

Breeze IP AS ("Breeze IP", "we", "us", or "our") is an intellectual property portfolio management company registered in Norway (Org. nr: 932 406 667). Our registered address is Sandviksbodene 73 A, 5035 Bergen, Norway. This privacy policy is provided in accordance with the General Data Protection Regulation (GDPR) as implemented in Norway through the Personal Data Act (Personopplysningsloven).

Our role in processing your data

Depending on the context, Breeze IP acts in different roles under the GDPR:

  • Data controller — when you visit our website, contact us, or interact with us directly, Breeze IP determines the purposes and means of processing your personal data.
  • Data processor — when your organisation uses the Breeze IP platform to manage IP portfolio data, we process that data on behalf of your organisation (the data controller), according to your instructions and under our customer agreement.

In some cases, Breeze IP may also process platform data as a controller — for example, when we enrich portfolios with public patent office data or, where you have opted in, generate AI-assisted summaries. Where Breeze IP acts as a data controller, processing is governed by this Privacy Policy and applicable data protection law. Our customer agreements (including the DPA) govern processing where Breeze IP acts as a data processor on behalf of a customer.

In limited cases, we enrich customer portfolio records with data from publicly accessible IP registers (for example EPO OPS and national patent office databases). This may include inventor and applicant details available in those sources. Where required under GDPR, we provide Article 14 information through this Privacy Policy and, where appropriate, through the relevant customer relationship channel.

This distinction affects how you exercise your data protection rights. When Breeze IP is the data controller, we handle your requests directly. When Breeze IP is a data processor, your organisation is the controller and we assist them in fulfilling your request. Detailed data processing terms are set out in our Data Processing Agreement (DPA), available as part of our customer agreements.

What data we collect

We collect and process the following categories of personal data:

  • Contact information — name, email address, phone number, and company details when you contact us or create an account.
  • Usage data — anonymized usage data to understand how our website is used. We do not use cookies or collect personally identifiable information for analytics purposes.
  • Account data — information you provide as part of using the Breeze IP platform, including IP portfolio data and related documents.

How we use your data

We use your personal data for the following purposes:

  • To provide and maintain our services
  • To respond to your inquiries and support requests
  • To improve our website and platform
  • To comply with legal obligations

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods are as follows:

  • Contact form submissions — retained for the duration of the business relationship plus 1 year.
  • Account data — retained while your account is active. Upon request, account data is deleted within 90 days of account closure.
  • Usage and analytics data — anonymized analytics data is retained for up to 30 days.
  • Financial and billing records — retained for 5 years as required by the Norwegian Bookkeeping Act (Bokføringsloven).

Data deletion and portability on termination

When your organisation ends its use of the Breeze IP platform, we handle your data as follows:

  • Data export — you can export your IP portfolio data from the platform at any time. We will also assist with data export upon request during or after termination.
  • Deletion — following termination, we will delete your organisation's data within 90 days unless you request earlier deletion or longer retention is required by law (for example, billing records under the Norwegian Bookkeeping Act).
  • Confirmation — upon request, we will provide written confirmation that your data has been deleted.

Data storage and security

Breeze IP's primary platform data is stored at rest within the European Economic Area (EEA), and we apply encryption, access controls, and monitoring to protect it. Technical details of our security architecture are described in our Security Details page and in the security annex of our customer agreements.

Where customers enable specific integrations or AI-assisted features, limited data may be processed by approved sub-processors outside the EEA (see AI and data processing and Third-party sub-processors). In those cases, we apply appropriate safeguards under GDPR Chapter V, including Standard Contractual Clauses (SCCs) and contractual data protection commitments.

To request further details about international transfers, please contact us.

AI and data processing

Breeze IP uses AI-assisted features powered by third-party sub-processors. AI-assisted features are enabled on a customer-controlled, opt-in basis. Customers can choose to enable AI for specific parts of their portfolio while keeping other data untouched.

Where Breeze IP acts as a processor, AI processing is performed on the customer controller's instructions under the customer agreement (including DPA). Where Breeze IP acts as a controller, we rely on the applicable legal basis set out in Legal basis for processing below.

Where AI features are enabled, client IP portfolio data may be sent to these providers for processing. All AI sub-processors are bound by Data Processing Agreements and, where data is transferred outside the EEA, appropriate safeguards under GDPR Chapter V are in place. AI sub-processors are contractually restricted from using client data for model training.

For technical details on how AI processing is secured, see the AI & Data Processing section on our Security Details page. A current list of sub-processors is available upon request (see Third-party sub-processors).

Cookies

Our website does not use cookies for analytics or tracking purposes. We do not use any third-party advertising cookies on our website.

Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — you can request a copy of your personal data.
  • Right to rectification — you can request correction of inaccurate data.
  • Right to erasure — you can request deletion of your personal data.
  • Right to data portability — you can request your data in a structured, machine-readable format.
  • Right to object — you can object to processing based on legitimate interest.
  • Right to restrict processing — you can request limitation of processing in certain circumstances.
  • Right to withdraw consent — you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint — you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet). You can reach them at datatilsynet.no.

How to make a request: to exercise any of these rights, email us at post@breezeip.com. We may ask you to verify your identity before processing your request. We will respond within one month of receiving your request. If we need more time (up to two additional months for complex requests), we will let you know within the initial one-month period.

Note for platform users: if your data is processed by Breeze IP on behalf of your organisation (where your organisation is the data controller), please direct your request to your organisation in the first instance. We will assist your organisation in fulfilling the request under our Data Processing Agreement (DPA).

Third-party sub-processors

We use a limited number of third-party service providers (sub-processors) to help deliver our services. These include providers of cloud infrastructure, AI processing, and analytics. Data Processing Agreements are in place with all sub-processors, and international transfers are protected by appropriate safeguards under GDPR Chapter V.

Detailed sub-processor and transfer documentation, including roles, locations, and applicable safeguards, is available upon request and can be shared under NDA where required. To request the documentation, please contact post@breezeip.com. We notify affected customers of material changes to our sub-processor list before the change takes effect, in accordance with applicable customer agreements, including opportunities to raise objections where contractually provided.

Automated decision-making

Breeze IP does not make automated decisions about individuals as defined under GDPR Article 22. Our AI features are assistive tools designed to support users in their work. All decisions are made by humans.

Data Protection Officer

Based on our current assessment under GDPR Article 37, Breeze IP is not required to appoint a Data Protection Officer. We reassess this periodically as our processing activities evolve. For privacy inquiries, please contact us at post@breezeip.com.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "last updated" date.

Contact us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Breeze IP AS
Org. nr: 932 406 667
Sandviksbodene 73 A, 5035 Bergen, Norway
post@breezeip.com