Legal Center

Terms of Service

Effective April 5, 2024


IPRally service (the “Service”) is offered by IPRally Technologies Oy (“IPRally”), a company incorporated in Finland under business ID 2901197-7.

These Terms of Service (the “Terms”) shall be applied when IPRally provides the Service described in the Software as a Service (SaaS) Agreement (the “Agreement”) to the customer (the “Customer”) and its users. IPRally and the Customer are hereinafter referred to together as the “Parties” and each a “Party”. 

The Terms shall also be applied to individual trial users and the organizations they represent (also referred to as the Customer herein), taking into account what is stated in section “Trial subscriptions”.

IPRally may introduce additional specific terms, for example to cover specific optional functionalities in the Service. Such additional specific terms apply only if the Customer approves such terms in the Agreement or subsequently in the Service.

If there is an inconsistency between the Agreement, these Terms and any additional specific terms by IPRally, the prevailing order shall be as follows: 1) The Agreement; 2) IPRally additional specific terms (if applicable); 3) These Terms.

By starting or continuing the use of the Service, the Customer and its users accept these Terms. If you are using the Service as the Customer’s administrator (the “Admin user”) or as other user, you agree to use the Service in compliance with these Terms. The Customer shall be fully responsible for its Admin users and other users and for their compliance with these Terms. For the purposes of these Terms, “you” refers to the Customer and/or its users, as applicable.

General responsibilities, restrictions and limitations

a) You may not share, distribute or reveal your access credentials to the Service with any other party. The access credentials are strictly for personal use.

b) You may not misuse the Service by interfering with its normal operation, or by attempting to access it or extract data therefrom using a method other than through interfaces and instructions the Service provides. 

c) You agree not to engage in any of the following prohibited activities: (i) copying, distributing, or disclosing any part of the Service by any automated “scraping”; or (ii) using any automated system, including without limitation “robots,” “spiders,” etc., to access the Service in a manner that sends more request messages to the Service than a human can reasonably produce in the same period of time.

d) You may not reproduce, distribute or publicly display the Service. 

IPRally has the right to suspend or terminate accounts if it detects misuse or has another reason to believe that Customer doesn’t comply with provisions a) - d). 

Responsibilities, restrictions and limitations relating to and handling of User-generated content

“User-generated content” means text data you enter or upload into the Service.

a) You are responsible that you are

  • an authorized owner or holder of User-generated content entered to the Service and
  • allowed to enter the User-generated content into the Service.

b) IPRally will not

  • gain ownership of User-generated content,
  • share, distribute or disclose User-generated content to any third party, or
  • use User-generated content for any other purposes than required for performing functions of the Service.

c) You may permanently delete all your User-generated content, taking into account ordinary backup storage periods.

Handling of personal data

IPRally takes appropriate technical and organizational measures to protect the security, confidentiality and integrity of personal data, as required by the General Data Protection Regulation and defined in more detail in its Privacy Policy ( The Privacy Policy contains information that you should review prior to using the Service. 

To the extent IPRally acts as a data processor on behalf of the Customer, the IPRally Data Processing Agreement (, or, if such agreement exists, a separate Data Processing Agreement signed with the Customer, governs the processing of personal data between the Customer and IPRally. 

Handling of other data

IPRally may collect anonymous and/or aggregated usage data from the Service, including but not limited to aggregated data on the usage of individual features of the Service, and transfer such data to third party services for analytics purposes and for allowing improvement and optimisation of the Service. For the sake of clarity, such usage data shall not contain any User-generated content.

Data security

IPRally employs commercially and technically reasonable security measures to protect your information. IPRally has implemented a variety of safeguards to protect the security of the platform, including encrypting web connections to protect data transmissions and preventing unauthorised access to its servers and facilities. However, no information system is impenetrable. You are responsible, with means available, for protecting the security of your account and all activities that occur under the account or in connection with the Service. You must immediately notify IPRally of any unauthorised use of the account or the Service or any other breaches of security by e-mailing at

Intellectual property rights

You, or the lawful owner of the respective content, own the intellectual property rights of the User-generated content as defined in section “Handling of User-generated content”.

Elements of the Service, in particular the visual interfaces, graphics, design, compilation, information, data, computer code, products, software, services and templates (“Materials”) thereof provided by IPRally are owned by IPRally and protected by intellectual property rights laws and other laws. The Materials included in the Service are the property of IPRally or its third party licensors. Except as expressly stated herein, these Terms do not grant the Customer, or any users any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trademarks, product names, know-how or any other rights or licenses in respect of the Service or Materials.

Changes to Terms

Unless otherwise agreed in the Agreement, IPRally may change these Terms at any time for a variety of reasons, such as to reflect changes in applicable law or updates to the Service, and to account for new functionalities therein. The most current version will be available at the Service and/or posted to you via e-mail. If an amendment is material, as determined at IPRally’s sole discretion, IPRally will notify you via e-mail or you will be notified upon login to the Service. Changes will be effective no sooner than the day they are made available. If you do not agree to the Terms, you should stop using the Service. Continued use of the Service indicates acceptance of the Terms.

Changes to the Service

IPRally constantly develops the Service by adding, altering or removing functionalities therein without prior notice. IPRally may limit, suspend or discontinue the Service or part thereof at its discretion. In case the Service or a substantial part thereof is discontinued, you will be given a chance to obtain a copy of the User-generated content from the Service or said part thereof. If the Service as a whole is discontinued, the Customer is entitled to a refund of the pre-paid fees relating to time after discontinuation.  

Limitations of liability

IPRally endeavors towards maintaining high quality of the Service and correctness of data available through the Service. However, IPRally is not responsible for any discomfort or damage caused to the Customer or its users by either correct or potentially incorrect data in the Service or functioning of the Service. In any case, to the extent permitted by applicable law, the liability of IPRally, its affiliates, officers, employees, agents, suppliers and licensors arising in connection with the Service will not exceed the amount paid by the Customer to IPRally for the Service during the 12 months prior to the event giving rise to liability.

Account and Service setup 

By default, IPRally creates one or more Admin user accounts for the Customer and sets the number of licenses available. Admin users will have the right to invite other users from within the same organization, as far as there are licenses available, through the account management page, to appoint additional Admin users, and to enable, disable or customize features and additional modules of the service that apply to all users of the Customer. By doing so, the Admin user assures that he/she is in the position to do so and is acting in accordance with Customer’s policies. The invited users will receive account activation instructions by e-mail. Licenses can be transferred during the subscription term between users of the same organization by Admin users. You are not allowed to invite users from outside of the Customer’s organization. You will not be eligible for a refund for licenses that are not activated or used. IPRally is not responsible for account activation e-mails that are stuck in e-mail filters that are not under the control of IPRally. Support requests relating to account or Service setup should be sent to

Payment, renewal and cancellation of subscription

The Customer agrees to pay all applicable fees related to the use of the Service, as defined in the Agreement.

Unless specifically otherwise agreed in the Agreement, IPRally shall have the right to change the fees related to the use of the Service by notifying the Customer of the new fees at least sixty (60) days prior to the ending of the agreed subscription term. If no notification is made to the Customer, IPRally shall have the right to automatically increase the fees for the Service but such increase may not exceed 10%. The new fees shall become effective at the beginning of the next subscription term.

Unless specifically otherwise agreed in the Agreement, the subscription to the Service is automatically renewed with Terms and fees valid at the time unless the Customer cancels it by notifying IPRally by e-mail at or via the account management page, if such function is available, at least thirty (30) days prior to ending of the then-current subscription term.

IPRally reserves the right to terminate the Agreement immediately, if: (1) the Customer or its user breaches any terms and conditions provided in the Terms or otherwise in the Agreement, or (2) if due payment is not received, provided that in each case (1) and (2), such breach or failure to pay due payment is not remedied within 30 days from IPRally’s written notice thereof to the Customer. 

Suspension and termination of services

The Customer may terminate subscription to the Service at any time through account management page, or if such page is not present or accessible, through e-mail to Such termination will result in deactivation or disablement of the Customer’s and its users’ accounts. In case of termination during a billing cycle, no refund will be paid unless required by law or unless IPRally has materially breached these Terms and failed to cure the breach within 30 days after written notification thereof.

Links to other websites

The Service may contain links to third party websites or software solutions, such as Google Patents, Espacenet or other patent databases. These links are provided solely as a convenience to you. By linking to these websites or solutions, we do not create or have an affiliation with, or sponsor such third party websites or solutions. The inclusion of links within the Service does not constitute any endorsement, guarantee, warranty, or recommendation of such websites or solutions. IPRally will not share any User-generated content with those websites or solutions. 

IPRally has no control over the legal documents and privacy practices of third party websites or solutions, and by using them, you may be giving those third parties permission to use or control your information in ways IPRally would not. As such, you access any third party websites at your own risk. IPRally doesn’t guarantee the correctness of the information in the linked resources and does not give any uptime guarantees for these websites.


By using the Service, you consent to receiving e-mails from IPRally. These e-mails may include notices about applicable fees and charges, transactional information and other information concerning or related to the Service. These e-mails are part of your relationship with IPRally.


IPRally is allowed to use the Customer’s name and logo as a public reference, unless otherwise agreed between IPRally and the Customer.

The Customer may not assign or transfer these Terms or any of its rights or obligations hereunder without IPRally’s prior written consent. IPRally may assign or transfer these Terms or any of our rights or obligations hereunder at any time upon written notice to the Customer. These Terms are binding on any respective successors and assignees.

Trial subscriptions

IPRally may grant and terminate trial subscriptions at its sole discretion. These Terms and any additional specific terms, as applicable for the scope of the trial, as determined by IPRally, apply to trial subscriptions, apart from the following clauses:

  • Third sentence of section “Changes to the Service” (obtaining a copy of User-generated content in case of discontinuation of the Service or part thereof)
  • First paragraph of section “Miscellaneous” (use of Customer’s name and logo) 

IPRally reserves the right to provide additional terms and conditions regarding the trial subscriptions.  

Governing laws

These Terms are governed by and construed in accordance with the laws of Finland, without giving effect to its choice of law provisions. Any dispute or claim arising out of or in connection with the Terms, failing amicable arrangement, shall be settled and submitted to the jurisdiction of the courts of Helsinki, Finland.

Generative AI Additional Terms and Conditions

Effective Date: October 2, 2023

These IPRally Generative AI Additional Terms and Conditions (“Generative AI Terms”) shall apply if the Generative AI module is included in the plan selected by the Customer as stated in the Agreement between IPRally and the Customer or subsequently opted in by the Customer in the Service. These Generative AI Terms shall form an integral part of that Agreement, when applicable. Unless otherwise expressly provided herein, the capitalized terms shall have the meaning defined in the Agreement and the Terms of Service.


  • We never send any User-generated content outside our own cloud environment, unless specifically approved by our customers for specific purposes.
  • Modern Generative AI models offer high value in e.g. efficient patent review. We may use models hosted in our cloud environment, or, to speed up providing that value to you, selected and trusted External services that host such models, to provide Generative AI functionalities. 
  • We aim for full transparency and user control of the use of such features, and as high privacy, confidentiality and security of data as possible, as defined in our Terms of Service as well as in these Generative AI Terms.
  • Specifically, we never use External services that claim ownership of User-generated content or use User-generated content to train their machine learning models.
  • While we aim to provide high-quality Generative AI functionalities, we make no warranty that their outputs will be correct or accurate, and we recommend checking the outputs from a primary source before using them.

Generative AI functionalities 

Modern generative AI models offer high value in patent information-related tasks, such as efficient review, filtering, summarization and analysis of search results or patent portfolios, as well as other advanced functionalities. To deliver that value to our customers, we aim to use such models to offer such functionalities (“Generative AI functionalities”) as optional functionalities. 

By approving these Generative AI Terms, you (as the Customer) give the consent to enable Generative AI functionalities for the users of your organization and assure that you are in a position to do so. 

You can disable the Generative AI functionalities at any time.

The scope of Generative AI functionalities

Generative AI functionalities are always marked with a specific identifier, such as an icon. You will see the identifier always before you choose to use such functionalities.

Current and planned Generative AI functionalities include:

  • “Ask AI” feature that can be used to ask questions about or give instructions for analyzing individual or multiple patents.
  • “AI Filter” feature that can filter patent data sets using Generative AI models based on the user’s instructions.

More Generative AI functionalities can be added by us, provided that they are marked with the identifier.

Use of External services

Generative AI models are large, and their hosting with meaningful service bandwidth can be expensive. While our long-term aim is to host all models and services within our own cloud environment, we may choose to use model hosting services that operate outside our own cloud environment (“External services”) to offer Generative AI functionalities at reasonable cost and deployment speed. Some functionalities also require sending of specific User-generated content to External services.

We may also host our own Generative AI models or use models hosted within our cloud environment by our cloud service provider. For the sake of clarity, these are not External services. 

Our Terms of Service disallow sending User-generated content to External services without the explicit consent of the Customer. These Generative AI Terms specify:

  • The scope of Generative AI functionalities that may utilize User-generated content
  • User-generated content External services may use
  • External services and terms and liabilities applying thereto  

User-generated content External services may use

Generative AI functionalities work based on input prompts (“Prompts”), part of which may consist of the user's input forming part of User-generated content. User’s input may be sent to External services as part of Prompts. User’s input may include text input in a specific text field and/or input chosen by the user from predefined input alternatives.

We will never use previously stored Customer information or users’ personal information as part of Prompts. We will not use search queries, technology tags, comments, or parts thereof, or any other previously stored User-generated content as part of Prompts without the user specifically including that in his/her input.

Examples regarding the current Generative AI functionalities:

“Ask AI” feature: 

User-generated content includes only the questions that you enter to a question field or choose from predefined default questions. Example: User asks a question “What are the benefits of the invention?” about US patent 9,000,000. The content we may send to External services as part of the Prompt includes: 

  • the question (“What are the benefits of the invention?”), 
  • publicly available data (specification and bibliographic data) of US patent 9,000,000, and 
  • our proprietary prompt, which includes no customer or user-specific information and no User-generated content.

Details of upcoming Generative AI functionalities can be added by us. 

External services and terms and liabilities applying thereto 

IPRally only uses External services that are evaluated to be trusted services, with the following minimum requirements:

  • The providers of External services do not use the input prompts for training their machine learning models using the input prompts, AND
  • They do not claim ownership of the inputs, i.e. you will retain the ownership of all User-generated content in accordance with IPRally’s Terms of Service.

We may use the following trusted services as External services through their Application Programming Interfaces (APIs):

External services may be added to the list of trusted services and used for providing Generative AI functionalities at the sole discretion of IPRally, provided that they satisfy the minimum requirements mentioned above. External services may also be removed from the list of trusted services.

Disclaimer regarding the output of Generative AI models

You acknowledge that the outputs of the Generative AI functionalities are provided “as is” without warranty of any kind. IPRally makes no warranty that the outputs of the Generative AI functionalities will be correct or accurate, and we recommend checking the outputs from a primary source before using them. You assume the entire risk arising out of the use of the Generative AI functionalities and outputs thereof. To the extent that we may not disclaim any warranty as a matter of applicable law, the scope and duration of such warranty will be limited to the minimum permitted under such law. 

Changes to Generative AI Terms

We may revise and update these Generative AI Terms from time to time in our sole discretion. If you continue to use the Generative AI functionalities after we post the updated Generative AI Terms or otherwise give you notice of such changes, it means that you accept and agree to the updated Generative AI Terms. If you do not accept the updated Generative AI Terms, you must not continue to access or use the Generative AI functionalities.

Data Processing Agreement

Last modified: October 2, 2023

This IPRally Data Processing Agreement and its Annexes (hereinafter the “Data Processing Agreement” or “DPA”) reflects the parties’ agreement with respect to the Processing of Personal Data by

                 us, IPRally Technologies Oy, address: Mikonkatu 15 A, 00100 Helsinki, Finland, Business ID: 2901197-7, including its affiliates (“IPRally” or the ”Supplier”) as the Processor AND

                 you (the ”Customer”) as the Controller,

on behalf of you in connection with the IPRally service.

The Customer and the Supplier hereinafter each separately referred to as a ”Party” and together as the ”Parties.”

1.              SUBJECT AND PURPOSE

A)             Unless otherwise expressly provided therein, or a separate written data processing agreement has been entered into between Parties, this DPA is applied to the processing of Personal Data under, and part of the Software as a Service agreement (the “Agreement”) between Supplier and Customer. This DPA is part of the Agreement and prevails over any conflicting provisions of the Agreement concerning data processing.

B)             The purpose of this DPA is to ensure the implementation of consistent data protection practices to be applied in the provision of services by the Supplier to the Customer. The Parties recognize and agree that well-managed data and privacy protection is a fundamental necessity of the Customer’s operations. Furthermore, the Parties recognize and agree that proper data protection is required by applicable legislation.

2.              DEFINITIONS

A)             "Controller” shall mean, as defined in the Data Protection Laws, an entity which determines the purposes and means of the processing of Personal Data under this DPA.

B)             “Data Subject” shall mean a person, as defined in the Data Protection Laws, whose Personal Data the Supplier processes under this DPA.

C)             “Data Protection Laws” shall mean, without limitation and as applicable, all EU legislative acts related to protection of personal data as in force from time to time such as the EU General Data Protection Regulation (2016/679) (the “GDPR”), and all other applicable EU and national data protection, privacy, data security and data protection laws, regulations, rulings, regulatory guidance and other binding restrictions of, or by, any judicial or administrative body, as in force from time to time and any amendments thereof.

D)             “Personal Data” shall mean personal data as defined in the Data Protection Laws.

E)             “Processor” shall mean, as defined in the Data Protection Laws, an entity which processes Personal Data on behalf of the Controller for the purposes specified in this DPA. For avoidance of doubt, it is noted that “processing” Personal Data refers to any operation, or set of operations, performed on Personal Data, as defined in the Data Protection Laws, including by collection, recording, organization, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction.

The terms related to data protection which are not defined in this DPA, are used in accordance with the GDPR.


A)             The Parties agree, in the processing of Personal Data under this DPA, to comply with the Data Protection Laws. The Supplier shall, and shall procure that any subprocessors shall, process Personal Data only in accordance with the written instructions from the Customer, unless required to do so by applicable legislation to which the Supplier is subject; in such a case, the Supplier shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. Should any future written instructions of the Customer go beyond the legally necessary, or if the Customer submits new instructions, the Supplier shall be entitled to a reasonable compensation in accordance with incurred costs, or as agreed between the Parties.

B)             The Supplier shall not process the Personal Data for any other purposes than those necessary to provide the services to the Customer specified in the Agreement and this DPA (including any appendices) or fulfill other obligations under this DPA.

C)             The Supplier shall notify the Customer if the Supplier cannot fulfil its obligations under this DPA or if the Supplier is of the view that an instruction regarding the processing of Personal Data would be in breach of the Data Protection Laws unless the Supplier is prohibited from notifying the Customer under any applicable legislation.

D)             For the sake of clarity, it is stated that it is the Customer's responsibility to ensure, as the Controller, that the Customer has the right to disclose or otherwise give access to the Personal Data to the Supplier and the Supplier's personnel based on the applicable legislation.


The Supplier shall not transfer Personal Data to a country outside the EU/EEA or otherwise process Personal Data in a country outside the EU/EEA without prior written authorization of the Customer. If Personal Data is transferred outside the EU/EEA, there must be appropriate safeguards in place for the transfer, such as the EU Commission standard contractual clauses for international transfers (SCCs). The Supplier shall, upon request, provide evidence of these safeguards to the Customer. At the time the DPA enters into force, consent is considered given for the sub-processors listed in Annex B.

5.              CONFIDENTIALITY

The Supplier, and people working under the Supplier, shall keep the Personal Data received from the Customer confidential and ensure that only authorized persons can access the Personal Data for processing. The Supplier shall ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.


Upon termination or expiry of the Agreement, the Supplier shall delete or return to the Customer within a reasonable time all Personal Data processed on behalf of the Customer and delete existing copies, unless the applicable legislation/regulation requires to store the Personal Data.

7.              SUBPROCESSORS

A)             The Supplier may engage subprocessor(s) to process Personal Data, provided that:

i)               such engagement will be under a written contract or terms; and

ii)              the contract or terms will require the subprocessor(s) to comply with similar obligations applicable to the Supplier under this DPA and the Data Protection Laws.

B)             Upon written request, the Supplier will inform the Customer of the subprocessors it uses and about any subsequent change of subprocessors. For a justified reason, the Customer has the right to object to the use of a new subprocessor within fourteen (14) days of the Supplier's notification. Objection must be notified in writing to the Supplier. If the Parties cannot reach an agreement on using a new subprocessor, both Parties have the right to terminate the Agreement by giving a thirty (30) days’ prior written notice.

C)             In any event, the Supplier will remain fully liable for the acts and omissions of its subprocessors towards the Customer.


A)             The Supplier shall implement and use its reasonable efforts to maintain appropriate technical and organizational measures to protect the Personal Data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access so that the processing is in compliance with the Data Protection Laws and the Customer’s written instructions.

B)             The Supplier shall implement at least the following measures as appropriate:

i)               the pseudonymization and encryption of Personal Data;

ii)              the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

iii)            the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;

iv)            a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

9.              DATA BREACHES

A)             In the event of data breach, the Supplier shall notify the Customer without undue delay upon the Supplier becoming aware of the data breach affecting Personal Data, to the extent that the Data Protection Laws requires such notification.

B)             Upon the Customer's request, the Supplier shall provide the Customer with reasonably detailed written notice of its discovery of any data breach. The data breach notification shall contain the following:

i)               description of the nature of the data breach including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned;

ii)              the name and contact details of the contact point where more information can be obtained;

iii)            description of the likely consequences of the data breach;

iv)            description of the measures taken or proposed to be taken by the Supplier to address data breach, including, where appropriate, measures to mitigate its possible adverse effects.

C)             The Supplier shall co-operate with the Customer and take reasonable commercial steps as are directed by the Customer to assist in the investigation, mitigation and remediation of each such data breach.

10.           RIGHT TO AUDIT

A)             The Customer or a third-party auditor mandated by the Customer, shall have the right to audit the processing activities of the Supplier under this DPA to examine the level of protection and security provided for Personal Data processed under this DPA. Such third-party auditor must not be a competitor of the Supplier.

B)             The Customer may audit the Supplier's compliance with this DPA no more than once a year. The Customer may request more frequent audits if required by the legislation applicable to the Customer.

C)             The audit timetable, method and scope shall be agreed beforehand between the Parties and the audit shall not unduly interfere with the Supplier’s business operations.

D)             The Customer shall be responsible for all costs of the audits it requests. The Supplier has the right to charge the Customer for assistance provided in connection with the audit.


A)             Taking into account the nature of the processing, the Supplier shall assist the Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests to exercise Data Subjects’ rights under the Data Protection Laws.

B)             If requested by the Customer in order for the Customer to comply with the Data Protection Laws, the Supplier shall provide relevant information and reasonable assistance to the Customer to meet its reporting obligations and other obligation under the Data Protection Laws, taking into account the nature of processing and the information available to the Supplier. Such other obligations may include data protection impact assessment and supervisory authority’s prior consultations.

C)             The Supplier is entitled to charge the Customer for the costs for assisting with the above, if the content of the requests deviates from the standard information or assistance provided by the Supplier under the Data Protection Laws and results in additional work for the Supplier.

12.           LIABILITY

A)             The limitations of liability and liability cap(s) agreed between the Parties in the Agreement shall apply to the Supplier’s liability arising under or in connection with this DPA. In case the Parties have not agreed on a liability cap applicable to the Supplier’s liability arising under or in connection with this DPA elsewhere, the Supplier’s total aggregate liability arising under or in connection with this DPA shall not exceed the fees paid by the Customer to the Supplier under the Agreement during a period of twelve (12) months immediately preceding the event giving rise to the claim.

B)             However, neither Party shall under any circumstances be liable for any indirect, consequential or special damages incurred by the other Party arising under or in connection with this DPA.

C)             The limitations of liability under this section 12 (Liability) shall not apply to damages caused by willful misconduct or gross negligence.

D)             Each Party is responsible for the administrative fines which the supervisory authority has imposed to the Party in question, and which result from that Party’s infringement of the Data Protection Laws.


This DPA shall remain in force for as long as the Supplier process the Personal Data on behalf of the Customer in order to provide the services under the Agreement and for such period thereafter as is necessary for the activities to be complete, including but not limited to, the return of Personal Data to the Customer and the deletion of Personal Data, or, if longer, as may be required by any applicable law.


The terms of the Agreement shall apply herein.

15.           MISCELLANEOUS

A)             This DPA (including appendices) constitutes the entire agreement between the Parties and replaces any prior agreements and understandings, oral and written, between the Parties on the processing of Personal Data.

B)             If any provision of this DPA shall be found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, so far as permissible, such unenforceability or invalidity shall not affect the other provisions of this DPA, which shall remain in full force and effect.

C)            IPRally may change the content of this Agreement, subject to posting a notice of change in its web page.

D)             The appendices listed here below shall form an integral part of the DPA.

16.           APPENDICES

Annex A: Description of the processing of Personal Data
Annex B: List of subprocessors

Privacy Policy

Updated 5 April 2024

This privacy policy applies to the processing of personal data in connection with products and services owned and operated by IPRally Technologies Oy (“IPRally” or “we”). IPRally is committed to protecting your privacy and complying with applicable data protection and privacy laws, such as the General Data Protection Regulation (2016/679). This Privacy Policy (“Policy”) is designed to help you understand what kind of information we collect and how we process and use such information.

The Policy covers how IPRally handles personal information, meaning information relating to an identified or identifiable individual, i.e. a natural person (“Data Subject”). This Policy applies to personal data ("Personal Data") collected in connection with the products and services offered by IPRally, website and interactions related to our service or website such as customer support, customer events, or promotions and campaigns and usage information from such interactions, products, services, events, promotions and campaigns.

Information We Collect

Contacting us on the website. You can contact us on the website by providing your e-mail address. The e-mail address is used to allow us to contact you for offering or negotiating about the services requested and can be added to a mailing list and/or used for subsequent marketing purposes.

Registering to services and providing products and services. When you register for our services, we may ask you to provide us with certain information such as your name, email address, passwords and other such credentials that are used to authenticate users and to validate their actions or that may be needed to provide you with the products and services you have requested or to communicate with you.

Newsletter and other marketing materials requiring a subscription. When you sign up for our regular newsletter or another service requiring giving your e-mail address, we shall send you newsletter(s) (based on your consent) or communications regarding products that may be of interest to you. If you no longer wish to receive these communications, you can follow the unsubscribe instructions contained in each of the email communications you receive.


For the purposes stated in this Policy, the Personal Data may be disclosed, or the access may be granted, when necessary, to selected third parties, such as third-party service providers.

Planhat. We may use the Planhat AB ("Planhat") technology to proactively support our customers when it comes to usage, feedback and any other feature and/or product related feedback. This enables us to optimize product features, measure user behaviour and better understand how users interact with the product. Through Planhat, IPRally might conduct customer focused surveys during the duration of the agreement.

Intercom. We use Intercom, Inc. ("Intercom") technology to provide support and information for website visitors and product users. This enables us to serve customers quickly and to maintain up-to-date product documentation.

Adroll. We may use NextRoll, Inc. (“Adroll”) technology to automate our marketing tasks, in particular to show you retargeted ads. Adroll shows the targeted ads through use of cookies that are being stored on each page visit by you. Adroll collects data to show you retargeted ads to promote our product and services and to better show you ads that match your interests. You can opt-out from use of your Personal Data for retargeting by visiting this link.

Mailgun. We may use Mailgun Technologies, Inc., a Delaware corporation (“Mailgun”) to communicate with our users.

Hubspot. We may use Hubspot, Inc. (“Hubspot”) to communicate with our newsletter subscribers and users, to manage our marketing and sales process, and for website analytics. Hubspot uses cookies. You can prevent storage of cookies by appropriately setting your browser software. 

Slack. We may use Slack Technologies, LLC (“Slack”) to get notifications from some of the above-mentioned services to improve customer journeys and our service and support level. The notifications may include Personal Data, which are stored by Slack and are subject to their technical and organizational data security measures.

Zapier. We may use Zapier, Inc (“Zapier”) technology to connect some of the above mentioned services together in an automated fashion.

Auth0. We may use Auth0 by Okta, Inc. (“Auth0”) to add authenticate and authorize users and services to our application and services.

Google reCAPTCHA. We may use Google reCAPTCHA by Google Inc. (“reCAPTCHA”) technology to detect abusive traffic on our website and to protect the website from spam.

Google Analytics. We may use Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses cookies. You can prevent the storage of cookies by appropriately setting your browser software. In addition, you can prevent data generated by the cookie and relating to your use of the website (including your IP address) from being collected and processed by Google, by downloading and installing a browser plug-in from the following link:

Purposes and Legal Bases of Processing

Provision of products and services. We may process and use Personal Data to provide you with the product or service you have requested, fulfill your other requests, process your order or as otherwise may be necessary to perform or enforce the contract between you and IPRally. We may also process and use your Personal Data to ensure the functionality and security of our products and services, to identify you, and to prevent and detect fraud and other misuses. The legal basis for the above-mentioned processing is the contract or its preparation, or our legitimate interest. 

Development of products and services. We may process and use your Personal Data to develop our products and/or services. However, for the most part we only use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. We may also process and use your Personal Data to personalize our offerings and to provide you with services more relevant to you, for example, to make recommendations and to display customized content. The legal basis for the above-mentioned processing is our legitimate interest.

Communicating with you and marketing. We may process and use your Personal Data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your Personal Data for marketing. Marketing purposes may include using your Personal Data for personalized marketing or research purposes in accordance with applicable laws. The legal basis for the above-mentioned processing is our legitimate interest or your consent.

Complying and fulfilling our legal duties and obligations. We may process and use your Personal Data to fulfill our legal obligations, such as tax law and accounting related obligations based on statutory obligations.

Establishing, exercising, or defending against legal claims. We may process and use your Personal Data to establish, exercise or defend against legal claims. The legal basis for the above-mentioned processing is our legitimate interest. 

For processing activities that are based on a legitimate interest, we have carefully balanced such legitimate interest with your right to privacy and concluded that our interest outweighs your Data Subjects’ rights and freedoms.

Where the processing is such that a consent is required by the applicable legislation, we will state so and obtain the consent, and this will be the legal basis for the processing. However, you have the right to withdraw that consent any time, without affecting the lawfulness of processing based on consent before its withdrawal. If such withdrawal means that we are no longer able to provide our services, we may cease to provide the services.

Data Retention

We will retain your Personal Data for as long as needed to provide services to you. After such reason no longer exists, we shall retain the Personal Data for a maximum of twelve months plus an ordinary backup storage period, unless otherwise explicitly agreed. 

In general, we retain Personal Data only for a period that is necessary to achieve the purposes for which Personal Data is processed, unless there is a legal obligation to retain Personal Data for a longer period of time (for example, responsibilities and obligations under specific legislation, accounting or reporting obligations). We may retain Personal Data for a longer period of time if it is required, for example, to exercise a legal claim, to defend a legal claim, or to settle a similar dispute or in order to enforce our agreements.

We evaluate the necessity and accuracy of the Personal Data on a regular basis and endeavor to ensure that the incorrect and unnecessary Personal Data are corrected or deleted.

Detailed data retention times can be provided upon request.

Data Security

IPRally implements appropriate technical and organizational security measures to prevent and minimize risks associated with providing and processing your Personal Data.

Such security measures include, where appropriate, the use of firewalls, secure server facilities, encryption, implementing proper access rights management systems and processes, careful selection of processors, sufficient training of personnel involved in the processing, and other necessary measures to provide appropriate protection for your Personal Data against unauthorized use or disclosure. Where appropriate, we may also take backup copies and use other such means to prevent accidental damage or destruction of your Personal Data.

All traffic is encrypted using Secure Socket Layer technology (SSL) or other encrypted tunnels.

We restrict access to Personal Data only to authorized personnel, contractors and agents who need to know that information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. 

Transfers Of The Personal Data

We may disclose your Personal Data to third parties solely as stated below in this Policy, or as obligated by mandatory law.

International transfers. Our main principle is that your Personal Data is processed within the European Union (EU) or the European Economic Area (EEA). However, some of the service providers used by us may operate outside the territory of the EU/EEA and thus, your Personal Data can be transferred outside the EU/EEA.

In case Personal Data is transferred outside the EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as Standard Contractual Clauses (SCC) adopted, including any supplementary measures, where assessed to be necessary, or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.

The servers directly used by IPRally are located in the European Union. However, some service providers may use servers located outside the EU/EEA. 

Service Providers. From time to time, IPRally may contract with third parties to perform functions necessary for its research operations and, under the terms of those contracts, may transfer Personal Data to those third parties. IPRally requires any such third party to maintain the confidentiality of such Personal Data. We use other third parties such as an email service provider to send out emails on our behalf. When you sign up for our services, we will share your Personal Data only as necessary for the third party to provide that service. We also use third parties to assist us in selling our services.

Other disclosures. We may disclose and otherwise process your Personal Data in accordance with applicable laws to defend IPRally’s legitimate interests, for example, in civil or criminal legal proceedings.

The Personal Data may also be disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety and usability of the products and services. In the event of emergencies or other unexpected circumstances, we may be required to disclose the Personal Data in order to protect human life, health and property.

Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise reorganize our business, this may involve us disclosing Personal Data to prospective or actual purchasers and their advisers, or receiving Personal Data from sellers and their advisers, for the purposes of such transactions.

Social Media Features. Our website and some surveys may include social media features. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features are hosted by a third party. Your interactions with these features are governed by the privacy policy of the company providing them.

Use Of Cookies

IPRally may use cookies primarily to identify returning users from the same computer and ensure the integrity of its research. As part of its basic uses of Internet technology to provide surveys, IPRally also collects technical information such as: respondent IP address; the date and time and respondent HTTP request headers. IPRally also uses third-party analytical cookies for tracking web traffic and usage.

If you wish to disable cookies, or want to be notified before they are placed, you may do this in the cookie settings in the cookie banner. However, we may not be able to provide certain services or you may not be able to view certain parts of this website if you have disabled cookies.

Some of our business partners whose content is linked to or from our website may also use cookies. However, we have no access to or control over these cookies.

Your Rights

You, as a Data Subject, have several rights under applicable data protection laws.

Right of access and right of inspection

You have the right to obtain confirmation as to whether or not Personal Data concerning you is being processed.

You have the right to inspect and view Personal Data concerning you and, upon request, the right to obtain data in a written or electric form. This applies to information that you have provided to us insofar the processing is based on a contract/consent.

Right to rectification and right to erasure

You have the right to demand the rectification of incorrect Personal Data concerning you and to have incomplete Personal Data completed.

You have the right to require us to delete or stop processing your Personal Data, for example where the Personal Data is no longer necessary for the purposes of processing.

However, please note that certain Personal Data is strictly necessary in order to achieve the purposes defined in this Policy and may also be required to be retained by applicable laws.

Right to data portability

You have the right to receive the Personal Data that you have provided to us in a structured, commonly used, and machine-readable format and, if desired, transmit that data to another controller. The right to data portability applies to the processing of personal data based on consent or a contract.

Right to restriction of processing

You have the right, under conditions defined by data protection legislation, to request the restriction of processing of your Personal Data. In situations where Personal Data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, we will limit the access to such data. 

Right to object to processing

You have the right to object to the processing of your Personal Data where we are relying on our legitimate interests as the legal ground for processing. For example, you may object to your Personal Data being used for marketing purposes. 

Right to withdraw consent

In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time.

Exercising rights

In case you wish to make use of your rights mentioned above, you may, as appropriate and in accordance with applicable laws, exercise such rights by contacting us through the contact points referred to in the marketing materials or below in this Policy. In some cases, especially if you wish us to delete or cease the processing of your Personal Data, this may also mean that we may not be able to continue to provide the services to you.

Complaint To The Supervisory Authority

In the event you consider our processing activities of your Personal Data to be inconsistent with the applicable data protection laws or that IPRally has not sufficiently ensured the realization of your rights, you may lodge a complaint with the local supervisory authority responsible for data protection matters.

The relevant authority in Finland is the Data Protection Ombudsman (

Notification Of Changes

If we decide to change our Policy, we will post these changes to the IPRally website. We reserve the right to modify this Policy at any time, so please review it frequently. If we make material changes to this Policy, we will notify you here, by e-mail, or by means of a notice on our website prior to the change becoming effective.

If you have any questions or comments about this Policy, or the practices of this website, or unresolved privacy and data use concerns, please contact IPRally by e-mailing

The data controller responsible for the purposes of the applicable data protection laws is:

IPRally Technologies Oy (registered in Finland, business ID: 2901197-7)
Mikonkatu 15 A
00100 Helsinki

Free trial