GDPR
Use privacy by design and by default: minimise personal data, require consent for non-essential analytics, document processors, and keep draft data out of public routes.
Compliance
Publication safety, privacy, accessibility, and AI transparency are release gates.
This page documents the engineering controls expected before production launch. It is not legal advice.
Last reviewed
EU AI Act transparency
Where AI assists drafting or transformation of a disclosure, the product should make that clear before publication and retain metadata that distinguishes user-provided and AI-assisted text.
Defensive-publication consent
Publishing requires an explicit irreversible confirmation flow. Users must understand that public prior art can destroy their own ability to patent the same invention.
Security headers
Responses set Content Security Policy, frame blocking, content-type protection, referrer policy, permissions policy, and HSTS in production-capable environments.
Accessibility
Public pages target WCAG 2.2 AA so disclosures are usable by inventors, examiners, researchers, and assistive technologies.
AI crawler policy
Robots policy allows search and AI crawlers for public disclosure pages because findability is part of the defensive-publication product.