Skip to main content

BizMORI Privacy Policy

Effective Date: November 1, 2025 Last Updated: November 1, 2025

1. Introduction

This Privacy Policy describes how MORI SOLUTION, Inc. (“MORI”, “we”) and its affiliate MORI Corp. (주식회사 모리) collect, use, share, and protect Personal Data in connection with the BizMORI service (“Service”). MORI SOLUTION, Inc. is the data controller (GDPR). MORI Corp. operates the Service infrastructure in South Korea and processes data on behalf of MORI SOLUTION, Inc. This policy applies to visitors of mori-corp.io, BizMORI API users, and business customer representatives.

2. Information We Collect

Account Information: Name, email, company name, billing address, payment information (processed by our payment provider). Credentials are securely hashed. Service Usage Data: API request logs (endpoint, timestamp, response code), IP address, user agent, rate limit usage. Customer Data (Processed on Your Behalf): Images uploaded for watermark processing and output files. We process Customer Data solely to provide the Service. We do not train AI models on Customer Data. Communication Data: Support requests, feedback, and survey responses. Automatically Collected Data: Browser type, OS, device info (web dashboard), cookies (see Section 7). Note on Biometric Data: Uploaded images may incidentally contain biometric data (e.g., facial images). MORI does not extract or analyze biometric identifiers; processing is solely for watermark embedding and detection. Customers are responsible for ensuring compliance with applicable biometric data laws (e.g., Illinois BIPA, GDPR Art. 9, Korea PIPA Art. 23) before uploading images containing biometric identifiers.

3. How We Use Your Information

PurposeLegal Basis (GDPR)
Provide and operate the ServiceContract performance (Art. 6(1)(b))
Process payments and billingContract performance (Art. 6(1)(b))
Service notifications and supportContract performance (Art. 6(1)(b))
Security and fraud preventionLegitimate interest (Art. 6(1)(f))
Service improvement (aggregated data)Legitimate interest (Art. 6(1)(f))
Legal complianceLegal obligation (Art. 6(1)(c))
Marketing (with consent)Consent (Art. 6(1)(a))
We do not use Personal Data for automated decision-making that produces legal effects (GDPR Art. 22).

4. Data Retention

Data TypeRetention
Processing temporary filesDeleted immediately
Completed order files30 days
API request logs90 days
Account informationAccount duration + 30 days
Billing recordsUp to 5 years (as required by law)
Data is securely deleted or anonymized upon expiration using cryptographic erasure or overwrite methods.

5. How We Share Your Information

We do not sell Personal Data. We share data only as follows:
  • Sub-processors: AWS (cloud infrastructure, South Korea), Clerk (authentication, US), Sentry (error monitoring, US), Stripe (payments, US). Updated with 30 days’ notice.
  • Affiliates: MORI Corp. (South Korea) for service operations.
  • Legal Requirements: When required by law or governmental request.
  • Business Transfers: In connection with mergers, acquisitions, or asset sales.

6. International Data Transfers

Data may be transferred to South Korea (MORI Corp., AWS Seoul) and the United States (service providers, MORI SOLUTION, Inc.). For EEA/UK transfers: Standard Contractual Clauses (EU 2021/914) and adequacy decisions where applicable (South Korea has EU adequacy since December 2021). UK transfers also use the ICO’s International Data Transfer Addendum. For South Korea transfers: PIPA Article 28-8 compliance with contractual safeguards.

7. Cookies

We use essential cookies (authentication, security) without consent and functional/analytics cookies with consent per the EU ePrivacy Directive. Manage preferences via the cookie banner or dashboard footer settings.

8. Your Rights

GDPR (EEA/UK Residents)

Access, rectification, erasure, restriction, portability, objection, consent withdrawal, and right to lodge a complaint with your supervisory authority. Contact: privacy@bizmori.com. Response within 30 days.

CCPA/CPRA (California Residents)

Right to know, delete, correct, and opt-out of sale/sharing. We do not sell or share personal information. Categories collected: identifiers, commercial info, internet activity, professional info. Contact: privacy@bizmori.com. Response within 45 days.

Other U.S. State Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other states with privacy laws may have similar rights. Contact: privacy@bizmori.com.

Korea PIPA (한국 거주자)

열람권(제35조), 정정·삭제권(제36조), 처리정지권(제37조), 동의 철회권. 개인정보처리자: MORI Corp. (주식회사 모리) 개인정보 보호책임자(CPO): Kyuseok Kim, CEO, MORI Corp. — privacy@bizmori.com 개인정보 전송 요구권(제35조의2) 보장. 열람 청구 시 10일 이내 조치. 피해구제: 개인정보분쟁조정위원회(1833-6972), 개인정보침해신고센터(118), 대검찰청(1301), 경찰청(182). 개인정보 처리 위탁: AWS (인프라), Clerk (인증), Sentry (오류 모니터링), Stripe (결제). 변경 시 30일 전 통지.

9. Data Security

We implement encryption at rest and in transit (TLS 1.2+), secure credential hashing, WAF, rate limiting, RBAC, monitoring, and input validation.

10. Security Incidents

In the event of a data breach likely to cause high risk, we will notify affected individuals without undue delay per GDPR Article 34 and PIPA Article 34, and cooperate with authorities.

11. Children’s Privacy

The Service is B2B and not directed at individuals under 16 (or 13 under COPPA). We do not knowingly collect children’s data.

12. Changes

Material changes will be posted at docs.bizmori.com/legal/privacy with 30 days’ email notice.

13. Contact

MORI SOLUTION, Inc. Website: https://mori-corp.io General Inquiries: support@bizmori.com Legal Notices: legal@bizmori.com Privacy Requests: privacy@bizmori.com Security Reports: security@bizmori.com Developer Portal: https://app.bizmori.com API Documentation: https://docs.bizmori.com
Available in English and Korean. English prevails for international customers; Korean prevails for South Korea customers.