Privacy Notice & Policy for MarkPilot
This Privacy Notice explains how MarkCloud Co., Ltd. (“we”, “us”, “our”) collects, uses, and protects your personal data when you use MarkPilot (the “Service”).
Effective Date 19 May 2026
Last Updated 19 May 2026
1. Controller and Contact
Data Controller: MarkCloud Co., Ltd.
Address: 4F, Building A, 14-8 Teheran-ro 70-gil, Gangnam-gu, Seoul, Republic of Korea
Email: info@markcloud.co.kr
Phone: +82-2-1833-4992
EU Representative (Art. 27): To be designated. Please contact info@markcloud.co.kr for inquiries.
Data Protection Officer (DPO): To be designated. Please contact info@markcloud.co.kr for inquiries.
2. Personal Data We Collect
Account Data
Items: email address, password, username, phone number.
Source: directly from you during registration.
Trademark Filing Data
Items: applicant information (name, address, contact details, nationality), trademark images, power of attorney (including signature), country-specific filing documents.
Source: directly from you during the filing process.
Technical Data
Items: IP address, browser type and version, access logs, approximate geolocation derived from IP address.
Source: automatically collected during your use of the Service.
3. Purposes and Legal Bases
Account Management
GDPR legal basis: Performance of a contract (Art. 6(1)(b)). CCPA business purpose: service delivery. Processing is necessary for registration, identity verification, and account management.
Trademark Filing Service
GDPR legal basis: Performance of a contract (Art. 6(1)(b)). CCPA business purpose: service delivery. Processing is necessary to file trademark applications, prepare documents, and manage filings on your behalf.
AI Trademark Class Recommendation
GDPR legal basis: Performance of a contract (Art. 6(1)(b)). The AI provides recommendations based on your input text; no training data from users is used. The final classification decision rests with you.
Customer Support
GDPR legal basis: Legitimate interest (Art. 6(1)(f)). We have a legitimate interest in responding to inquiries and resolving complaints effectively.
Legal Compliance
GDPR legal basis: Legal obligation (Art. 6(1)(c)). We process certain data to comply with applicable laws, including Korean e-commerce and tax regulations.
4. Recipients and Data Sharing
We share personal data with the following recipients:
| Recipient | Purpose | Category |
|---|---|---|
| National patent offices and local agents | Trademark filing submission | Third party (controller) |
| Local law firms and agents | Country-specific filing execution | Third party (controller) |
| Amazon Web Services (AWS) | Cloud hosting and data storage | Processor / Service provider |
| Google LLC | Translation API services | Processor / Service provider |
We have not sold or shared personal information as defined under CCPA/CPRA in the last 12 months.
5. International Transfers
We transfer personal data outside the European Economic Area (EEA) to the Republic of Korea. Safeguard: Explicit consent of the data subject (Art. 49(1)(a)). By creating an account and using our Service, you explicitly consent to the transfer of your personal data to the Republic of Korea for processing purposes described in this Notice.
6. Retention
- Account data: Until account deletion.
- Contract and filing records: 5 years (Korean e-commerce consumer protection law).
- Payment records: 5 years (Korean e-commerce consumer protection law).
- Consumer complaint records: 3 years (Korean e-commerce consumer protection law).
- Access logs: 3 months (Korean telecommunications law).
After the retention period, data is deleted or anonymized.
7. Your Rights
Under GDPR (EU/EEA residents)
- Right of Access (Art. 15) — obtain a copy of your data
- Right to Rectification (Art. 16) — correct inaccurate data
- Right to Erasure (Art. 17) — request deletion
- Right to Restriction (Art. 18) — restrict processing
- Right to Data Portability (Art. 20) — receive data in machine-readable format
- Right to Object (Art. 21) — object to processing based on legitimate interests
- Right Not to Be Subject to Automated Decision-Making (Art. 22)
- Right to Withdraw Consent (Art. 7(3))
Response time: within one month (extendable by two months for complex requests).
Under CCPA/CPRA (California residents) and US state laws
- Right to Know — categories and specific pieces of personal information collected
- Right to Delete — request deletion, subject to exceptions
- Right to Correct — correct inaccurate personal information
- Right to Opt-Out of Sale or Sharing — we do not sell or share personal information
- Right to Data Portability — receive data in JSON or CSV format
- Right to Non-Discrimination
Response time: confirmation within 10 business days, substantive response within 45 calendar days (extendable to 90 days with notice).
To exercise any right: info@markcloud.co.kr. You may designate an authorized agent with written permission.
8. Right to Lodge a Complaint
EU/EEA residents may lodge a complaint with their local supervisory authority: EDPB Members
California residents may file a complaint with the California Privacy Protection Agency (cppa.ca.gov) or their state Attorney General.
9. Cookies and Tracking Technologies
We use only essential cookies required for service operation: authentication tokens (access_token, refresh_token) and language preference (locale). We do not use analytics, advertising, or tracking cookies.
10. Automated Decision-Making
- AI Trademark Class Recommendation
- Logic: Analyzes your product/service description against the Nice Classification system.
- Significance: Advisory only. No legal effects. The final classification decision is yours.
- No automated decision is made without human involvement.
You have the right to request human intervention, express your point of view, and contest any automated decision.
11. Sensitive Personal Information
We do not collect Sensitive Personal Information as defined in CPRA §1798.140(ae), nor Special Categories of data under GDPR Article 9.
12. Children
Our Service is not intended for children under 16. We do not knowingly collect personal data from children under 16.
13. Security
We implement appropriate technical and organizational measures including encryption at rest and in transit, access controls, regular security audits, and staff training.
14. US State-Specific Rights
Residents of Virginia, Colorado, Connecticut, Utah, Indiana, Kentucky, Rhode Island, and other states with comprehensive privacy laws have similar rights. Colorado residents may use a Universal Opt-Out Mechanism. Residents of applicable states may appeal a denial of privacy request.
15. Changes to This Notice
We review and update this Notice at least every 12 months. Material changes will be communicated at least 30 days before taking effect via email or prominent notice on the Service.
Revision History
- 19 May 2026 — Initial version
This Privacy Notice takes effect on 19 May 2026.