Privacy Policy
Note: The Korean version of this policy is the official, legally binding text under Korean law (PIPA). This English translation is provided for the convenience of non-Korean readers. View the Korean original.
1. Overview
Mr.AI Inc. ("Company") complies with the Personal Information Protection Act of Korea ("PIPA") and grants EU residents the additional rights conferred by the GDPR. This policy describes how the Company collects, uses, discloses, retains, and disposes of personal information through the AI Market Twin service ("Service"), and how users may exercise their rights.
Company Information
| Legal Name | Mr.AI Inc. (주식회사 미스터에이아이) |
|---|---|
| CEO | Hyunwoo Lee |
| Business Registration No. | 693-87-03907 |
| Mail-Order Business Reg. | 2026-Yongin-Suji-2253 |
| Head Office | 14-30 Jukjeon-ro 27beon-gil 604-803, Suji-gu, Yongin-si, Gyeonggi-do, Republic of Korea |
| General Contact | contact@markettwin.ai |
2. Personal Information We Collect
- At sign-up: email address, password hash, login metadata (via Supabase Auth)
- Workspace details: company name, industry, country — entered directly by the user
- Simulation inputs: product name, description, price, candidate countries, competitor URLs — entered through the simulation wizard
- Mr. AI chat messages and workspace memories (context authored by the user)
- Automatic logs: page visits, simulation history, IP address, browser information, cookies (for operations and security)
3. Purpose of Use
- Running AI simulations and delivering results
- Account authentication and workspace isolation
- Email notifications of results and analytics (subject to user preferences)
- Service stability, security monitoring, and abuse prevention
- Compliance with legal obligations
4. Retention Period
We retain personal information until the user requests account deletion. Simulation results are retained indefinitely while the workspace is active; archived workspaces are automatically deleted after one year. Audit logs are retained for five years before being anonymized. After account deletion, data is destroyed without delay except where retention is required by law.
5. Processors (Sub-processors)
We delegate certain processing activities to the following sub-processors. We do not sell or share user personal information for marketing or advertising purposes.
| Sub-processor | Activity | Storage / Processing Region |
|---|---|---|
| Supabase Inc. | Database and authentication | Seoul region (aws ap-northeast-2) — stored in Korea |
| Vercel Inc. | Web hosting and global edge CDN | United States · Global (see §7) |
| Anthropic / OpenAI / Google / DeepSeek | LLM inference (simulation and chat processing) | United States · Singapore (see §7) |
| Resend Inc. | Transactional email delivery (verification, result notifications) | United States (see §7) |
| Porkbun LLC | Domain registration and email forwarding | United States |
6. AI Data Processing
The core capability of the Service is LLM-based simulation. The following describes the AI processing flow and our principles.
Inputs Sent to AI Providers
- Simulation wizard inputs: product name, description, price, candidate countries, competitor URLs
- Mr. AI chat messages and workspace memories (context authored by the user)
- Optional attachments (PDF, images) — only when explicitly uploaded by the user
Inference vs. Training
- Inputs received are used solely for inference and are not used for model training.
- Each LLM provider's enterprise API mode defaults to training opt-in disabled. The Company uses API accounts with training opt-in explicitly disabled (Anthropic Claude API, OpenAI API enterprise data policy, Google Vertex AI / AI Studio).
AI Providers Used
- Anthropic — Claude (Opus / Sonnet / Haiku)
- OpenAI — GPT-4 / GPT-4o / o-series
- Google — Gemini (1.5 / 2.x)
- DeepSeek — DeepSeek-V3 / R1
- Replicate — image-generation models (only when explicitly triggered by the user)
Right to Object and Limitations
AI inference is essential to the Service, so refusal to consent to AI processing means the Service cannot be used. Users who do not consent to AI processing should not register; users who withdraw consent after registration will have their account deleted by the Company.
Automated Decision-Making (PIPA Art. 37-2)
Simulation results (success scores, recommended markets, prices, persona intent, etc.) are statistical estimates produced by LLMs and generated automatically without human review. Users have the right to contest results, request a re-run, and — where simulation results materially influence a business decision — request a human review by contacting the Company.
7. Cross-Border Transfer of Personal Information (PIPA Art. 28)
The Company transfers user personal information and simulation inputs across borders as described below. Separate consent is collected at sign-up; users who do not consent cannot use the Service.
| Recipient | Country | Items Transferred | Purpose | Retention |
|---|---|---|---|---|
| Anthropic, PBC privacy@anthropic.com |
United States | Simulation inputs, chat messages | Claude API inference | Anthropic Data Usage Policy (0 days with ZDR option) |
| OpenAI, L.L.C. privacy@openai.com |
United States | Simulation inputs, chat messages | GPT API inference | OpenAI Enterprise data policy (30-day abuse monitoring, then deleted) |
| Google LLC (Vertex AI / AI Studio) | United States · EU · Asia (varies by model) | Simulation inputs, chat messages | Gemini API inference | Per Google Cloud Data Processing Addendum |
| DeepSeek International Pte. Ltd. api@deepseek.com |
Singapore | Simulation inputs | DeepSeek API inference | Per DeepSeek API Privacy Policy |
| Vercel Inc. | United States | HTTP request metadata, session cookies | Web hosting, edge caching | 30 days (access logs) |
| Resend, Inc. | United States | Email address, message body | Transactional and notification email delivery | Automatically deleted after 30 days |
Transfer method: API calls over HTTPS channels encrypted with TLS 1.2 or higher. Transfer occurs when the user runs a simulation or writes a Mr. AI chat message.
Right to object: Users may refuse cross-border transfer consent. Because the Service depends on LLM providers located outside Korea, refusing consent makes sign-up and simulation use impossible.
8. Google API Services User Data Policy
For features that connect to Google services (Google Search Console, Google Analytics 4) via Google OAuth, our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- We request read-only scopes (
webmasters.readonly,analytics.readonly,userinfo.email). We never write to your Google properties. - Google-sourced data is used only to display SEO performance metrics inside the user's own workspace dashboard.
- Google-sourced data is not used to train LLMs, sold or shared with third parties, or used for advertising.
- Users can disconnect Google integration at any time from the analytics dashboard. Disconnection deletes the stored OAuth refresh token immediately. Historical metrics already stored in the workspace are retained until the user explicitly requests deletion.
9. User Rights
Users may exercise the following rights at any time by emailing privacy@markettwin.ai:
- Right of access (review your personal information)
- Right to rectification or erasure
- Right to restrict processing
- Right to data portability (delivered in JSON format)
- Right to object to automated decision-making and request human review
10. Security
The Company applies the following technical and administrative safeguards:
- TLS 1.3 encryption in transit
- AES-256 encryption at rest (Supabase managed PostgreSQL, Seoul region)
- Least-privilege access control via Row-Level Security
- Regular security patching and backups
- Audit logs retained for five years, then anonymized
11. Children's Privacy (Under 14)
This is a B2B enterprise tool and does not permit registration by children under 14. Users self-attest at sign-up that they are 14 or older. Accounts found to belong to children under 14 are deleted immediately.
12. Personal Information Protection Officer (PIPA Art. 31)
The Company has designated a Personal Information Protection Officer responsible for overseeing personal-information matters and addressing user complaints and remedies:
| Name | Hyunwoo Lee |
|---|---|
| Title | CEO (also serving as Personal Information Protection Officer) |
| Organization | Mr.AI Inc. |
| privacy@markettwin.ai | |
| Phone | Provided upon email request |
Where to Report Violations
Users in Korea may report personal-information violations to:
- Personal Information Dispute Mediation Committee: 1833-6972 · www.kopico.go.kr
- Personal Information Infringement Report Center: 118 · privacy.kisa.or.kr
- Supreme Prosecutors' Office Cyber Investigation Division: 02-3480-3573
- National Police Agency Cyber Bureau: 182
13. Policy Updates
The Company may update this policy from time to time. Material changes are announced via email and in-Service notice at least seven days before the effective date. Changes that are adverse to users or that require new consent will be governed by separate consent procedures.
14. Contact
General privacy inquiries: contact@markettwin.ai
Rights requests and violation reports: privacy@markettwin.ai