top of page

PRIVACY POLICY

Please click here to view the Privacy Policy for users from the European Economic Area (EEA): Link

 

[ MORAI Inc.] (“Company”) has developed the following privacy policy to protect the personal information and interests of data subjects and effectively handle their complaints related to personal information according to the Personal Information Protection Act (“PIPA”) and the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (“Network Act”).

Article 1 (Items and Methods of Personal Information Collection)

The Company collects the following types of information in the following manner:

 

① Items of information collected

  • Name (trade name), date of birth, email address, cookies, log records, service use records, IP address, information on website visit time

② Collection method

  • Collection through webpages operated by the Company

  • Automatic collection of automatically generated information in the process of data subjects’ use of services

Article 2 (Purpose of Personal Information Collection/Use)

The Company shall use collected personal information for any of the following purposes. In principle, such personal information shall not be used for any purpose other than those set forth below. In the event of any change in the purpose of use, the Company shall take necessary measures including obtaining prior consent from data subjects:

  •  Provision of member services, prevention of inappropriate use of service

  • Direct marketing and provision of general information on new products and services.

  • Administration and improvement of the Company’s website.

  • Providing Demo software or customer support via email.

  • Record retention for dispute resolution, response to complaints including handling of dissatisfaction, delivery of notices

  • Information notices required in the course of using the services, handling of complaints, etc.

Article 3 (Period of Personal Information Retention and Use)

① Unless the Company must retain personal information of data subjects according to applicable law, it shall retain and use such information, in principle, until the retention period agreed by data subjects expires or until the purpose of such handling is accomplished. Such information shall be promptly destroyed upon attainment of its purpose. For your reference, personal information may be retained for the following retention periods in accordance with applicable laws.

 

     1) Act on Protection of Consumers in Electronic Commerce, Etc.

          - Records on the formation/withdrawal of contracts: 5 years

          - Records on payment settlement and supply of goods, etc.: 5 years

          - Records on processing of customer disputes and complaints: 3 years

     2) Communications Secrecy Protection Act

          - Login records: 3 months

 

② If data subjects using information and communication services offered by the Company fail to use the Company’s services for not less than a year, the Company shall destroy their personal information pursuant to the Network Act.

Article 4 (Data Subjects’ Rights and Obligations and Methods of Exercise)

① Data subjects may exercise their rights related to personal information against the Company, including a request for access to, modification or deletion of, or suspension of handling of, their personal information as provided by applicable law including the PIPA and the Network Act.

② Rights under the foregoing paragraph ① may also be exercised through data subjects’ legal representatives or other duly authorized persons.

③ With respect to data subjects’ exercise of rights, the Company shall promptly take necessary measures as provided

in applicable law including the PIPA and the Network Act.

 

Article 5 (Procedures and Methods of Personal Information Destruction)

① In principle, the Company shall forthwith destroy personal information when such information is no longer necessary for the purpose of processing such unnecessary information.

② If the Company must keep personal information under applicable law even though the period of its retention has expired or the information is ready for processing because it is no longer useful or necessary, the Company shall store and manage such information or information files separately from any other personal information as is required under such law.

③ When the Company destroys personal information, it shall take measures to prevent restoration or recovery of any such information. To be specific, the Company shall permanently delete personal information in electronic file format in a manner that prevents the recovery of any such information. The Company shall shred or incinerate other records, printed materials, documents, and recording media.

④ According to the Network Act, the Company shall store and manage personal information of users who failed to use the

Company’s services for not less than a year separately from other users‘ personal information.

Article 6 (Installation, Operation of Automatic Personal Information Collection Device and objections thereto)

① The Company utilizes cookies that store and search your information from time to time. Cookies are small text files that a server used for website operation sends to your browser. They are stored on the hard disk of your computer.

② The Company may collect your device IP address, unique device ID, hardware and software type, internet service provider, serving domain, geographical area, location data, browser type, and operating system, search history. The Company uses this information to create reports and improve Company’s website

③ You have the right of choice regarding installation of cookies. Accordingly, you may allow or block storage of all cookies or ensure that each cookie will be stored based on your confirmation by using the option menus in your web browser. However, if a data subject rejects installation of cookies, it may limit the ability to use certain online services offered by the Company.

④ Members may allow or block storage of all cookies or require that each cookie will be stored based on their confirmation by using the option menus in their web browser.

Article 7 (Measures to Ensure Safety of Personal Information)

The Company takes the following technical, managerial, and physical measures necessary to ensure safety of personal information according to applicable laws including the PIPA and the Network Act:

  • Managerial measures: formulation and execution of an internal management plan, regular employee training on personal information protection, etc.

  • Technical measures: management of the right of access to the personal information processing system, installation of an access control system, password encryption, installation of a security program, etc.

  • Physical measures: Control of access to the places where personal information is stored such as a computer room and data storage room
     

Article 8 (Revision of Privacy Policy)

① This Privacy Policy enters into force on [2022.11.09].

② The Company’s Privacy Policy is subject to change according to applicable law, guidelines, and the Company’s internal management policy. Any modification of the Privacy Policy shall be disclosed as provided in applicable law.
 

Article 9 (Opinion Collection and Complaints Handling)

Data subjects may file a complaint related to personal information or a request to view their personal information with the officer or employee listed below. The Company shall provide a prompt and sufficient response to the complaints raised by data subjects. Also, The Company shall use reasonable efforts to ensure that a request for access to personal information will be processed in a timely manner.

  • [Chief Privacy Officer]
    Name: [JEONGWOON KIM]
    E-mail: privacy@morai.ai
     

  • [Personal Information Protection Department]
    Department: [Legal]
    Officer in charge: [JAESEOK YU]
    FAX: 070-4850-9068

EEA Privacy Policy

MORAI Privacy Policy for visitors from the European Economic Area (EEA)

 

The Privacy Policy in the following section applies to users from the European Economic Area (EEA) and complies with the provisions of the GDPR, the BDSG, and the TDDDG (Telecommunications Digital Services Data Protection Act). For users outside the EEA, the general Privacy Policy of MORAI Inc. (see above) applies.

EEA Privacy Policy - Article 1 (Data Controller)

The data controller within the meaning of the GDPR is:

MORAI Inc.

Gangnam-gu, Seoul 135-091, Republic of Korea

E-mail: privacy@morai.ai

Data Protection Officer: Jeongwoon Kim

EU Representative pursuant to Art. 27 GDPR:

MORAI GmbH

Luise-Ullrich-Str. 20, 80636 Munich, Germany

Contact: office.germany@morai.ai

EEA Privacy Policy - Article 2 (Collection and Processing of Personal Data)

When you visit our website, various categories of data are collected. Below, we provide information about the type, purpose, legal basis, and retention period of the respective processing activities.

2.1 Automatically Collected Server Data

When you visit our website, various types of data are collected. In the following sections, we explain what data is collected, for what purpose we process it, on what legal basis this occurs, and how long we store it.

  • IP Address

  • Referrer (previously visited URL)

  • Browser type and operating system

  • Pages accessed

  • Date and time of access

Purpose: Technical operation of the website, troubleshooting, and IT security.

Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in a secure and reliable website. Consent under § 25 TDDDG (Telecommunications Digital Services Data Protection Act) is not required, as this data is processed exclusively on the server side and is not stored on your device.

Retention period: The data is deleted as soon as it is no longer needed for the respective purpose—usually after 90 days, provided no legal retention obligation precludes this.

 

2.2 Hosting and Content Delivery Network (Wix)

Our website is operated on the platform of Wix.com Ltd., 40 Namal Tel Aviv Street, Tel Aviv 6350671, Israel. Wix.com Luxembourg S.A. is technically responsible for EU data traffic. Wix provides web hosting, server infrastructure, and a Content Delivery Network (CDN).

As part of these services, the following data is processed for technical reasons:

  • IP address

  • Browser type and operating system

  • Pages visited

  • Date and time of access

  • Internet service provider (ISP) and serving domain

  • Approximate geographic location (based on the IP address)

Purpose: Technical provision and delivery of the website.

Legal basis: Art. 6(1)(f) GDPR – legitimate interest in a stable and secure website.

Retention period: 90 days.

Data transfer: Wix operates a global server infrastructure; transfer to third countries (including the U.S.) is possible. The transfer is based on standard contractual clauses pursuant to Art. 46 GDPR.

Data processing: A data processing agreement (DPA) exists in accordance with Art. 28 GDPR.

Further information: https://www.wix.com/about/privacy

2.3 Sentry (Error Monitoring)

Our website is operated via the Wix platform. Wix uses its own technical monitoring tools (including Sentry for error detection), which process data such as IP addresses and error messages during operation. Wix independently determines the purpose and means of this processing. MORAI has no influence over this processing. However, since this processing takes place when you visit www.morai.ai, we are noting this for the sake of completeness. Further information: https://www.wix.com/about/privacy

2.4 Processing of Form Data (Wix)

When you fill out and submit a contact, demo request, or other form on our website, your entries are transmitted and stored via the Wix platform.

Processed data:

  • Contact details you enter (e.g., name, email address, phone number, message content)

  • Technical transmission data (timestamp, IP address)

Purpose: Processing and responding to your inquiry; establishing and maintaining business contacts.

Legal basis: Art. 6(1)(b) GDPR, provided your inquiry is aimed at entering into a contract; otherwise, Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

Retention period: The data is stored until your inquiry has been fully processed and there is no longer a legal obligation to retain it – typically up to 3 years.

Data Transfer and DPA: Wix processes the data as a data processor in accordance with Art. 28 GDPR; a DPA has been concluded. Transfer to third countries (including the U.S.) is possible; standard contractual clauses pursuant to Art. 46 GDPR apply.

Further information: https://www.wix.com/about/privacy

2.5 User Behavior Data (Visit Analytics)

Provided you have given your consent, we may collect the following usage data in addition to the server data:

  • Duration of visit

  • Mouse movements, scroll depth, and click events

  • Search history on the website

Purpose: Marketing analysis and improvement of the user experience.

Legal basis: Art. 6(1)(a) GDPR (consent). If data is collected via cookies or similar technologies, prior opt-in must be obtained in accordance with § 25(1) TDDDG (Telecommunications Digital Services Data Protection Act).

Retention period: The retention period depends on the specific analytics tool used and the scope of your consent. Details regarding the respective retention periods can be found in Section 3 (Services Used).

2.6 Other Purposes of Processing

In addition, we process personal data for the following purposes:

  • Prevention of misuse: Detection and prevention of misuse of our website and our services.

  • Demo support via email: Provision of demo software and handling of support requests via email communication.

  • Dispute resolution and complaint handling: Retaining communication histories for documentation, handling complaints, and resolving disputes.

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in ensuring secure and proper operations and safeguarding our legal interests).

 

EEA Privacy Policy - Article 3 (Services and Tools Used)

3.1 Google Tag Manager (GTM)

Google Tag Manager is a tag management system that allows us to centrally manage and deploy marketing and analytics tags. GTM itself does not process any personal data and does not set cookies. However, it activates the services described in sections 3.2 and 3.3 after you have given your consent.

3.2 Google Analytics

To analyze website usage and continuously improve our offerings, we use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data processed: usage statistics, page views, session duration, referral sources, device-specific information.

Purpose: Analysis of user behavior for website optimization.

Legal basis: Art. 6(1)(a) GDPR (consent); § 25(1) TDDDG (Telecommunications Digital Services Data Protection Act). Activation occurs exclusively upon your consent via our Cookie Manager (category “Analytics”).

Data transfer: Google LLC, USA. Standard contractual clauses pursuant to Art. 46 GDPR are in place.

Storage period: approx. 1 year (cookie _ga_xxx).

Further information: https://policies.google.com/privacy

3.3 Google Ads

We use Google Ads from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for advertisements and the associated conversion tracking.

Processed data: Cookie ID, click data, conversion events.

Purpose: Measuring the effectiveness of our advertising campaigns.

Legal basis: Art. 6(1)(a) GDPR (consent); § 25(1) TDDDG (Telecommunications Digital Services Data Protection Act). Activation via the Cookie Manager (category “Marketing”).

Data processing: A data processing agreement (DPA) exists in accordance with Art. 28 GDPR.

Retention period: Ad cookies: 30 days to 13 months. Conversion tracking data: up to 26 months.

Data transfer: Google LLC, USA. Standard contractual clauses pursuant to Art. 46 GDPR are in place.

Further information: https://policies.google.com/privacy

3.4 Salesforce (Pardot)

We use services provided by Salesforce.com, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (EU representative: Salesforce Ireland Limited) to process contact inquiries, manage business relationships, and track website visitors.

3.4.1 Salesforce CRM (Contact Management)

Processed data: Contact details (name, email address, phone number, company), message content, interaction history.

Purpose: Processing of contact and demo requests; maintenance of business relationships.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures); otherwise Art. 6(1)(f) GDPR (legitimate interest in processing the request).

Retention period: Until the request is fully processed, then up to 24 months, unless earlier deletion is requested.

The contact form is available at team.morai.ai/contact.

3.4.2 Salesforce Pardot – Website Tracking (Marketing Cloud Account Engagement)

Using the Salesforce Pardot visitor tracking module, we collect – exclusively after consent has been granted via the Cookie Manager – the behavior of website visitors and create individual visitor profiles for lead qualification and marketing automation. As soon as a user fills out the contact form (see Section 3.4.1), the previously collected anonymous visitor data is linked to the submitted contact information and assigned to the respective prospect profile.

Processed data:

  • IP address

  • Referrer URL

  • Pages visited

  • Click paths

  • Session duration

  • Timestamp

  • Browser type and

  • Operating system

  • When filling out forms, additionally: Link to the information specified in Section 3.4.1.

Purpose: Anonymous and personal visitor tracking; creation of visitor profiles (prospect profiling); behavior-based lead qualification; marketing automation.

Legal basis: Art. 6(1)(a) GDPR (consent); § 25(1) TDDDG (Telecommunications Digital Services Data Protection Act). Activation via the Cookie Manager (category “Marketing”) required.

The following cookies are set through the use of Salesforce Pardot:

 

 

Data transfer (3.4.1 and 3.4.2): USA. Standard contractual clauses pursuant to Art. 46 GDPR. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place. Salesforce privacy information: https://www.salesforce.com/company/privacy/

EEA Privacy Policy - Article 4 (Cookies and Consent Management)

Our website uses cookies and similar technologies. Cookies are small text files that are stored on your device and exchange certain settings and data with our server via your browser.

We distinguish between:

  • Technically necessary cookies: These are essential for the operation of the website and do not require consent (legal basis: Art. 6(1)(f) GDPR).

  • Analytics cookies: Used to analyze website usage (e.g., Google Analytics). Require your consent pursuant to Section 25(1) TDDDG (Telecommunications Digital Services Data Protection Act).

  • Marketing cookies: Used for targeted advertising (e.g. Google Ads). Require your consent pursuant to Section 25(1) TDDDG (Telecommunications Digital Services Data Protection Act).

  • Functional cookies: Enable advanced features such as CRM integration (e.g., Salesforce) Require your consent.

When you first visit our website, only the technically necessary cookies are active. All other cookie categories are disabled by default and are only set after you have given your explicit consent. You can grant, deny, or withdraw your consent at any time via our Cookie Manager. Withdrawing your consent does not affect the lawfulness of any processing that took place prior to that. Additionally, you can disable the storage of cookies in your browser or delete cookies that have already been stored.

4.1 Technically Necessary Cookies from Wix (Hosting Platform)

For the technical operation of our website, the hosting platform Wix.com automatically sets the following cookies as soon as you visit the website. These cookies are necessary for the website to function and do not require separate consent (Section 25(2)(2) TDDDG (Telecommunications Digital Services Data Protection Act)).

 

“Session” means: The cookie is automatically deleted as soon as you close your browser.

EEA Privacy Policy - Article 5 (Retention Period)

We store personal data only for as long as is necessary for the respective processing purpose or as required by statutory retention obligations. After that, the data is regularly deleted.

EEA Privacy Policy - Article 6 (Rights of Data Subjects)

As a data subject, you have the following rights with respect to MORAI Inc.:

  • Right of access (Art. 15 GDPR): You may request information at any time regarding the personal data we have stored about you.

  • Rectification (Art. 16 GDPR): You may request the correction of inaccurate or incomplete data.

  • Erasure (Art. 17 GDPR): Under certain conditions, you may request the erasure of your data (“right to be forgotten”).

  • Restriction of processing (Art. 18 GDPR): You may request that we restrict the processing of your data.

  • Data portability (Art. 20 GDPR): You may receive your data in a commonly used, machine-readable format or have it transferred to another controller.

  • Objection (Art. 21 GDPR): You may object to the processing of your data if it is based on a legitimate interest.

  • Withdrawal of Consent (Art. 7(3) GDPR): You may withdraw your consent at any time with future effect—without affecting the lawfulness of processing based on consent prior to withdrawal.

To exercise your rights, please contact us by email at: privacy@morai.ai . You may exercise these rights personally or through an authorized representative.

Furthermore, you have a right to lodge a complaint (Art. 77 GDPR): You may lodge a complaint with the competent data protection supervisory authority at any time. An overview of EU supervisory authorities can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_de

EEA Privacy Policy - Article 7 (Technical and Organizational Measures)

To protect your data, we implement appropriate technical and organizational security measures in accordance with Art. 32 GDPR. These protect your data from unauthorized access, loss, destruction, or manipulation:

  • Organizational measures: including an internal data protection management system, regular employee training

  • Technical measures: including access rights management, access controls, password encryption, use of security software

  • Physical measures: including access control to server rooms and data storage locations

EEA Privacy Policy - Article 8 (Contact)

If you have any questions regarding data protection or the exercise of your rights, please do not hesitate to contact us:

Chief Privacy Officer
Name: JEONGWOON KIM
Email: privacy@morai.ai

Personal Information Protection Department
Department: Legal
Officer in charge: JAESEOK YU
FAX: +82-70-4850-9068

EEA Privacy Policy - Article 9 (Changes to the Privacy Policy)

This Privacy Policy is current as of April 2026. Updates may be necessary due to further development of our website or changes in legal requirements. You can find the current version at any time at: https://www.morai.ai/privacy-policy

Cookie Name
Purpose
Legal basis
Storage duration
pi_opt_in
Storage of the opt-in status for website-based visitor tracking by Pardot
Art. 6(1)(f) GDPR (legitimate interest in managing consent status); § 25(2)(2) TDDDG
Persistent
lpv[XXXXX]
Last Page View – last page viewed in the Pardot session
Art. 6(1)(a) GDPR (Consent); § 25(1) TDDDG
30 minutes
visitor_id[XXXXX]-hash
Security hash for the visitor cookie
Art. 6(1)(a) GDPR (Consent); § 25(1) TDDDG
1 year
visitor_id[XXXXX]
Pardot Visitor ID (recognition of the website visitor)
Art. 6(1)(a) GDPR (Consent); § 25(1) TDDDG
1 year
Cookie name
Purpose
Legal basis
Duration
XSRF-TOKEN
Protection against cross-site request forgery attacks (security token)
Art. 6(1)(f) GDPR
Session
server-session-bind
Secure binding of the server session (security mechanism)
Art. 6(1)(f) GDPR
Session
svSession
Identification of unique website visits to ensure session stability
Art. 6(1)(f) GDPR (legitimate interest)
Approx. 1 year
consent-policy
Storage of the user’s cookie consent decision
Art. 6(1)(c) GDPR (legal obligation – obligation to provide proof of consent)
Approx. 1 year
bSession
System performance measurement of the Wix platform (technical stability)
Art. 6(1)(f) GDPR (legitimate interest)
Approx. 45 seconds – 1 minute
bottom of page