MeshLaw
Legal Notice

Privacy Policy

Last revised: 2026-05-02

MeshLaw (hereinafter the "Company") establishes and discloses this Privacy Policy in accordance with applicable data protection law, in order to protect the personal data of data subjects and to promptly handle related grievances.

1. Categories of Personal Data Collected and Methods of Collection

The Company processes the following categories of personal data.

  • Inquiries and sign-up requests: name, email, bar registration number (optional), affiliated law firm or company name, role
  • Service use: matter and case materials (entrusted by clients), login history, access IP address, browser information
  • Payment: billing and tax-invoice information, payment method information (entrusted to payment gateway)

Collection methods: website forms, email, and automatic collection during the course of service use.

2. Purposes of Processing Personal Data

  • Responding to inquiries and sign-up requests, and identity verification
  • Providing the service, performing the contract, and settling fees
  • Customer support and delivery of notices
  • Service improvement, prevention of misuse, and fulfillment of legal obligations

3. Retention and Use Period of Personal Data

  • Inquiries: 6 months after the inquiry is resolved
  • Member information: until membership withdrawal. However, where retention is required under applicable laws, it is kept for the corresponding period
  • Transaction records under e-commerce law: 5 years
  • Access logs under communications privacy law: 3 months

4. Provision of Personal Data to Third Parties

The Company does not provide personal data to third parties without the consent of the data subject. Exceptions apply where there is a special provision under the law, or where there is a request made through lawful procedures for investigative purposes.

5. Entrustment of Personal Data Processing

To provide a stable service, the Company entrusts personal data processing tasks as follows.

  • AWS Korea (Seoul region) — cloud infrastructure
  • Microsoft Azure Korea Central — partial infrastructure
  • External AI model providers — AI model inference (under ZDR agreements, not used for training)
  • Domestic payment gateway — payment processing

The Company enters into entrustment agreements with all processors in accordance with applicable data protection law and applies protective measures such as Zero Data Retention.

6. Rights and Obligations of Data Subjects and How to Exercise Them

Data subjects may exercise the following rights at any time.

  • The right to request access to personal data
  • The right to request correction or deletion in case of errors
  • The right to request suspension of processing

Rights may be exercised in writing or by email, and the Company will act without delay.

7. Measures to Ensure the Security of Personal Data

  • Minimizing the number of staff handling personal data and access control
  • Separate encryption of sensitive fields such as resident registration numbers
  • TLS encryption of data in transit
  • Retention of access logs and prevention of forgery or alteration
  • Pursuit of KISA ISMS-P certification (planned for Phase 2)

8. Personal Data Protection Officer

  • Officer: MeshLaw Personal Data Protection Officer
  • Email: privacy@nova.kr

9. Remedies for Infringement of Rights

If you need to report or seek consultation regarding the infringement of personal data, you may contact the Personal Information Dispute Mediation Committee (1833-6972), the Korea Internet & Security Agency Personal Information Infringement Report Center (118, no area code required), and similar bodies.

10. Revision History

  • 2026-05-02: Initial publication