Privacy Policy

This Privacy Policy explains how Wolff, Inc (d/b/a MarkDesk) ("Company," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website at markdesk.wolff.sh and our trademark preparation services (collectively, the "Platform").

By creating an account or using the Platform, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with these practices, please do not use the Platform.

This Privacy Policy is incorporated into and subject to our Terms of Service.

2.1 Account Information. When you create an account, we collect your email address. We use passwordless authentication (magic links), so we do not collect or store passwords.

2.2 Search Queries. When you use the Clearance Search Service, we collect the trademark names and terms you search for.

2.3 Uploaded Documents. When you use the Office Action Response Service, we collect the office action PDFs and other documents you upload for AI analysis.

2.4 Application Data. When you use the Application Preparation Service, we collect the information you provide about your mark, including mark text, goods and services descriptions, filing basis, specimens, and other application details.

2.5 Payment Information. When you purchase a paid Service, payment information (including credit card numbers, billing address, and related details) is collected and processed directly by Stripe. We never receive, access, or store your full credit card number, debit card number, or bank account information. We receive only a transaction confirmation, the last four digits of your card, and your billing email from Stripe.

2.6 Communications. If you contact us by email, we collect your email address and the content of your communications.

2.7 Usage Data. We automatically collect information about how you interact with the Platform, including pages visited, features used, timestamps, and referring URLs.

2.8 Device and Connection Information. We collect your IP address, browser type and version, operating system, and device type.

2.9 Session Data. We use session cookies to maintain your authenticated state. See Section 8 for details.

We use the information we collect for the following purposes:

3.1 Providing Services. To create and manage your account, authenticate you via magic links, process your trademark searches, generate draft applications and responses, and deliver Monitoring alerts.

3.2 AI Processing. To transmit your content (search queries, uploaded documents, application data) to our AI providers (Anthropic and Google) for the generation of Draft Materials. Your content is sent only as necessary to perform the specific Service you requested.

3.3 Payment Processing. To facilitate payment transactions through Stripe and maintain records of your purchases and billing history.

3.4 Transactional Communications. To send you authentication emails (magic links), order confirmations, delivery notifications, renewal reminders, and other Service-related communications via Resend.

3.5 Platform Improvement. To analyze usage patterns in aggregate to improve Platform functionality, performance, and user experience. We do not sell personal data for advertising purposes.

3.6 Security and Fraud Prevention. To detect, prevent, and respond to security incidents, unauthorized access, and fraudulent activity.

3.7 Legal Compliance. To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Service.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your information only in the following circumstances:

4.1 Service Providers. We share information with third-party service providers who assist in operating the Platform, as described in Section 5. These providers access your data only as necessary to perform their services and are bound by contractual obligations to protect it.

4.2 AI Processing Providers. We transmit User Content to Anthropic (Claude) and Google (Gemini) for the purpose of generating Draft Materials. Per our agreements with these providers, your content is not used for model training. See Section 5.2 for details.

4.3 Legal Requirements. We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 Business Transfers. If the Company is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email before your information becomes subject to a different privacy policy.

4.5 With Your Consent. We may share your information for any other purpose with your explicit consent.

The Platform relies on the following third-party services, each of which has its own privacy practices:

5.1 Stripe (Payment Processing). Stripe collects and processes your payment information directly. We never receive or store your full card details. Stripe's privacy policy is available at https://stripe.com/privacy.

5.2 Anthropic (Claude) and Google (Gemini) -- AI Processing. Your User Content (search queries, uploaded documents, application details) is transmitted to these providers to generate Draft Materials. Per our data processing agreements:

• Your content is NOT used to train their AI models.
• Content may be temporarily retained by providers for abuse monitoring and safety purposes.
• Processing occurs on their infrastructure in the United States.

Anthropic's privacy policy: https://www.anthropic.com/privacy. Google's privacy policy: https://policies.google.com/privacy.

5.3 Amazon Web Services (Hosting and Infrastructure). The Platform is hosted on AWS Lightsail. Your data is stored on AWS infrastructure in the United States. AWS provides the compute, storage, and logging (CloudWatch) services that power the Platform. AWS's privacy policy: https://aws.amazon.com/privacy/.

5.4 Resend (Email Delivery). Resend delivers transactional emails on our behalf, including magic link authentication emails, order confirmations, and monitoring alerts. Resend receives your email address and the content of these communications. Resend's privacy policy: https://resend.com/legal/privacy-policy.

5.5 USPTO (Public Data). We query publicly available trademark data from the United States Patent and Trademark Office. We do not transmit your personal information to the USPTO. Any filing you make with the USPTO is your own independent action.

6.1 Location. All data is stored on servers located in the United States, hosted on Amazon Web Services infrastructure.

6.2 Security Measures. We implement commercially reasonable administrative, technical, and physical safeguards to protect your information, including:

• Encryption in transit (TLS/HTTPS for all connections)
• Encryption at rest for stored data
• Access controls limiting employee access to personal data
• Session-based authentication with magic links (no stored passwords to be compromised)

6.3 No Absolute Guarantee. No method of electronic transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You use the Platform at your own risk.

6.4 Breach Notification. In the event of a data breach that compromises your personal information, we will notify affected users by email within seventy-two (72) hours of discovering the breach, consistent with applicable law.

7.1 Active Accounts. We retain your information for as long as your account is active and as needed to provide you with the Services.

7.2 Post-Deletion Retention. Upon deletion of your account, we retain your personal information and User Content for ninety (90) days. This retention period allows us to comply with legal obligations, resolve disputes, and enforce our Terms of Service.

7.3 Permanent Deletion. After the ninety (90) day retention period, we permanently delete or anonymize your personal information and User Content, except where longer retention is required by applicable law (such as financial transaction records required for tax purposes).

7.4 Aggregated Data. We may retain anonymized, aggregated data indefinitely for analytical and Platform improvement purposes. This data cannot be used to identify you.

8.1 Session Cookies Only. We use session cookies solely to maintain your authenticated state after you log in via magic link. These cookies expire when you close your browser or after a defined session timeout.

8.2 No Tracking Cookies. We do not use advertising cookies, tracking pixels, third-party analytics cookies, or any other persistent tracking technologies. We do not participate in cross-site tracking or behavioral advertising.

8.3 No Third-Party Trackers. We do not embed third-party trackers (such as Google Analytics, Facebook Pixel, or similar services) on the Platform.

8.4 Essential Only. The session cookies we use are strictly necessary for the Platform to function. They cannot be disabled without losing the ability to remain logged in.

9.1 Access. You may request a copy of the personal information we hold about you by emailing markdesk@wolff.sh.

9.2 Correction. You may update your email address through your account settings. For other corrections, contact us at markdesk@wolff.sh.

9.3 Deletion. You may delete your account at any time through the account settings page on the Platform, or by emailing markdesk@wolff.sh. Upon deletion, your data will be retained for ninety (90) days per Section 7.2, then permanently deleted.

9.4 Data Export. You may request a copy of your User Content (uploaded documents, generated Deliverables) within thirty (30) days of account deletion by emailing markdesk@wolff.sh.

9.5 Communication Preferences. You cannot opt out of transactional emails (authentication links, order confirmations, renewal reminders) while maintaining an active account, as these are essential to the Services. If we introduce marketing communications in the future, you will be able to opt out at any time.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.

10.1 Right to Know. You have the right to request that we disclose: (a) the categories of personal information we collected about you; (b) the categories of sources from which we collected it; (c) our business purpose for collecting it; (d) the categories of third parties with whom we share it; and (e) the specific pieces of personal information we collected about you.

10.2 Right to Delete. You have the right to request deletion of your personal information, subject to certain exceptions permitted by law.

10.3 Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised your rights.

10.4 No Sale of Personal Information. We do not sell personal information as defined under the CCPA. We have not sold personal information in the preceding twelve (12) months.

10.5 No Sharing for Cross-Context Behavioral Advertising. We do not share personal information for cross-context behavioral advertising.

10.6 Exercising Your Rights. To exercise any of these rights, email markdesk@wolff.sh with the subject line "CCPA Request." We will verify your identity before processing your request by confirming your email address matches an existing account. We will respond within forty-five (45) days of receiving a verifiable request.

10.7 Authorized Agents. You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written authorization signed by you and must verify their own identity.

11.1 Age Requirement. The Platform is intended solely for users who are at least eighteen (18) years of age. We do not knowingly collect personal information from anyone under the age of eighteen (18).

11.2 Discovery and Deletion. If we discover that we have collected personal information from a person under eighteen (18), we will delete that information promptly. If you believe a minor has provided us with personal information, please contact us immediately at markdesk@wolff.sh.

12.1 Right to Update. We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this policy reflects the most recent revision.

12.2 Notification of Material Changes. For material changes to this Privacy Policy (such as changes to how we share data or new categories of data collection), we will provide at least thirty (30) days' advance notice by sending an email to your registered email address.

12.3 Continued Use. Your continued use of the Platform after a revised Privacy Policy takes effect constitutes your acceptance of the revised policy. If you do not agree with the changes, you must stop using the Platform and delete your account before the changes take effect.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

Wolff, Inc (d/b/a MarkDesk) 255 Lorimer St, Apt 851 Brooklyn, NY 11206

Email: markdesk@wolff.sh Website: markdesk.wolff.sh

We will respond to privacy-related inquiries within thirty (30) days.

*By creating an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and sharing of your information as described herein.*