Korean SaaS Launch Checklist — PIPA, KRW Billing, BRN Validation (2026)
The 5 things that break global SaaS in Korea
Global SaaS teams consistently trip over the same five Korea-specific items. This post is a survival guide plus the tooling that automates each one.
1. PIPA (Personal Information Protection Act)
Korea's privacy law is stricter than GDPR in several ways. The critical rules for foreign SaaS:
- PIPA representative required for companies with >10,000 Korean users (Article 31)
- Korean-language privacy notice must be published (not just translated English)
- Separate consent for marketing vs operational data collection
- Data retention schedule explicitly stated and enforced
- Cross-border transfer consent if data leaves Korea
- 72-hour breach notification rule
curl https://api.lazy-mac.com/k-privacy-scanner/api/v1/scan?url=https://yourcompany.com/ko returns a risk score + violation report.
2. KRW billing and VAT
- Stripe doesn't serve Korea (as of 2026). Alternatives: Paddle (with Korean merchant), Bootpay, Iamport/Portone
- VAT invoice (세금계산서) auto-generation is required for B2B customers
- 7-day no-question refund law (전자상거래법)
- Whole-number pricing — ₩ has no decimals
3. Business Registration Number (BRN / 사업자등록번호)
For every B2B customer in Korea you need their BRN for VAT invoicing. The number has a checksum you can verify before accepting it:
curl https://api.lazy-mac.com/korean-business-validator/api/v1/validate \
-d '{"brn":"1234567890"}'
Returns validity, legal name (where public), and business type.
4. Korean addresses
Korean addresses come in two forms — road-name (도로명) and lot-number (지번). You must accept both. Postal codes are 5 digits. Cities/districts have an administrative hierarchy (17 광역자치단체 × 시/군/구).
Normalize, parse, geocode: Korean Address API.
5. Discovery channels
SEO on Google does not work in Korea — Naver has ~70% market share. Key discovery surfaces:
- Naver SEO (different algorithm, different ecosystem)
- Kakao Business Profile (messenger + local search)
- Toss Invoice marketplace (B2B)
- Brunch (브런치), Velog, TechBlogPosts for developer audience
Deeper checklist
The full Korean SaaS Launch Checklist covers 80+ line items across legal foundations, payment, localization, and go-to-market. Bundled with the @lazymac/k-mcp server so your Claude/Cursor agent can run compliance scans during development.
Minimum viable ko-compliance stack
# Install the Korean MCP server
npx -y @lazymac/k-mcp
# Run a PIPA scan on your Korean landing page
> Run a PIPA compliance scan on https://yourcompany.com/ko
# Verify a customer's BRN
> Verify Korean business number 1234567890
# Get today's KRW/USD + BOK base rate
> What's the current KRW exchange rate?
For enterprise support ($99/mo), the K-Privacy Enterprise tier includes unlimited compliance scans, dedicated Slack, and custom Korean data feeds.
Why this matters
Korean SaaS penetration for global products is shockingly low because teams hit these five walls and stall. Each wall has a 2-3 week remediation path. With the right tooling, you can compress the full launch readiness to under 30 days.
Questions? Email coindany4@gmail.com or open an issue at @lazymac/k-mcp.
📬 MCP Security Weekly
One email per week — new CVEs, scanner improvements, MCPWatch grade drops on popular servers. Free. Unsubscribe anytime.
Support the work: MCP Pro $29/mo · MCPWatch Pro Report $49 · more posts