Privacy Policy

MockLab ("we", "us", or "our") operates the mocklab.com website and the app.mocklab.dev application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. If you do not agree with its terms, please discontinue use of the Service.

1. Information We Collect

Information you provide

• Account registration information (email address, name, password)
• Billing information (processed by Stripe — we do not store card numbers)
• Communications you send us (support emails, contact form submissions)

Information collected automatically

• Log data: IP addresses, browser type, pages visited, timestamps
• Device information: operating system, screen resolution, language settings
• Cookie data: session tokens, preference cookies (see Section 6)
• Usage data: features used, request volumes, dashboard interactions

2. Request Data

The core functionality of MockLab involves capturing HTTP requests sent to your webhook endpoints and WebSocket events. This request data may contain payload content that you or third parties transmit.

• Request data is stored encrypted at rest and in transit (TLS 1.2+).
• Free plan request data is automatically purged after 7 days.
• Pro plan request data is retained until you delete it or close your account.
• We do not access your request data except to provide the Service or as required by law.
• We never sell or share your request data with third parties for advertising.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service
• Process payments and send billing notifications
• Respond to support requests and communicate service updates
• Monitor and analyze usage trends to improve performance and features
• Detect and prevent abuse, fraud, or security incidents
• Comply with applicable legal obligations

4. Information Sharing

We do not sell your personal information. We may share information with:

• Service providers: Stripe (payments), AWS (hosting), Cloudflare (CDN/DDoS), Resend (email) — all bound by data processing agreements.
• Legal compliance: When required by applicable law, court order, or governmental authority.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.
• With your consent: For any other purpose with your explicit consent.

5. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. After account deletion, we retain minimal data for up to 90 days to comply with legal obligations and prevent fraud, after which it is permanently deleted. Request/payload data is deleted immediately upon account deletion.

6. Cookies

We use the following types of cookies:

• Strictly necessary: Session authentication tokens required for the Service to function.
• Preference: Theme and UI preference settings.
• Analytics: Anonymized usage data to improve the Service (can be opted out via browser settings).

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from logging in.

7. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, regular security audits, and strict access controls. However, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.

8. Your Rights (GDPR / CCPA)

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your personal data ("right to be forgotten")
• Object to or restrict processing of your data
• Data portability — receive your data in a machine-readable format
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting a prominent notice on the Service at least 30 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at: