Privacy Policy

• Account information — your name, email address, password hash, and (if you use Google Sign-In) your Google account email and profile basics.
• Organization & content — organization names, the API specifications you upload (OpenAPI, Swagger, Postman, WSDL), mock endpoint and response configurations, and generated test data.
• Usage data — requests made to your mock endpoints, including timestamps, methods, paths, headers, and payloads, used to power analytics and request logs.
• Payment information — handled by our payment processor, Stripe. We do not store full card numbers; we retain only billing metadata such as plan, amount, status, card brand, and last four digits.
• Device & analytics data — IP address, browser type, and usage events collected via cookies and Google Analytics.

• Provide, operate, and maintain the Service and your mock endpoints.
• Process subscriptions, trials, and payments, and send billing notices and receipts.
• Send transactional emails (verification, password reset, plan changes, invoices).
• Provide analytics, request logging, and quota enforcement.
• Detect, prevent, and address abuse, fraud, and security issues.
• Improve the Service and respond to support requests.

We do not sell your personal data. We share information only with:

• Service providers — Stripe (payments), Google (OAuth sign-in & Analytics), our cloud hosting and email delivery providers, acting on our behalf under contract.
• Legal & safety — when required by law, or to protect our rights, users, or the public.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.

We use essential cookies for authentication and session management, and Google Analytics to understand site usage. You can control cookies through your browser settings; disabling some cookies may affect functionality.

We retain account and content data for as long as your account is active. Mock request logs are retained according to your plan's history window. When you delete your account or organization, we delete or anonymize associated data within a reasonable period, except where retention is required for legal, accounting, or security purposes.

All traffic is encrypted in transit with TLS. Data is isolated per organization, access is controlled by role-based permissions, and payment processing is delegated to PCI-compliant Stripe. No method of transmission or storage is 100% secure, but we work to protect your information using industry-standard safeguards.

Depending on your location (including under GDPR and CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at jawad@mockstation.io. You may also manage and delete most data directly from your dashboard.

We may process and store data in countries other than your own. Where required, we use appropriate safeguards for international transfers of personal data.

The Service is not directed to children under 16, and we do not knowingly collect their data.

We may update this policy from time to time. Material changes will be posted here with an updated “Last updated” date and, where appropriate, notified by email.

Questions about this policy? Email jawad@mockstation.io.