Privacy Policy

Last Updated: February 7, 2026 | Effective Date: February 7, 2026

1. Introduction

MockLLM ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service (the "Service"), including our website at https://mockllm.io and our API.

This Privacy Policy complies with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents, and other applicable privacy laws worldwide.

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: Email address, name, password (encrypted)
  • Payment Information: Credit card details (processed securely by Stripe; we do not store full card numbers)
  • API Keys: Generated API keys for authentication
  • Communications: Emails, support tickets, and other correspondence
  • User Content: Fixture patterns and responses you create (see Section 3)

2.2 Automatically Collected Information

  • Usage Data: API request logs, timestamps, endpoints accessed, response times
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Error logs, access logs, and diagnostic information
  • Cookies: Authentication cookies and analytics cookies (see Section 8)

2.3 Information from Third Parties

  • OAuth Providers: When you sign up via Google or GitHub, we receive your email and name
  • Payment Processors: Stripe provides transaction confirmations and subscription status

3. How We Use Your Information

We process your data for the following purposes:

PurposeLegal Basis (GDPR)
Provide and maintain the ServicePerformance of contract
Authentication and securityLegitimate interest
Process paymentsPerformance of contract
Send service notificationsPerformance of contract
Marketing communications (with consent)Consent
Analytics and service improvementLegitimate interest
Legal complianceLegal obligation

About Your Fixtures

The fixture patterns and mock responses you create are stored to provide the Service. We do not access, analyze, or use your fixture content for any purpose other than delivering the mock responses you configure. Your fixtures remain your property.

4. Data Sharing and Third Parties

We share information only with the following categories of recipients:

4.1 Service Providers

  • Stripe, Inc. - Payment processing (US)
  • Fly.io, Inc. - Cloud hosting and infrastructure (US)
  • Vercel, Inc. - Frontend hosting (US)
  • PocketBase - Database and authentication (self-hosted)
  • Email Service Provider - Transactional email delivery (e.g., PrivateEmail, Resend)

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

4.3 Business Transfers

If MockLLM is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before this occurs.

5. International Data Transfers

We are based in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States and potentially other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland to the US, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Stripe's Data Processing Agreement (for payment data)
  • Service provider certifications where applicable

6. Data Retention

We retain your data for the following periods:

  • Account Information: Until account deletion, plus 30 days for backup purge
  • Usage Logs: 12 months for analytics, then anonymized
  • Payment Records: 7 years (legal requirement)
  • API Request Logs: 90 days for debugging and security
  • Deleted Account Data: Permanently deleted within 30 days of request

7. Your Rights

7.1 GDPR Rights (EEA Users)

If you are in the European Economic Area, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure ("Right to be Forgotten"): Request deletion of your data
  • Restrict Processing: Limit how we use your data
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (for consent-based processing)

To exercise these rights, email us at dpo@mockllm.io. We will respond within 30 days.

7.2 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know: Request disclosure of personal information we collect, use, and share
  • Delete: Request deletion of personal information (with exceptions)
  • Opt-Out: Opt-out of the sale of personal information (we do not sell data)
  • Non-Discrimination: Exercise rights without discrimination
  • Correct: Request correction of inaccurate personal information
  • Limit Use: Limit use of sensitive personal information

To exercise CCPA rights, email privacy@mockllm.ioor call us. You may also designate an authorized agent.

7.3 Account Deletion

You can delete your account at any time from your account settings. This will permanently remove your personal data, fixtures, and API keys within 30 days. Payment records required by law will be retained in anonymized form.

8. Cookies and Tracking

We use the following types of cookies:

TypePurposeDuration
EssentialAuthentication, security, core functionalitySession / 1 year
FunctionalPreferences, language settings1 year
AnalyticsService improvement (anonymized)2 years

You can manage cookie preferences through your browser settings. Essential cookies cannot be disabled as they are required for the Service to function.

9. Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and multi-factor authentication for staff
  • Regular security training for team members
  • Incident response plan in place

Despite our efforts, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but continuously work to protect your data.

10. Children's Privacy

The Service is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@mockllm.ioand we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service. The "Last Updated" date at the top indicates when this policy was last revised. Continued use of the Service after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

For EU residents, you also have the right to lodge a complaint with your local data protection authority.

By using MockLLM, you acknowledge that you have read and understood this Privacy Policy.