1. Information We Collect

We collect information you provide directly to us, information collected automatically when you use our services, and information from third-party sources where applicable.

1.1 Information You Provide

• Account information: Name, email address, and password when you register for an account.
• Profile information: Optional details such as your company name, job title, or profile picture.
• Payment information: Billing details processed securely by our payment provider (Stripe). MockDrop does not store your full card number.
• Content you create: Mockup projects, conversation text, and design settings you input into the platform.
• Communications: Messages you send us via contact forms, email, or support tickets.

1.2 Information Collected Automatically

• Usage data: Pages visited, features used, time spent, clicks, and navigation paths within MockDrop.
• Device information: Browser type and version, operating system, screen resolution, and device type.
• Log data: IP addresses, access timestamps, referring URLs, and error reports.
• Cookies and similar technologies: Session tokens, preference storage, and analytics identifiers (see Section 4).

1.3 Information from Third Parties

• If you sign in via Google or GitHub OAuth, we receive your name, email, and profile picture from those providers.
• Payment processors may share transaction confirmation data with us.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide the service: Rendering mockups, saving projects, processing payments, and managing your account.
• To improve our product: Analysing usage patterns to understand which features work well and which need improvement.
• To communicate with you: Sending transactional emails (receipts, password resets, account alerts) and, if you opt in, product updates and newsletters.
• To enforce our policies: Detecting and preventing abuse, fraud, and violations of our Terms of Service.
• To comply with legal obligations: Retaining records required by applicable law and responding to lawful requests from authorities.
• To personalise your experience: Remembering your preferences (dark/light mode, last-used platform, etc.).

We will not use your content (mockups, conversations, or design files) for AI training without your explicit, opt-in consent.

3. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

3.1 Service Providers

We engage trusted third-party vendors to operate our infrastructure. These include:

• Stripe — payment processing
• Amazon Web Services (AWS) — cloud hosting and storage
• Anthropic — AI conversation generation (only the text prompt you submit is processed; no identifying information is sent)
• Postmark — transactional email delivery
• Plausible Analytics — privacy-first, cookieless website analytics

Each provider is bound by data processing agreements and may not use your data for their own purposes.

3.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of MockDrop, our users, or the public.

3.3 Business Transfers

If MockDrop is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your data is transferred and subject to a different privacy policy.

4. Cookies & Tracking Technologies

MockDrop uses a minimal set of cookies and local storage to operate the service:

• Session cookies: Required to keep you logged in during a browsing session. These expire when you close your browser.
• Persistent cookies: Store your preferences (theme, language) across sessions. Expire after 12 months.
• Analytics: We use Plausible Analytics, which is cookieless and does not track you across sites. No consent banner is required.

We do not use advertising cookies, cross-site tracking pixels, or third-party retargeting scripts. You can clear cookies at any time through your browser settings without losing your account.

5. Data Storage & Security

Your data is stored on servers located in the European Union (AWS eu-west-1, Dublin, Ireland) with backups in Singapore (AWS ap-southeast-1).

We implement industry-standard security measures including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Role-based access controls limiting employee access to production data
• Regular penetration testing and security audits
• Two-factor authentication required for all internal systems

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Please notify us immediately at security@mockdrop.io if you suspect a breach.

5.1 Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., billing records retained for 7 years per accounting regulations). Anonymised usage statistics may be retained indefinitely.

6. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

6.1 Rights Available to All Users

• Access: Request a copy of all personal data we hold about you.
• Correction: Ask us to correct inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated personal data.
• Portability: Receive your data in a machine-readable format (JSON or CSV).
• Opt-out of marketing: Unsubscribe from newsletters at any time via the link in each email.

6.2 Additional Rights under GDPR (EU/EEA Residents)

• Restriction of processing: Ask us to limit how we use your data while a dispute is resolved.
• Right to object: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, withdraw it at any time.
• Lodge a complaint: File a complaint with your national data protection authority (e.g., the Irish DPC).

6.3 California Residents (CCPA)

California residents have the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information. To exercise your rights, email privacy@mockdrop.io.

To exercise any of these rights, contact us at privacy@mockdrop.io. We will respond within 30 days.

7. Children's Privacy

MockDrop is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@mockdrop.io and we will delete that information promptly.

8. International Data Transfers

If you are accessing MockDrop from outside the European Union, your data may be transferred to and processed in countries that may not have data protection laws equivalent to those in your jurisdiction.

For transfers from the EU/EEA to third countries, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission. A copy of the applicable SCCs is available upon request.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Post the updated policy on this page with a new "Last Updated" date
• Send an email notification to registered users at least 14 days before the change takes effect
• Display a notice in the MockDrop dashboard

Your continued use of MockDrop after the effective date constitutes acceptance of the revised policy. If you disagree with any changes, you may delete your account at any time.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@mockdrop.io
• Security issues: security@mockdrop.io
• Postal address: MockDrop, LG 2, Ghatkopar, Mumbai, Maharashtra, India — 400086

We aim to respond to all privacy-related enquiries within 5 business days.