Privacy Policy
Last updated: August 20, 2025
At dotMock (accessible from https://dotmock.com and https://mock.new), protecting your privacy is our top priority. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mock API service.
If you have questions about this Privacy Policy, please contact us at [email protected].
Information We Collect
Personal Information
We collect personal information that you provide to us for the following purposes:
- Account Registration: When you create an account, we collect your name, email address, password (encrypted), and optionally your company name and profile picture. For OAuth logins (GitHub, Google), we store your social account ID and basic profile information.
- Subscription & Billing: For paid subscriptions, we collect billing information including name, billing address, and payment method details. This information is securely processed through our payment provider, Stripe, and we do not store credit card numbers on our servers.
- Team Management: When you create or join teams, we store team membership information, roles, and permissions to facilitate collaboration.
Usage Information
We automatically collect certain information when you use dotMock:
- API Request Data: When requests are made to your mock APIs, we log HTTP parameters including method, path, headers, payload, response codes, and IP addresses. This data is retained for 30 days for debugging and analytics purposes, after which it is automatically deleted.
- Analytics Data: We collect IP addresses, browser type, operating system, referring pages, pages viewed, time spent, and interaction patterns to improve our service and user experience.
- AI Generation Usage: We track the number of AI-generated APIs and endpoints created to enforce plan limits and improve our AI capabilities.
How We Use Your Information
We use the collected information for:
- Providing and maintaining our mock API service
- Processing transactions and sending billing information
- Sending service-related notifications and updates
- Improving our service through analytics and user feedback
- Enforcing our terms of service and preventing abuse
- Providing customer support and responding to inquiries
- Complying with legal obligations
Data Retention
- API Request Logs: Retained for 30 days, then automatically deleted
- Account Information: Retained as long as your account is active
- Billing Records: Retained for 7 years for tax and legal compliance
- Deleted Accounts: Personal information is removed within 30 days of account deletion, except where retention is required by law
Data Security
- Free Plan APIs: Mock APIs on free plans are public by default. Anyone with the endpoint URL can view requests. We recommend not sending sensitive data to free plan endpoints.
- Paid Plan APIs: Mock APIs on paid plans are private and protected with authentication. Access is restricted to authorized team members only.
- Encryption: All data transmission is encrypted using TLS/SSL. Passwords are hashed using bcrypt with salt rounds.
- Infrastructure: We use industry-standard security measures including firewalls, intrusion detection, and regular security audits.
⚠️ Important: Never send production API keys, secrets, or sensitive personal information to mock endpoints, especially on free plans.
Cookies
We use cookies to maintain sessions and improve your experience:
| Cookie Name | Purpose | Type |
|---|---|---|
| dotmock-session | Authentication and session management | Essential |
| dotmock-team | Remember selected team | Functional |
| theme | UI theme preference (light/dark) | Functional |
| cf_clearance | Cloudflare security verification | Essential |
| __stripe_* | Stripe payment processing | Essential |
| _ga, _ga_* | Google Analytics (anonymous usage statistics) | Analytics |
Your Data Rights (GDPR)
If you are in the European Economic Area (EEA), you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your personal data
- Portability: Receive your data in a portable format
- Restriction: Request limited processing of your data
- Objection: Object to certain types of processing
- Withdraw Consent: Withdraw previously given consent
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
Third-Party Services
We use the following third-party services that may collect information:
- Stripe: Payment processing (PCI-DSS compliant)
- Cloudflare: CDN, DDoS protection, and security
- Google Analytics: Anonymous usage analytics
- GitHub/Google OAuth: Authentication services
- SendGrid: Transactional email delivery
- OpenAI: AI-powered API generation (no personal data shared)
These services have their own privacy policies. We recommend reviewing them to understand how they handle your information.
Marketing Communications
We may send you marketing emails about new features, tips, and updates. You can unsubscribe at any time using the link in the email footer or by updating your notification preferences in your account settings.
Children's Privacy
dotMock is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.
California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we do not sell personal data)
- Right to non-discrimination for exercising privacy rights
International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our website. The "Last updated" date at the top indicates when this policy was last revised.
Contact Information
For questions about this Privacy Policy or our data practices, contact us at:
Email: [email protected]
Support: [email protected]
Legal Basis for Processing
We process your personal information under the following legal bases:
- Contract performance (to provide our services)
- Legitimate interests (to improve our services and communicate with you)
- Legal compliance (to meet regulatory requirements)
- Consent (for marketing communications and optional features)
By using dotMock, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our service.