Privacy Policy
Contents
1. Overview
MockServer ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use MockServer at mockserver.in, how we use that information, and what choices you have. We collect the minimum data necessary to operate the service, and we do not sell your personal data to anyone.
By using MockServer, you agree to the collection and use of information described in this policy. If you do not agree, please discontinue use of the Service.
2. Data We Collect
We collect data in two ways: information you provide directly and information collected automatically as you use the Service.
Information you provide:
- Email address — obtained from your OAuth provider (Google or GitHub) when you sign in. This is used solely to identify your account.
- Mock endpoint data — the paths, response bodies, headers, status codes, and other configuration you define for your mock endpoints. This data is stored and associated with your account.
- Account preferences — settings you configure within the Service, such as your display name or notification preferences.
Information collected automatically:
- Traffic logs — when an HTTP request hits one of your mock endpoints, we log metadata about that request: the timestamp, HTTP method, request path, response code, and request headers. We do not log request body payloads by default.
- Usage analytics — anonymised page view and interaction data collected through Google Analytics 4. This data does not include personally identifiable information.
- Log files — standard server log files including IP addresses, browser type, and referring URLs. These are used for security, debugging, and operational purposes and are not linked to your account profile.
What we do not collect:
- OAuth access tokens or refresh tokens — we receive your email from the OAuth provider and discard the token immediately.
- Passwords — authentication is handled entirely through OAuth providers.
- Payment card details — billing is processed directly by Stripe; we never see or store raw card numbers.
3. How We Use Your Data
We use the data we collect for the following purposes:
- Providing the Service — to create and manage your account, store your mock configurations, serve your mock endpoints, and display traffic logs in your dashboard.
- Authentication — to verify your identity when you sign in and to associate your actions with your account.
- Billing and payments — if you subscribe to a Pro plan, your email address is shared with Stripe to create a billing customer record. All payment processing is handled by Stripe.
- Service improvement — aggregated, anonymised analytics data helps us understand which features are most used, where users encounter friction, and how to prioritise improvements.
- Security and abuse prevention — to detect, investigate, and prevent fraudulent transactions, abuse of the Service, and violations of our Terms of Service.
- Support — to respond to inquiries or issues you raise with us.
We do not use your data for advertising targeting, we do not build marketing profiles, and we do not share your personal data with third parties for their own marketing purposes.
4. Data Retention
We retain different categories of data for different periods of time:
- Account data (email, mock configurations, settings) — retained for as long as your account is active. When you delete your account, all associated data is permanently deleted within 30 days.
- Traffic logs — Free tier: Request logs for free accounts are retained for 24 hours, after which they are automatically and permanently deleted.
- Traffic logs — Pro tier: Request logs for Pro subscribers are retained for 30 days, giving you a longer audit window for debugging and integration monitoring.
- Server log files: Standard infrastructure logs are retained for up to 30 days for operational and security purposes.
- Billing records: Transaction and subscription records may be retained for up to 7 years in accordance with financial record-keeping requirements.
5. Third-Party Services
MockServer integrates with the following third-party services. Each service has its own privacy policy that governs how they handle data:
- Google OAuth — used for account sign-in. Google receives your authentication request and returns your email address to us. Governed by Google's Privacy Policy.
- GitHub OAuth — used as an alternative sign-in method. GitHub receives your authentication request and returns your email address (or GitHub username if no public email is set). Governed by GitHub's Privacy Statement.
- Stripe — used to process payments for Pro plan subscriptions. Your payment card details are entered directly into Stripe's secure interface and are never transmitted to or stored on MockServer's servers. Governed by Stripe's Privacy Policy.
- Google Analytics 4 — used to collect anonymised, aggregated usage analytics. Google Analytics uses cookies to track sessions. You can opt out using the Google Analytics Opt-out Browser Add-on. Governed by Google's Privacy Policy.
- Google AdSense — used to display advertisements on certain pages of the Service. Google AdSense may use cookies and device identifiers to serve relevant ads. Governed by Google's Privacy Policy. You can manage ad personalisation through Google's Ad Settings.
We do not share your personal data with any other third parties except as required by law or to protect the rights and safety of MockServer and its users.
6. Cookies & Tracking
MockServer uses cookies for the following purposes:
- Session cookies — to keep you signed in to your account during a browsing session. These are essential for the Service to function and are deleted when you close your browser or sign out.
- Preference cookies — to remember your UI preferences such as your chosen colour theme (light, dark, or system).
- Analytics cookies — placed by Google Analytics 4 to measure anonymised usage patterns. You can disable these through your browser settings or the Google Analytics opt-out tool.
- Advertising cookies — placed by Google AdSense on pages where ads are shown. These may be used for ad personalisation based on your browsing activity across sites.
Most browsers allow you to block or delete cookies through their settings. Note that blocking essential session cookies will prevent you from signing in to the Service.
7. Your Rights
You have the following rights with respect to your personal data:
- Access — you can view your account data at any time through your dashboard.
- Deletion — deleting your account from the Settings page permanently removes all associated data from our systems, including your mock configurations and traffic logs, within 30 days. This action is irreversible.
- Portability — you can export your mock configurations from the dashboard at any time.
- Correction — if your account information is inaccurate, you can update it through your OAuth provider (Google or GitHub), which will be reflected on your next sign-in.
- Objection — you can opt out of analytics tracking using the tools described in the Cookies section above.
To exercise any of these rights or to make a privacy-related request, contact us at info@mockserver.in. We will respond within 5 business days.
8. Security
We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These measures include encrypted data transmission (HTTPS/TLS), access controls limiting which personnel can access production data, and regular security reviews.
However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security. If you become aware of any security issue relating to MockServer, please notify us promptly at info@mockserver.in.
9. Children's Privacy
MockServer is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it immediately. If you believe a child has provided us with their information, please contact us at info@mockserver.in.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the Service, applicable law, or our practices. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
11. Contact
If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:
- Email: info@mockserver.in
- Response time: We aim to respond to all privacy requests within 5 business days.