1. Who we are
Mocktopus (“we”, “us”) operates the website at mocktopus.io and the application at app.mocktopus.io. This policy covers both surfaces.
2. What we collect
We collect only what we need to run the product:
- Account data. Email address and display name when you sign in via Google OAuth. We do not receive your Google password.
- Domain models you create. The entities, fields, constraints, versions, and mock datasets you author inside the product.
- Operational logs. Request metadata (timestamp, route, status code) required to debug and operate the service.
- Anonymous analytics. Aggregate usage data from the marketing site via Cloudflare Web Analytics. No cookies, no cross-site tracking.
3. What we do with it
- Authenticate you and authorise access to your organisation.
- Store the domain models and mock datasets you author.
- Send transactional emails (account verification, security alerts).
- Diagnose and fix bugs reported through support channels.
We do not sell your data. We do not run advertising.
4. Where it lives
Application data is stored in PostgreSQL databases hosted in the European Union. Enterprise tenants who require dedicated infrastructure can be provisioned in a specific region on request.
5. Your rights
You can request access to, correction of, or deletion of your account data at any time by contacting privacy@mocktopus.io. Account deletion removes your user record and any organisation you solely own.
6. Cookies and sessions
The application uses a single sealed cookie to maintain your authenticated session. The marketing site sets no cookies of its own.
7. Third parties
- Google (OAuth sign-in).
- Cloudflare (CDN, web analytics, hosting).
- The PostgreSQL provider hosting application data.
Each is bound by its own published terms. We do not share your domain models with them.
8. Changes
If this policy changes materially, we will update the “Last updated” date and notify account holders by email.
9. Contact
Questions about this policy: privacy@mocktopus.io.