Privacy Policy

Last updated: March 27, 2026

1. Introduction

Mock Studio ("Mock Studio," "we," "our," or "us") provides a website and a Chrome extension for API mocking, network capture, mock management, optional AI-assisted features, and optional sync/export workflows. This Privacy Policy explains what data we collect, access, store, use, and share when you use our website, our Chrome extension, and related services.

Summary of Data Practices

This summary is for convenience only. The detailed disclosures below control.

  • Account and billing data: If you sign in or subscribe, we collect account, authentication, and subscription data needed to authenticate you and manage paid features.
  • Extension data: The extension stores your projects, mocks, folders, scenarios, environments, settings, captured network data, and local analytics data in your browser unless you explicitly use a feature that exports or syncs that data elsewhere.
  • Optional external processing: If you use Managed AI, a custom AI provider, or GitHub Sync, the prompts, mock content, repository details, and synced project data needed for those features are sent to the relevant provider.
  • Website analytics: Our website uses Google Analytics. The extension itself is not used for advertising or cross-site tracking.
  • No sale of personal data: We do not sell your personal data and do not use extension data for targeted advertising.

2. Scope

This Privacy Policy applies to:

  • The Mock Studio marketing website and documentation website.
  • The Mock Studio Chrome extension and its DevTools panel.
  • Authentication, subscription, billing, AI, and sync services we operate or integrate with for user-facing features.

3. Data We Collect, Access, or Store

a. Account and identity data

If you sign in with Google, we receive and store the following account information through Google OAuth and Supabase:

  • Email address
  • Display name
  • Profile image URL
  • Google account identifier / auth-linked user ID

We use this data to create your account, authenticate you, display your profile in the product, and manage paid features.

b. Subscription, order, and billing data

If you purchase or activate a paid feature, we store your email address, subscription status, license key, and related order or subscription metadata needed for billing support, entitlement checks, invoicing, and fraud prevention. Payment card details and billing payment processing are handled by our payment processor, Lemon Squeezy, not by Mock Studio directly.

c. Extension authentication and settings data stored locally

The extension stores certain data locally in your browser, including in chrome.storage.local, localStorage, and/or IndexedDB:

  • Session tokens such as access and refresh tokens used to keep you signed in.
  • Subscription cache and license state such as whether Pro features are available.
  • User preferences and feature settings, including provider configuration you choose to save locally.
  • Optional AI configuration, such as provider endpoint, model name, and API key that you choose to store locally for your own provider.
  • Optional GitHub sync configuration, such as owner, repository, branch, path, and token that you choose to store locally.

d. Mock project data stored locally

Mock Studio stores your working data locally in your browser unless and until you export or sync it. This local data can include:

  • Projects, folders, mocks, variants, scenarios, environments, variables, and change history.
  • Mock request definitions such as methods, URL patterns, matching rules, delay settings, headers, status codes, and response bodies.
  • Imported content such as JSON backups, OpenAPI specifications, and pasted cURL commands.
  • Project-level sync metadata such as saved GitHub repository owner, repository name, branch, path, and any token you choose to save with that project.
  • Exported backup content prepared for download.

e. Network capture and website activity data accessed by the extension

When you use network interception or the Network Capture feature, the extension may access and process website traffic and website resources needed for the user-facing functionality of the product. Depending on the feature you use, this can include:

  • Request method, full request URL, and request headers.
  • Response status, response headers, and response timing metadata.
  • Response bodies and other request/response content when you capture a request into a mock, create a scenario from captured traffic, import/export a project, or otherwise choose to save that data as part of a mock workflow.

This data is used to display captured traffic, detect matching mocks, build mocks from live traffic, and apply user-configured mock responses. By default, this working data is stored locally in your browser as part of the extension state. We do not use this data for advertising or cross-site tracking.

f. Optional AI feature data

If you use AI-assisted features such as mock generation, variant generation, or scenario naming, the data sent depends on the provider you choose:

  • Managed AI: Your prompt and the mock or captured content needed to answer the prompt may be transmitted to our managed AI service.
  • Custom or third-party AI provider: Your prompt, current mock content, request/response context, and related settings may be transmitted directly to the provider endpoint you configure, such as OpenAI-compatible services.
  • Local AI: If you configure a local provider such as Ollama, your data is sent to that local endpoint rather than to Mock Studio.

The data you send to an external AI provider is governed by that provider's privacy terms in addition to this policy.

g. Optional GitHub Sync data

If you enable GitHub Sync, the extension may store and use your repository configuration and token locally, and may transmit project data, mock content, and related metadata to GitHub so the selected repository can be read from or written to on your behalf.

h. Local extension analytics data

The extension may also store local analytics derived from captured requests for use in the extension's Analytics page, such as method, path, request counts, failures, response time summaries, timestamps, and recent request logs. This extension analytics data is stored locally for your use in the product and is not used by us as advertising telemetry.

i. Website analytics and support data

When you visit our website, we use Google Analytics to collect website usage information such as pages viewed, browser and device data, approximate location derived from IP, timestamps, and engagement metrics. If you contact us for support, we collect the information you choose to provide in that communication.

4. How We Use Data

  • To authenticate users and maintain signed-in sessions.
  • To verify subscriptions, licenses, and access to paid features.
  • To store, display, edit, import, export, and sync mock projects and related content.
  • To capture network traffic, create mocks from captured traffic, and apply your mock rules to matching requests.
  • To provide optional AI-assisted features that you explicitly invoke.
  • To process purchases, provide invoices and transactional notices, and respond to support requests.
  • To secure the service, prevent abuse, detect fraud, and troubleshoot issues.
  • To analyze and improve our website and product experience.

5. Where Data Is Stored

  • Locally in your browser: Mock projects, captured traffic saved into the extension, local extension analytics, settings, tokens, backups, imported content, AI provider configuration, and GitHub sync configuration may be stored in browser-managed storage, including chrome.storage.local, localStorage, and IndexedDB.
  • On Supabase: Account identity data and subscription-related records are stored on Supabase infrastructure.
  • On Lemon Squeezy: Payment and order processing data is stored and processed by Lemon Squeezy.
  • On GitHub, if you enable sync: Synced project files are stored in the repository you configure. Depending on the data saved in the project, that synced file may include repository configuration associated with the project.
  • On AI provider infrastructure, if you use an external provider: Prompts and content you submit to Managed AI or a third-party provider may be processed and retained by that provider according to their policies.

6. How We Share Data

We do not sell your personal data. We share data only as needed to provide the service you request, to process optional integrations you enable, or to comply with law.

  • Google: For sign-in and authentication data provided through Google OAuth.
  • Supabase: For authentication, account storage, and subscription-related backend operations.
  • Lemon Squeezy: For payment processing, subscription management, and billing receipts.
  • Google Analytics: For website traffic analytics.
  • AI providers you use: For Managed AI, your prompts and necessary content are shared with our managed AI provider. For custom providers, the extension sends data directly to the endpoint you configure.
  • GitHub, if you enable sync: Project content and repository credentials needed for push and pull operations are shared with GitHub. Depending on your saved project configuration, repository settings associated with the project may also be included in synced or exported project data.
  • Legal and business transfer recipients: If required by law, to protect rights and safety, or in connection with a merger, acquisition, financing, or sale of assets.

7. Chrome Extension-Specific Disclosures

The Mock Studio extension handles personal or sensitive user data only to provide the extension's user-facing features, such as authentication, entitlement checks, network capture, traffic inspection, mock creation, mock response generation, and optional sync or AI features.

What the extension accesses

  • Authentication information required to keep you signed in and verify your subscription.
  • Web browsing activity and website resources, including request URLs, request metadata, and response metadata, when needed for interception, matching, capture, inspection, and mock creation.
  • User-provided content such as prompts, mock definitions, response bodies, headers, imported files, repository settings, and sync targets.

What the extension does not do

  • It does not sell extension data.
  • It does not use extension data for targeted advertising.
  • It is not designed for cross-site tracking.
  • It does not send captured traffic to Mock Studio servers unless you explicitly use a feature that requires external processing, such as Managed AI or another sync/integration feature you enable.

8. Data Retention

  • Local extension data: Retained on your device until you delete it, overwrite it, uninstall the extension, or clear your browser storage.
  • Account data: Retained while your account is active and for a reasonable period afterward for security, support, and compliance purposes.
  • Subscription and order records: Retained as needed for accounting, fraud prevention, legal compliance, and dispute handling.
  • Website analytics data: Retained according to our analytics configuration and Google Analytics retention settings.
  • Third-party destinations: Data sent to GitHub or an AI provider may remain there until you delete it according to that provider's controls and policies.

9. Security

We use reasonable technical and organizational safeguards designed to protect personal data. Data transmitted between the extension, our services, and supported providers is intended to use modern encrypted transport such as HTTPS/TLS where applicable.

No security measure is perfect. You are responsible for protecting access to your device, browser profile, Google account, API keys, GitHub tokens, and any repositories or third-party AI endpoints you configure.

10. Your Choices and Rights

  • You can use many core features locally without signing in.
  • You can delete local project data by clearing data inside the extension or clearing your browser storage.
  • You can stop using external processing features by not enabling Managed AI, custom AI providers, or GitHub Sync.
  • You can request access, correction, or deletion of account data we control, subject to legal and operational requirements.

To make a privacy request, contact hello@mockstudio.app.

11. Children's Privacy

Mock Studio is not directed to children under 13, and we do not knowingly collect personal data from children under 13.

12. Google API Services User Data

Mock Studio's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • We use Google user data only to provide or improve user-facing features that are prominent in the product.
  • We do not use Google user data for advertising.
  • We do not sell Google user data.
  • We do not allow humans to read Google user data except for limited cases such as security, support requested by you, or legal compliance.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version here and revise the "Last updated" date above. If a change is material, we may also provide additional notice through the website, the extension, or email where appropriate.

14. Contact

Questions about this Privacy Policy can be sent to hello@mockstudio.app.