Privacy Policy

Information collected automatically

• Source platform organization or user account name (e.g., GitHub, GitLab, Bitbucket), used as your organization identifier
• Repository names and branch/tag references (used to provision simulations)
• IP address and user agent string (collected with API requests and form submissions)
• Request counts and usage metrics (aggregated per organization per day)

Information you provide

• Contact information: name, email address, phone number, company name, billing address (when you register as a contact or subscribe to a paid plan)
• Contact form submissions: name, email, company, message content
• OpenAPI specifications and related files uploaded through supported integrations

Information we do not collect

• We do not store credit card numbers or payment credentials. All payment processing is handled by Stripe.

• To operate and provision the Service (simulation deployment, request routing, usage tracking)
• To enforce tier limits and prevent abuse
• To process payments through Stripe
• To respond to your inquiries and support requests
• To analyze usage patterns and improve the Service (via Google Analytics)
• To comply with legal obligations

• Consent: we obtain your consent (express or implied, as appropriate) for the collection, use, and disclosure of personal information, in accordance with PIPEDA and Québec Law 25
• Performance of a contract: processing necessary to provide the Service you requested
• Legitimate interests: usage analytics, abuse prevention, and service improvement, where these interests are not overridden by your privacy rights
• Legal obligation: where we are required or authorised to collect, use, or retain information by Canadian or Québec law

We use the following third-party services that may process your data:

Account data, billing information, and organization records are stored on AWS servers located in the European Union. Simulation data (your uploaded specifications and deployed simulation environments) may be stored in any supported AWS region based on your organization's region assignment. We use industry-standard security measures including encryption in transit (TLS) and at rest to protect your data.

Each simulation runs in an isolated environment with scoped access permissions. Simulations cannot access other users' data.

While we take reasonable precautions to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

We retain your organization and contact data for as long as your account is active.

Usage data (request counts, error rates) is retained in aggregated form for a limited period and then automatically deleted.

When you remove the Mockzilla integration and your simulations are torn down, your uploaded specifications and simulation data are deleted. Your organization record, usage history, and any associated contact or billing information may be retained for a reasonable period to support billing, analytics, and legal obligations.

Contact form submissions are retained for as long as needed to respond to your inquiry.

Under PIPEDA, Québec Law 25, and other applicable Canadian privacy laws, you have the following rights regarding your personal information:

• Right of access: request a copy of the personal information we hold about you
• Right to rectification: request correction of inaccurate or incomplete personal information
• Right to deletion or de-indexing: request deletion of your personal information, or that we cease disseminating or de-index it, where the law permits
• Right to withdraw consent: withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions
• Right to data portability: request your computerised personal information in a structured, commonly used technological format
• Right to information about automated decisions: where a decision is based exclusively on automated processing of your personal information, request to be informed and to submit observations
• Right to object or to file a complaint: object to specific processing activities, or file a complaint with the Commission d'accès à l'information du Québec or the Office of the Privacy Commissioner of Canada

To exercise any of these rights, please contact our Privacy Officer at the address provided below. We will respond within 30 days.

Although we are established in Québec, Canada, your account and billing data is primarily stored on AWS servers located in the European Union, and simulation data may be stored in any supported AWS region. As a result, your personal information is processed outside Canada and may be subject to the laws of the jurisdictions in which it is stored. Some third-party services (Stripe, Google Analytics) may also transfer or process data in the United States. Where personal information is transferred outside Québec or Canada, we take reasonable contractual, organisational, and technical measures to ensure that it receives a level of protection equivalent to that required under Québec Law 25 and PIPEDA.

The Service is not directed at children under the age of 14. In accordance with Québec Law 25, we do not knowingly collect personal information from minors under 14 without the consent of a person having parental authority. If you believe we have collected information from a child without proper consent, please contact us and we will delete it promptly.

We may use cookies for essential functionality such as language preferences. We use Google Analytics, which may set its own cookies for analytics purposes.

You can control cookies through your browser settings. Disabling cookies may affect certain features of the Service.

We may update this Privacy Policy at any time. Changes take effect immediately upon publication on our website. We encourage you to review this page periodically.

For privacy-related questions, data access requests, or complaints, please contact our Privacy Officer at:

privacy@mockzilla.org

You also have the right to lodge a complaint with the Commission d'accès à l'information du Québec (CAI) or the Office of the Privacy Commissioner of Canada (OPC), or with a supervisory authority in your country of residence.