Mockrounds (“we,” “us,” or “our”) operates the Mockrounds platform at mockrounds.ai (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using Mockrounds, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide
- Account Information — name, email address when you register. If you sign in via Google or GitHub, we receive your name, email, and profile picture from those providers.
- Profile Information — company, job title, years of experience, and system design experience level provided during onboarding. This is optional and can be updated in Settings.
- Payment Information — when you subscribe to Pro, payment is processed by Lemon Squeezy. We receive your subscription status, billing interval, and customer ID. We do not store credit card numbers, CVVs, or bank account details.
- Communications — if you email us or submit a support request, we retain that correspondence.
1.2 Information Generated During Use
- Interview Transcripts — your spoken responses during mock interviews are transcribed to text in real-time using ElevenLabs speech-to-text. Transcripts are stored as part of your session record.
- Voice Audio — during sessions, your voice audio is streamed to our WebSocket server for real-time transcription. Raw candidate audio is processed in-memory and is not permanently stored. Only the text transcription is retained.
- AI Debrief Audio — the AI interviewer's spoken debrief is generated via ElevenLabs text-to-speech and stored as an audio file associated with your session.
- Whiteboard Data — your system design drawings are processed as text descriptions for AI evaluation. Canvas data may be stored as part of the session.
- Scores and Feedback — AI-generated scores, dimension breakdowns, strengths, weaknesses, and written debriefs are stored per session.
1.3 Information Collected Automatically
- Usage Data — pages visited, session timestamps, features used, time on page.
- Device Information — browser type and version, operating system, screen resolution.
- IP Address — used for rate limiting, security, and approximate geographic location.
- Cookies — see Section 8 below.
2. How We Use Your Information
We use collected information for the following purposes:
- Provide the Service — run mock interview sessions, generate scores, deliver feedback and debriefs.
- Personalize Your Experience — match problem difficulty to your experience level, track progress across sessions, identify weak areas.
- Process Payments — manage subscriptions, process upgrades and cancellations via Lemon Squeezy.
- Communicate — send transactional emails (account verification, password reset, subscription confirmations). We do not send marketing emails without your explicit opt-in.
- Improve the Service — analyse anonymized, aggregated usage patterns to improve interview quality, scoring accuracy, and user experience.
- Security — detect and prevent fraud, abuse, and unauthorized access. Enforce fair use limits.
- Legal Compliance — comply with applicable laws, regulations, and legal requests.
3. How We Share Your Information
We do not sell your personal information. We share data only in the following circumstances:
3.1 Third-Party Service Providers
We use the following services to operate Mockrounds. Each receives only the data necessary for their function:
| Provider | Purpose | Data Shared |
|---|
| Supabase | Authentication, database, file storage | Account data, session data, audio files |
| Anthropic (Claude) | AI interview, scoring, debrief generation | Interview transcripts, whiteboard descriptions |
| ElevenLabs | Speech-to-text, text-to-speech | Voice audio (streaming, not stored), AI response text |
| Lemon Squeezy | Payment processing | Email, subscription details |
| Vercel | Application hosting | Request logs, IP addresses |
| Upstash | Caching, rate limiting | Cache keys (no personal data in cache values) |
| Railway | WebSocket server hosting | Session audio streams (in-memory only) |
3.2 AI Model Training
Your interview data sent to Anthropic's Claude API is processed under their API terms, which state that API inputs and outputs are not used to train their models. Similarly, audio processed by ElevenLabs is subject to their API terms and is not used for model training.
3.3 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request. We may also disclose information to protect the rights, property, or safety of Mockrounds, our users, or others.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
4. Data Retention
- Account data — retained as long as your account is active.
- Session data (transcripts, scores, feedback) — retained as long as your account is active.
- Debrief audio files — retained as long as your account is active.
- Candidate voice audio — streamed in real-time and not permanently stored. Discarded after transcription.
- Usage logs — retained for up to 90 days.
- Waitlist emails — retained until launch or until you request removal.
When you delete your account (via Settings), all associated data is permanently deleted within 30 days, including: profile, sessions, transcripts, scores, feedback, and audio files.
5. Data Security
We implement reasonable security measures to protect your data:
- All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
- Database data is encrypted at rest.
- Authentication uses secure, httpOnly cookies with Supabase Auth.
- API endpoints are protected with authentication checks and rate limiting.
- WebSocket connections are authenticated using JWT tokens.
- Service role keys and API secrets are stored as environment variables, never in client-side code.
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. International Data Transfers
Mockrounds is hosted on infrastructure in the United States (Vercel, Supabase, Railway). If you access the Service from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer.
For EU/EEA users: transfers are conducted under Standard Contractual Clauses (SCCs) as implemented by our service providers.
7. Your Rights
7.1 All Users
- Access — view your data via the dashboard, session reports, and Settings page.
- Correction — update your name, company, and preferences in Settings.
- Deletion — delete your account and all associated data from Settings → Danger Zone.
- Export — contact us at privacy@mockrounds.ai to request a data export.
7.2 EU/EEA Users (GDPR)
If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:
- Legal basis — we process your data based on: (a) your consent (account creation), (b) contract performance (providing the Service), and (c) legitimate interests (security, service improvement).
- Right to object — you may object to processing based on legitimate interests.
- Right to portability — request your data in a structured, machine-readable format.
- Right to restrict processing — request that we limit how we use your data.
- Right to lodge a complaint — with your local data protection authority.
To exercise these rights, contact privacy@mockrounds.ai. We will respond within 30 days.
7.3 California Users (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act:
- Right to know — what personal information we collect and how we use it.
- Right to delete — request deletion of your personal information.
- Right to opt-out of sale — we do not sell personal information.
- Non-discrimination — we will not discriminate against you for exercising these rights.
8. Cookies
We use only essential cookies required for the Service to function:
| Cookie | Purpose | Duration |
|---|
| sb-*-auth-token | Supabase authentication session | Session / 1 hour |
| sb-*-auth-token-code-verifier | OAuth PKCE verification | Session |
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
9. Children's Privacy
Mockrounds is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@mockrounds.ai.
10. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users via email within 72 hours of becoming aware of the breach.
- Notify relevant data protection authorities as required by applicable law.
- Provide details about what data was affected, what we are doing to address it, and steps you can take.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending an email. The “Last updated” date at the top indicates the most recent revision.
Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
For any privacy-related questions or requests: