Privacy Policy

Effective date: May 11, 2026 · Last updated: May 11, 2026

1. Introduction

mockingly.ai (“we,” “our,” or “us”) is an AI-powered system design interview practice platform operated by Appsy Studio, a sole proprietorship (eenmanszaak) registered in the Netherlands (KVK 97901946). We act as the Data Controller for the personal data processed through our platform, as defined by the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Personal Data We Collect

Account Data. When you sign in via Google OAuth, we collect your email address, display name, and profile picture URL.

Interview & Usage Data. When you use the platform, we collect interview session data (your messages, AI responses, timestamps), whiteboard drawings, question progress, trivia quiz results, and subscription status.

Payment Data. Payments are processed by Stripe. We store your Stripe customer ID, subscription ID, payment method type, and billing history. We do not store your credit card number.

Technical Data. We automatically collect your IP address, browser type, device type, operating system, pages visited, referrer URL, error logs, and performance data.

Analytics Data (consent-gated). If you consent via our cookie banner, we collect page view events, feature usage, and UTM parameters.

3. How and Why We Process Your Data

Under GDPR Article 6, we process your data only when we have a valid legal basis:

  • Contract performance: providing the interview practice service, managing your account, processing payments, and sending service notifications.
  • Legitimate interest: ensuring platform security, preventing fraud, improving service quality, fixing bugs, and running basic website analytics (Vercel Analytics, which is cookieless).
  • Consent: product analytics (PostHog) and marketing communications. You may withdraw consent at any time via the cookie banner or your privacy settings.
  • Legal obligation: retaining financial records for 7 years as required by Dutch tax law (Belastingdienst).

4. Artificial Intelligence & Data Processing

When you use mockingly.ai, you are interacting with an artificial intelligence system, not a human interviewer. All interview questions, feedback, and analysis are generated by AI models (specifically, OpenAI's GPT-4o). When you send a message or submit a drawing during an interview, your input is transmitted to OpenAI's servers for processing.

We use OpenAI's paid API tier. Under OpenAI's data usage policy for paid services, your prompts and responses are not used to train or improve OpenAI's models. To provide a stateful interview experience, conversation history may be temporarily retained by OpenAI as part of their Stored Completions feature.

mockingly.ai does not make any automated decisions that produce legal effects or similarly significantly affect you. AI-generated feedback is for educational and practice purposes only and does not constitute professional advice.

5. Third-Party Service Providers

We share your data with the following third-party processors, each bound by data processing agreements:

  • Supabase (EU/US) — database and authentication. Processes account data, sessions, and progress.
  • OpenAI (US) — AI interview processing. Processes interview messages and drawings.
  • Stripe (US) — payment processing. Processes email and payment details.
  • Vercel (US/Global) — hosting and basic analytics. Processes application data and page views.
  • PostHog (EU) — product analytics (consent-gated). Processes usage events and page views.

6. International Data Transfers

Some of our service providers are based in the United States and other countries outside the European Economic Area (EEA). When your data is transferred internationally, it is protected by the EU-US Data Privacy Framework (where certified), Standard Contractual Clauses (SCCs), and binding Data Processing Agreements.

7. Cookies & Tracking

We use cookies and similar technologies. You can manage your preferences via the cookie banner on your first visit, or through your account's privacy settings.

Necessary cookies (always active): Supabase authentication session cookies and cookie consent preferences (stored in localStorage). Required for basic functionality and cannot be disabled.

Analytics cookies (consent required): PostHog product analytics (EU-hosted).

Marketing and preference cookies (consent required): Currently not in active use, reserved for potential future use.

Vercel Analytics is also used for basic web analytics. It operates without cookies (cookieless) and does not require consent.

8. Data Retention

Account data and interview sessions are retained until you delete your account. Payment records are retained for 7 years as required by Dutch tax law. Analytics data is anonymized after 26 months. Server logs are retained for 30 days for security monitoring. When you request account deletion, we delete your personal data within 30 days, except where retention is required by law.

9. Your Privacy Rights (GDPR)

Under the GDPR, you have the right to:

  • Access a copy of your personal data
  • Rectify inaccurate or incomplete data
  • Erase your personal data (“right to be forgotten”)
  • Receive your data in a portable, machine-readable JSON format
  • Object to processing based on legitimate interest
  • Restrict how we process your data
  • Withdraw consent at any time

To exercise your rights, visit your account's Privacy Settings to export or delete your data, or email us at contact@mockingly.ai. We will respond within 30 days. If you believe we have not handled your data properly, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) at autoriteitpersoonsgegevens.nl.

10. Children's Privacy

Our service is not intended for individuals under the age of 16. In accordance with the Dutch implementation of the GDPR (UAVG), we do not knowingly collect personal data from children under 16. If we discover that we have collected data from a child under 16, we will delete it promptly.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (HTTPS/TLS) and at rest, authentication via secure OAuth 2.0 (Google), row-level security policies in our database (Supabase RLS), and exclusive use of PCI DSS-compliant Stripe for payment processing. While we take reasonable precautions, no method of electronic transmission or storage is 100% secure and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and notify registered users via email. We encourage you to review this page periodically.

13. Contact

If you have questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your data, please contact us at contact@mockingly.ai. We will respond within 30 days. Appsy Studio is located at Isaac Titsinghkade 239, Amsterdam, the Netherlands. KVK: 97901946. VAT: exempt under KOR (kleineondernemersregeling).