Privacy & GDPR Notice – MockHub

1. Overview – Service Nature

MockHub (the “Platform”) is a test and development environment for creating REST/SOAP mock APIs, dynamic scenarios and AI‑generated documentation. It is not designed or warranted for production use or long‑term storage of personal or sensitive data. Any data placed in mocks is treated strictly as “test data” and may be removed at any time without notice.

2. Data Controller

The data controller is MockHub. Contact: info@mockhub.ovh. Use this address to exercise the rights described in section 13.

3. Sources & Categories of Data

• Firebase authentication data (email, UID, ID tokens) supplied when registering/logging in.
• Essential billing data handled by Stripe (subscription status, customer identifier, payment events). MockHub does not store full card numbers.
• Technical/log data (IP addresses, timestamps, request identifiers, usage counters) for security, rate limiting and statistics.
• Mock content (response bodies, URLs, scenarios) provided or generated by the user – always treated as test data and can be deleted or overwritten.
• Folder/organization metadata (folder names, share codes).

Users must not insert real personal data (e.g. names, addresses, ID numbers) inside mock payloads.

4. Purposes & Legal Bases (GDPR)

Purpose	Legal Basis
Service provision (mock creation, account management, limits)	Art. 6(1)(b) – contract performance
Billing & Premium payment handling	Art. 6(1)(b) – contract; Art. 6(1)(c) – legal obligations
Security & abuse prevention / rate limiting	Art. 6(1)(f) – legitimate interest
Aggregated usage analytics (non‑personal)	Art. 6(1)(f) – legitimate interest
Optional promotional communications (if enabled)	Art. 6(1)(a) – consent (revocable)

5. Nature of Provision

Providing authentication data is required to use the Platform; without it an account cannot be created. Payment data is required for Premium features. Any mock content is optional but always treated as disposable test data.

6. Retention

• Email / UID: while the account remains active or until deletion request.
• Billing data: retained per statutory accounting/tax obligations (up to 10 years).
• Technical logs: rotated/purged periodically (indicatively < 180 days).
• Mocks & scenarios: no persistence guarantee; may be removed due to expiry, maintenance, cleanup or limits.

7. Recipients / Third Parties

Third parties are used solely to operate the service:

• Firebase (Google) – authentication, token issuance.
• Stripe – payments & subscription lifecycle.
• Redis – rate limiting & ephemeral counters.
• Cloud hosting / infrastructure (servers, storage, CDN).

8. International Transfers

Services like Firebase and Stripe may involve transfers outside the EU (e.g. to the USA). Such transfers rely on appropriate safeguards (Standard Contractual Clauses, security configurations). By using the Platform the user accepts these technically necessary transfers.

9. Security

Reasonable measures (access control, temporary tokens, rate limiting, logical isolation) are applied. No system is free of vulnerabilities; the user accepts inherent risk of test environments and must not upload critical personal data.

10. Test Data & No Guarantees

Mocks can be deleted permanently and without notice (e.g. periodic cleanup, expiry, maintenance). The user assumes all risk of loss or unavailability and must not rely on the Platform as primary storage nor place real personal data.

11. Profiling

No automated decision‑making or profiling is performed in the sense of GDPR Art. 22.

12. Children

The service is not intended for children under 16. Accounts identified as belonging to minors may be suspended and associated data removed.

13. Data Subject Rights

Users may exercise: access, rectification, erasure, restriction, portability, objection, withdrawal of consent (where applicable). Requests must be sent from the registered email to info@mockhub.ovh.

14. Procedure

The controller responds within 30 days (extendable to 90 for complexity) and may request information to verify identity. Some data (e.g. fiscal logs) cannot be removed prior to statutory deadlines.

15. Complaints

Users may lodge a complaint with the Italian Data Protection Authority or the supervisory authority of their Member State.

16. Changes to this Notice

This notice may be updated. Continued use after publication of changes constitutes acceptance. Check the “Last updated” date periodically.

17. Link to Terms of Use

Use of the Platform is also governed by the Terms & Conditions. In case of conflict the more protective document for the controller prevails.

18. Disclaimer

Nothing herein constitutes legal advice. No guarantee is given of total absence of typographical or interpretative errors. Professional legal review is recommended before use in regulated contexts.