Privacy Policy

Last updated: March 27, 2026

1. Data Controller

MockupGen AI ("we," "us," or "our") is the data controller responsible for your personal data. We are based in Poland and operate the website at mockupgenai.com.

For any data protection inquiries, reach out through our contact form.

2. Data We Collect

Account Data

When you create an account through Kinde Auth, we collect your email address and display name. We do not store passwords directly — authentication is handled securely by Kinde.

Payment Data

Payments are processed by Stripe. We never see or store your full credit card number. Stripe handles all payment data in compliance with PCI DSS standards. We receive only a confirmation of payment status, your Stripe customer ID, and subscription details.

Uploaded Screenshots

When you upload app screenshots, they are temporarily stored in Cloudflare R2 and processed by the Anthropic Claude API to generate your mockups. We do not use your uploaded images for AI model training or any purpose other than fulfilling your mockup generation requests.

Generated Mockups

Mockups produced by the AI are stored in Cloudflare R2 and are available to you for download during your data retention period (see Section 5).

Usage Data

We collect service usage metadata such as generation counts, project creation dates, and feature usage to operate and improve the service.

Analytics Data (with consent)

With your explicit consent, we use Google Analytics (via Google Tag Manager) to collect anonymized usage data such as page views, referral sources, and device information. This data helps us improve the user experience. Analytics cookies are only set after you grant consent through our cookie banner.

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data on the following legal grounds:

Contract performance (Art. 6(1)(b)): Processing your account data, uploaded screenshots, and payment information is necessary to provide the MockupGen AI service you signed up for.
Legitimate interest (Art. 6(1)(f)): We process certain data for security, fraud prevention, abuse detection, and service improvement. Our legitimate interest does not override your fundamental rights.
Consent (Art. 6(1)(a)): Analytics and marketing cookies are only set after you give explicit consent through our cookie banner. You may withdraw consent at any time (see Section 8).
Legal obligation (Art. 6(1)(c)): We may process data when required by law, such as tax and accounting obligations related to payments.

4. How We Use Your Data

To provide, maintain, and improve the MockupGen AI service.
To process payments and manage your subscription.
To generate mockups from your uploaded screenshots using AI.
To communicate with you about your account or the service.
To enforce our Terms of Service and protect against abuse.
To analyze usage patterns and improve the user experience (only with your consent for analytics cookies).

5. Data Retention

Uploaded screenshots and generated mockups are retained based on your subscription tier:

Plan	Retention Period
Free	7 days
Starter	30 days
Pro	90 days

After the retention period, your images and generated mockups are automatically deleted from our storage.

Account data (email, name, subscription history) is retained as long as your account is active and for a reasonable period afterwards for legal and accounting purposes. When you delete your account, we erase your personal data within 30 days except where retention is required by law.

6. Third-Party Data Processors

We share your data with the following third-party processors solely to operate the service. Each processor is bound by a Data Processing Agreement (DPA) that ensures GDPR-compliant handling of your data:

Processor	Purpose	Location
Kinde	Authentication, user management	Australia
Stripe	Payment processing	USA
Anthropic (Claude API)	AI mockup generation	USA
Cloudflare (R2, CDN)	Image storage, content delivery	Global
Google (Analytics, GTM)	Website analytics (with consent)	USA

7. International Data Transfers

Some of our third-party processors are located outside the European Economic Area (EEA). We ensure that any transfer of personal data to countries outside the EEA is protected by appropriate safeguards:

EU-US Data Privacy Framework: Processors certified under the EU-US Data Privacy Framework provide an adequate level of protection as recognized by the European Commission.
Standard Contractual Clauses (SCCs): Where the Data Privacy Framework does not apply, we rely on European Commission-approved Standard Contractual Clauses to safeguard your data.

8. Cookies

Cookies are small text files stored on your device. We use the following categories:

Essential Cookies (no consent required)

These cookies are strictly necessary for the website to function. They cannot be disabled.

Cookie	Purpose	Duration
kinde_*	Authentication session (Kinde Auth)	Session / 30 days
mockupgen-cookie-consent	Stores your cookie consent preference	Persistent (localStorage)

Analytics Cookies (consent required)

These cookies are only set after you grant consent through our cookie banner. They help us understand how visitors interact with the site.

Cookie	Purpose	Duration
_ga	Google Analytics — distinguishes users	2 years
_ga_*	Google Analytics — maintains session state	2 years
_gid	Google Analytics — distinguishes users	24 hours

You can withdraw your cookie consent at any time by clicking "Cookie Settings" in the footer of any page. This will reset your preference and re-display the consent banner.

9. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights regarding your personal data:

Right of access — Request a copy of all personal data we hold about you.
Right to rectification — Request correction of inaccurate or incomplete data.
Right to erasure — Request deletion of your personal data and account.
Right to data portability — Request an export of your data in a structured, machine-readable format (JSON).
Right to object — Object to processing based on legitimate interest.
Right to restrict processing — Request that we limit processing of your data in certain circumstances.
Right to withdraw consent — Withdraw consent for analytics cookies at any time via the "Cookie Settings" link in the footer, without affecting the lawfulness of processing before withdrawal.

10. Data Export & Deletion

You can exercise your data rights directly through your account:

Export My Data: Navigate to Settings → Export My Data to download a JSON file containing all your personal data, projects, and generation history.
Delete All Data: Navigate to Settings → Delete All Data to permanently erase your account and all associated data. This action is irreversible.

Alternatively, reach out through our contact form and we will respond within 30 days.

11. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information we collect, use, and disclose.
Right to delete your personal information.
Right to opt out of the sale of personal information. We do not sell your personal data. We do not share your data with third parties for their own marketing purposes.
Right to non-discrimination for exercising your privacy rights.

To exercise these rights, use the data export/deletion tools in your account settings or reach out through our contact form.

12. Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

Encryption in transit (TLS/HTTPS) for all connections.
Encryption at rest for stored files in Cloudflare R2.
Secure authentication via Kinde with no direct password storage.
Access controls and least-privilege principles.
Regular review of third-party processor security practices.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

13. Children's Privacy

MockupGen AI is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the updated policy on this page with a new "Last updated" date.
Sending an email notification for material changes that affect how we process your data.

Your continued use of the service after changes take effect constitutes acceptance of the updated policy. If a change requires renewed consent (e.g., new categories of data processing), we will seek your consent separately.

15. Supervisory Authority

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. For Poland, the relevant authority is:

Urz&aogon;d Ochrony Danych Osobowych (UODO)
uodo.gov.pl

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, reach out through our contact form.

We aim to respond to all data protection requests within 30 days.