Compliance

Our approach to data protection and regulatory compliance.

Overview

Mocksy is designed to help you test and develop applications safely by generating mock data. This page explains our approach to compliance and your responsibilities when using the service.

Key principle: Mocksy is not a data processor for real personal data. We generate synthetic test data only. Compliance depends on using Mocksy correctly, for mock data only, not real customer information.

GDPR and UK GDPR

The General Data Protection Regulation (GDPR) and UK GDPR govern how personal data must be handled. Here's how Mocksy relates to these regulations:

Mocksy as a Service Provider

For your Mocksy account data (email, username, organisation name), we act as a data controller. We process this data in accordance with GDPR principles and our Privacy Policy.

Mock Data is Not Personal Data

The mock customers, SKUs, and orders generated by Mocksy are synthetic and do not relate to real individuals. This data is not personal data under GDPR because it:

  • Does not identify real people
  • Is randomly generated using algorithms
  • Cannot be used to identify or contact actual individuals

As long as you use Mocksy correctly (for mock data only), GDPR obligations related to personal data processing do not apply to the generated test data.

Your Responsibilities

To maintain compliance when using Mocksy, you must:

  • Never upload real personal data: Do not import or store actual customer information, payment details, or sensitive personal data in Mocksy
  • Use mock data only: Ensure all data in Mocksy is synthetic and for testing purposes
  • Secure your API keys: Treat API keys as sensitive credentials
  • Control team access: Only invite authorised team members to your organisation
  • Delete data when no longer needed: Remove test data that's no longer required
Important: If you accidentally upload real personal data to Mocksy, delete it immediately and contact us at compliance@mocksyapp.com.

Data Minimisation

We follow data minimisation principles:

  • We only collect account data necessary to operate the service
  • We don't collect unnecessary personal information
  • You control what mock data you generate and can delete it at any time
  • We don't retain data longer than necessary

Data Subject Rights

For your Mocksy account data, you have the right to:

  • Access: View and export your account information
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and data
  • Portability: Export your data in a structured format
  • Object: Object to certain data processing

To exercise these rights, contact us at compliance@mocksyapp.com or use the account management features in the web interface.

Data Location

Mocksy data is stored on servers provided by Railway. These servers may be located in various regions. We use cloud infrastructure that complies with industry standards for data protection.

If you have specific data residency requirements, please contact us to discuss options.

Subprocessors

We use the following third-party services that may process your account data:

  • Railway: Cloud hosting and infrastructure
  • Payment processor: For subscription payments (if applicable)

These subprocessors are chosen for their security and compliance practices.

Data Breaches

In the unlikely event of a data breach affecting your account data:

  • We'll investigate and contain the breach immediately
  • We'll notify affected users within 72 hours
  • We'll report to relevant authorities if required by law
  • We'll take steps to prevent similar incidents

See our Security page for more details on our incident response process.

Industry-Specific Compliance

Mocksy is a general-purpose test data generation tool. We do not currently claim compliance with industry-specific regulations such as:

  • HIPAA (healthcare data in the US)
  • PCI DSS (payment card data)
  • FedRAMP (US government systems)

If you need to comply with these regulations, ensure you only use Mocksy for mock test data, not real regulated data.

Audits and Documentation

We maintain documentation of our data processing activities. If you need compliance documentation for your own audits, please contact us at compliance@mocksyapp.com.

Updates to Compliance Practices

We continuously review and improve our compliance practices. As we grow, we're working towards:

  • Formal data protection impact assessments (DPIAs)
  • Regular compliance audits
  • Enhanced data processing agreements
  • Industry certifications

We'll update this page as our compliance posture evolves.

Questions

If you have questions about compliance or data protection, please contact us at compliance@mocksyapp.com.