MockRound

Privacy Policy

This policy explains how MockRound collects, uses, shares, and protects your personal information when you use our platform.

Last updated: April 28, 2026

MockRound logo

The Short Version (TL;DR)

We know legal texts are long. Here is a summary, though the full text below is what legally binds us.

  • We collect only what we need to run simulations and improve your experience.
  • We do not sell your data to third parties, ever.
  • Your data is stored in the United States (Central US region).
  • You can delete your account and data at any time in your account settings or by contacting us.
  • GDPR and CCPA rights apply — you can access, correct, or erase your personal data on request.

1. Who We Are

MockRound (**"we", **"us", or "our") is the operator of this Service.

We are the data controller for personal data processed through the Service. For privacy-related enquiries, contact us at:

Email: legal@mockround.ai

2. Data We Collect

2.1 Account Data

When you register or sign in via a third-party authentication provider (Google, Microsoft, GitHub, Facebook, Discord, or X/Twitter), we receive:

  • Your name
  • Your email address
  • Your profile picture URL (hosted by the provider)
  • A unique identifier issued by the provider

We do not receive your password from any provider.

2.2 Interview and Simulation Data

When you run a mock interview session, we collect and store:

  • Job details you provide: job title, company name, company domain, and job description
  • Your focus skills and interview settings (duration, strictness, interview type)
  • Simulation transcripts — the text of questions asked by the AI and your spoken or typed responses (your audio is transcribed in real-time by a third-party speech service; the audio itself is not permanently stored)
  • CV / résumé content — if you upload a document, we store the parsed text and the original file (in Central US)
  • AI-generated analysis reports — scores and written feedback generated after a session
  • Session metadata — start time, completion time, elapsed duration, and session status

2.3 Payment Data

Billing is handled by Stripe, Inc. We store your Stripe customer ID and subscription record (plan, status, period dates) so we can apply the correct session limits to your account. We do not store your credit card number, CVV, or bank account details — these remain with Stripe under PCI-DSS controls.

2.4 Usage and Technical Data

We may collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages and features accessed within the Service, and the times of those actions
  • Error logs and crash reports

This data is used for security, fraud prevention, and improving service reliability.

2.5 Notifications

If you have opted in to notifications, we store a record of notifications sent to your account (content, timestamp, read status).

2.6 Data We Do Not Collect

  • Raw audio files. Voice is processed in real-time and converted to text. We do not retain audio recordings beyond the active session.
  • Biometric data.
  • Sensitive special-category data (health, religion, political views, etc.). Please do not include such information in your CV or job descriptions.

3. How We Collect Data

  • Directly from you when you register, configure a simulation, or upload a CV.
  • From third-party authentication providers when you sign in via OAuth.
  • Automatically through your use of the Service (usage logs, IP addresses).
  • From Stripe in relation to billing events (subscription creation, renewal, cancellation).

Where the UK GDPR or EU GDPR applies, we rely on the following legal bases:

PurposeLegal Basis
Creating and managing your accountPerformance of a contract (Article 6(1)(b))
Running interview simulations and storing resultsPerformance of a contract (Article 6(1)(b))
Processing payments and managing subscriptionsPerformance of a contract (Article 6(1)(b))
Sending transactional emails (e.g. billing receipts)Performance of a contract (Article 6(1)(b))
Fraud prevention and platform securityLegitimate interests (Article 6(1)(f))
Analysing usage patterns to improve the ServiceLegitimate interests (Article 6(1)(f))
Complying with legal and regulatory obligationsLegal obligation (Article 6(1)(c))

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We share data only as described below.

5.1 Microsoft Azure

Our primary cloud infrastructure provider. Microsoft Azure hosts our databases, file storage, AI processing, and email delivery services, all operating in the Central US region. This covers storage of your account data, simulation transcripts, uploaded files, and the AI services that power interview question generation, speech processing, and document parsing.

Microsoft acts as a data processor on our behalf and is bound by contractual data processing terms and Microsoft's Privacy Statement.

5.2 Stripe

Your payment method and billing details are processed and stored by Stripe, Inc. Stripe acts as a data processor for payment-related data and is subject to Stripe's Privacy Policy and PCI-DSS compliance obligations. Stripe may transfer data internationally in accordance with applicable safeguards.

5.3 Authentication Providers

When you sign in via Google, Microsoft, GitHub, Facebook, Discord, or X/Twitter, your browser communicates directly with that provider's servers. We receive only the account data described in Section 2.1. Each provider's own privacy policy governs the data they hold about you.

We may disclose personal data if required to do so by law, court order, or regulatory authority, or if we believe disclosure is necessary to: (a) protect the rights, property, or safety of MockRound, our users, or the public; or (b) detect, prevent, or address fraud or security issues.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our business, personal data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.

6. International Data Transfers

MockRound is operated from the United Kingdom. Your data is stored and processed in the United States (Azure Central US region).

We ensure appropriate safeguards are in place for such transfers, including reliance on the UK International Data Transfer Agreement (UK IDTA) or UK Addendum to the EU Standard Contractual Clauses where applicable, and Stripe's and Microsoft's own transfer mechanisms.

7. Data Retention

Data TypeRetention Period
Account and profile dataUntil you delete your account, plus up to 90 days for backups
Simulation transcripts and reportsUntil you delete the session or your account
Uploaded CV filesUntil you delete the file or your account
Payment and subscription records7 years (UK financial record-keeping requirement)
Usage and technical logsUp to 12 months
Notification recordsUp to 12 months after the notification was read or dismissed

After the applicable retention period, data is deleted or anonymised. We may retain anonymised, aggregated data (which cannot identify you) indefinitely for research and service improvement.

8. Your Rights

8.1 UK and EU GDPR Rights

If you are located in the United Kingdom or European Economic Area, you have the following rights:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — to ask us to delete your personal data, subject to legal retention obligations.
  • Right to restriction — to ask us to limit how we process your data in certain circumstances.
  • Right to data portability — to receive your data in a machine-readable format and transmit it elsewhere.
  • Right to object — to object to processing based on legitimate interests.
  • Right not to be subject to automated decision-making — we do not make solely automated decisions that produce legal or similarly significant effects about you.

To exercise any of these rights, contact us at legal@mockround.ai. We will respond within one month. In complex cases we may extend this by up to two further months and will let you know.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk if you believe we have mishandled your personal data.

8.2 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect about you and how it is used.
  • Delete personal information we hold about you (subject to certain exceptions).
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of your personal information. We do not sell or share personal information for cross-context behavioural advertising.
  • Limit the use of sensitive personal information. We do not use sensitive personal information beyond what is necessary to provide the Service.
  • Non-discrimination — we will not deny you services, charge different prices, or provide a different quality of service if you exercise your CCPA rights.

To submit a CCPA request, contact us at legal@mockround.ai with the subject line "CCPA Request". We will respond within 45 days (extendable by a further 45 days with notice).

9. Cookies and Tracking

9.1 What We Use

We use only strictly necessary session cookies required to operate authentication and maintain your signed-in state. These are set by our authentication system and expire at the end of your browser session or after 30 days (for "remember me" sessions).

9.2 What We Do Not Use

  • We do not use advertising or marketing cookies.
  • We do not use third-party analytics cookies (e.g. Google Analytics, Meta Pixel).
  • We do not use cross-site tracking technologies.

Because we use only strictly necessary cookies, we do not require a cookie consent banner under the UK PECR or EU ePrivacy Directive.

10. Account Security

We implement technical and organisational measures to protect your personal data, including:

  • HTTPS encryption in transit for all Service traffic.
  • Password-equivalent admin credentials stored as salted hashes.
  • Data stored within our cloud provider's ISO 27001, SOC 2, and GDPR-compliant infrastructure.
  • Access to production data limited to authorised personnel only.

No method of electronic transmission or storage is 100% secure. If you believe your account has been compromised, contact us at legal@mockround.ai immediately.

11. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at legal@mockround.ai and we will delete it promptly.

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email or by a prominent in-app notice at least 14 days before the changes take effect.

Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact legal@mockround.ai.

We aim to respond to all privacy enquiries within 10 business days.

Still have questions?

Reach out to our support team and we'll be happy to help.

Contact Us