MockDefense

MockDefense

Privacy Policy

Effective June 1, 2026

This policy explains what MockDefense collects, why, who we share it with, and the choices you have. In short: we collect only what we need to run the service, we do not sell your personal information, and we do not use your sessions or anything you write to train AI models.

This Privacy Policy describes how Flow Studio LLC (“MockDefense,” “we,” “us,” or “our”) collects, uses, and shares information when you use the MockDefense website at mockdefense.org and related services (the “Service”). By using the Service, you agree to the practices described here.

1. Who we are

The Service is operated by Flow Studio LLC, a Illinois limited liability company. If you have any questions about this policy or your information, contact us at support@mockdefense.org.

2. Information we collect

We collect the following categories of information.

Account information. When you create an account, we collect your email address and, if you sign in with Google, your name, profile image, and Google account identifier. If you sign in by email, we generate and send one-time passcodes to verify it.

Practice content. The Service is an AI mock-defense simulator. When you run a session, we store the session transcript — the messages you send and the AI examiner’s responses — along with your selected mode, the scores and written feedback the Service generates, and any study notes or summary of your dissertation that you choose to paste into a session. You decide what to put into a session. Do not paste confidential, embargoed, or third-party material you are not permitted to share.

Payment information. When paid plans are active and you subscribe, payment is processed by Stripe. We do not receive or store your full card number, CVC, or bank details — Stripe does. We store a Stripe customer identifier, your subscription identifier, plan, status, and renewal date so we can manage your access and billing.

Technical and usage information. We automatically collect your IP address, basic device and browser information, and timestamps of your activity. We keep a record of IP addresses associated with your account.

Anti-abuse and referral information. To prevent fraud and abuse of free usage, we track usage counts, IP associations, and internal abuse-review flags. If you use a referral link, we record the referral code and which account referred you.

3. How we use information

We use the information above to:

  • provide, operate, and maintain the Service, including generating AI examiner responses and spoken audio;
  • create and secure your account and authenticate sign-ins;
  • process subscriptions, billing, renewals, and refunds;
  • enforce usage limits and detect, prevent, and investigate fraud, abuse, and security incidents;
  • send you transactional messages (verification codes, billing notices, important service updates) and respond to your support requests;
  • comply with legal obligations and enforce our Terms of Service.

We rely on the following legal bases where required (for example, under the GDPR): performance of our contract with you (to provide the Service and process payments), our legitimate interests (to secure the Service and prevent abuse), your consent (where we ask for it), and compliance with legal obligations.

4. We do not train AI on your content

We do not use your session transcripts, the material you paste in, or any other content you submit to train AI models. We use the enterprise and API tiers of our AI providers, which do not use data submitted through their API to train their foundation models. If this ever changes, we will tell you in advance — not bury it in a policy update.

5. How we share information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only with service providers who process it on our behalf to run the Service, and only as needed for that purpose. These providers (“sub-processors”) are:

ProviderPurposeWhat it handles
Google Cloud / Vertex AIGenerates AI examiner responsesSession content you submit during a session
Google (Sign-in)Optional Google sign-inYour Google account identity
StripePayment processingCard and billing details, billing contact
DeepInfraText-to-speech voicesExaminer response text converted to audio
ResendTransactional email deliveryYour email address and message content
MongoDB AtlasDatabase hostingAccount and session data at rest
VercelApplication hostingRequest and infrastructure data
CloudflareBot and abuse protectionIP address and request signals

We may also disclose information if required by law, subpoena, or legal process; to protect the rights, property, or safety of MockDefense, our users, or the public; or in connection with a merger, acquisition, or sale of assets, in which case we will notify you and any successor will be bound by this policy.

6. Cookies and similar technologies

We use a small number of strictly necessary cookies. These include a session cookie that keeps you signed in and a cookie set by Cloudflare’s bot-protection challenge. These are essential to operate the Service and cannot be turned off through a consent banner without breaking sign-in. We do not currently use advertising or third-party analytics cookies. If we add analytics in the future, we will update this policy and, where required, ask for your consent first.

7. Data retention

We keep your account information for as long as your account is active. We keep individual mock-defense sessions — their transcripts and any study notes or dissertation summary you paste in — so you can return to them, but we automatically delete any session you have not used for 18 months. We retain billing records for as long as required for tax, accounting, and legal purposes. We retain limited IP and anti-abuse data only as long as needed to prevent fraud and abuse, generally no more than 24 months. When you ask us to delete your account, we delete or anonymize your personal information within a reasonable period, except where we are required or permitted by law to retain it (for example, financial records).

8. Your rights and choices

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate information.
  • Deletion — ask us to delete your account and personal information.
  • Portability — request your information in a portable format.
  • Opt out — we do not sell or “share” personal information, so there is nothing to opt out of, but you may still tell us your preference.
  • Objection / restriction — where the GDPR applies, object to or restrict certain processing.

To exercise any of these rights, email support@mockdefense.org from the address on your account. We will verify your request and respond within the time required by applicable law. You will not be discriminated against for exercising your rights. If you are in the EU/EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

California residents (CCPA/CPRA). In the past 12 months we have collected the categories of information described in Section 2 for the purposes in Section 3. We have not sold or shared personal information as those terms are defined under California law. To the extent the content you submit (such as session transcripts or dissertation notes) is considered sensitive personal information, we use it only to provide the Service you requested and do not use or disclose it to infer characteristics about you; you may still ask us to limit its use. You have the rights described above, and you may designate an authorized agent to make a request on your behalf.

9. Children’s privacy

The Service is intended for doctoral candidates and other adults. It is not directed to children, and you must be at least 18 years old to use it. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

10. International users and data transfers

We operate the Service from the United States, and our providers process and store information in the United States and other countries. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. Where required, we rely on appropriate safeguards (such as the Standard Contractual Clauses) for international transfers.

11. Security

We protect your information using encryption in transit, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your account credentials and email account secure. If we become aware of a data breach that affects your personal information, we will notify you and the relevant authorities where required by law and without undue delay.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective” date above and post the revised policy on this page, and may also notify you through the Service. Your continued use of the Service after an update means you accept the revised policy.

13. Contact us

Questions, requests, or complaints about this policy or your information:

Flow Studio LLC 1 E Erie St, Suite 525-2938, Chicago, IL 60611 Email: support@mockdefense.org