Privacy Policy
Last updated: 2026-05-23
This policy describes how madmocks (operated by Johan Leandersson) collects, uses, and shares personal information when you use madmocks.com.
1. What we collect
- Account data: email address, password hash (or Google OAuth identifier), display name and avatar URL when you sign up via Google.
- Usage data: the parameters of each mockup render you submit (city, time of day, weather, season, format, free-text spot description), credit transactions, and the technical metadata of each render request (timestamps, status).
- Uploaded layouts: the images you upload as layouts. These are transmitted to fal.ai for processing and are not retained by us beyond the in-flight render.
- Generated mockups: the rendered output URLs from fal.ai. These are hosted by fal.ai for approximately 7 days.
- Payment metadata: when you buy credits via Polar, we record the order id, amount, product, and the granted credits. We never see your card details — Polar handles that directly.
- Operational logs: standard server-side request logs from Cloudflare (IP, user agent, request path) retained for short periods for abuse prevention and debugging.
2. How we use it
- To operate the service: authenticate you, run your renders, track your credit balance, deliver mockups.
- To process payments and prevent abuse.
- To send transactional emails (account verification, billing receipts via Polar, support replies).
- To improve madmocks (in aggregate; we do not train AI models on your uploads).
3. Sub-processors
We use the following third-party providers to deliver madmocks. Each is bound by their own privacy practices and data-processing agreements:
- Supabase — authentication, database, realtime. Data stored in their managed Postgres instance.
- fal.ai — image generation (GPT Image 2). Receives your uploaded layouts and stores rendered outputs for ~7 days.
- Polar.sh — billing and payment processing.
- Cloudflare — web hosting, DNS, CDN, email forwarding.
- Google — optional OAuth identity provider; only data we receive is what you authorize during the sign-in flow (email, name, profile picture).
- OpenAI — the underlying image model GPT Image 2 is operated by OpenAI via fal.ai; OpenAI does not have direct access to your account.
4. What we don't do
- We don't sell your data.
- We don't run ad-tracking pixels or third-party analytics on this site.
- We don't train AI models on your uploads.
5. Cookies
We use a small number of strictly-necessary cookies set by Supabase to maintain your authenticated session. We do not use marketing or analytics cookies. Because all cookies we set are essential, no consent banner is required under GDPR/ePrivacy.
6. Your rights
If you're in the EU/UK/California or another jurisdiction with similar laws, you have the right to access, correct, export, restrict, or delete your personal information. Email hello@madmocks.com from the address associated with your account and we will respond within 30 days.
7. Retention
- Account data is retained while your account is active; deleted within 30 days of account deletion.
- Render parameters are retained while your account is active so you can find past mockups in your library.
- Uploaded layouts are transmitted to fal.ai and not stored by us long-term.
- Generated mockup URLs expire automatically after ~7 days (managed by fal.ai).
- Payment records are retained for the duration legally required for accounting (typically 7 years).
8. Security
We use industry-standard encryption (HTTPS in transit, encrypted at rest via Supabase). Service-role database credentials are stored only as Cloudflare secrets. Sub-processors are responsible for their own infrastructure security.
9. Children
madmocks is not intended for children under 18 and we do not knowingly collect data from them. If you believe a minor has created an account, contact us and we will delete it.
10. Changes
If this policy materially changes we'll notify account holders by email. The "Last updated" date at the top reflects the most recent change.