Privacy Policy

1.1 Account Information

When you register for MockSentry, we collect your name, email address, and (if you sign in via Google OAuth) your Google profile picture. If you sign up with email and password, your password is stored as a one-way bcrypt hash — we cannot read or recover it.

1.2 Onboarding Data

During onboarding we ask for your college name, year of study, target companies, and placement month. This information is used solely to personalise your interview sessions and is never sold or shared with third parties.

1.3 Interview Session Data

We store every answer you submit, every AI-generated evaluation (scores across 6 dimensions), your session history, and any follow-up answers. This data is the core of our Weak Spot RAG system — without it the platform cannot adapt to your specific gaps.

1.4 Resume Data

If you use the Resume-Based Interview feature, you may upload a PDF résumé. The file is parsed by Google Gemini AI and the extracted text (skills, projects, internships, certifications) is stored in our database as structured data. The raw PDF is not retained after parsing.

1.5 Payment Data

Payments are processed by Razorpay. MockSentry does not store your card number, CVV, or full payment credentials. We only store the Razorpay payment ID, order ID, and subscription status for customer support and access control purposes.

1.6 Usage & Analytics

We collect anonymised usage analytics via Vercel Analytics (page views, session duration). This data is aggregated and cannot be traced back to an individual user.

1.7 Error Tracking

We use Sentry for error monitoring. Sentry may capture stack traces and breadcrumbs when an error occurs. We configure Sentry to strip all personally identifiable information (PII) before transmission using the `beforeSend` hook.

2.1 Core Product Functionality

Your answers, scores, and session history are processed to: (a) generate your Weak Spot profile, (b) inject RAG context into future sessions so the AI targets your specific gaps, (c) generate your daily AI-targeted session, and (d) produce your Readiness Card and debrief reports.

2.2 Email Communications

We send transactional emails — session completion summaries and weekly progress reports — via Gmail SMTP to the email address you registered with. These emails are a core product feature and are not marketing emails. You may request to opt out by emailing anuragkr8651@gmail.com.

2.3 Product Improvement

Aggregated, anonymised data (e.g., which question topics get the lowest scores across all users) helps us improve question quality and the evaluation prompts. We never share individual user data for this purpose.

2.4 Customer Support

When you contact us, we use your account data only to resolve your support request.

3.1 Where Your Data Lives

All user data is stored in a PostgreSQL database hosted on Supabase (servers located in the United States). Session cache and background job data is stored in Redis hosted on Upstash. Both services are SOC 2 compliant.

3.2 Vector Embeddings

Your answers are converted into 1536-dimensional vector embeddings by Google Gemini and stored in the same PostgreSQL database using the pgvector extension. These embeddings are mathematical representations of meaning — they cannot be reverse-engineered into readable text.

3.3 Security Measures

We use HTTPS (TLS 1.2+) for all data in transit. Passwords are hashed using bcrypt with a salt rounds factor of 12. Database credentials are stored as environment variables and are never committed to source control. Database connections use connection pooling with restricted network access.

3.4 Data Retention

Your account data and session history are retained for as long as your account is active. If you delete your account, all associated data — including answers, evaluations, embeddings, and weak spot records — is permanently deleted within 30 days.

Services We Use

MockSentry integrates with the following third-party services: Google (OAuth authentication and Gemini AI API), Razorpay (payment processing), Supabase (database hosting), Upstash (Redis hosting), Vercel (application hosting and analytics), Sentry (error monitoring), and Crisp (in-app support chat). Each service has its own privacy policy. We do not share your data with any other third parties.

Google Gemini AI

Your interview answers are sent to the Google Gemini API for evaluation. Google's data usage policies for API calls apply. As of our last review, Google does not use API input/output data to train its models by default. Please refer to Google's API Data Usage Policy for the most current information.

Access & Portability

You may request a copy of all personal data we hold about you. Email anuragkr8651@gmail.com with the subject 'Data Export Request' and we will send you a JSON export within 7 business days.

Correction

You can update your name, college, and target company information directly in the Profile settings page. For email address changes, contact support.

Deletion

You can request full account deletion by emailing anuragkr8651@gmail.com with the subject 'Account Deletion Request'. All your data will be permanently deleted within 30 days.

Grievances (Indian Users)

In accordance with the Information Technology Act, 2000 and rules made thereunder, the Grievance Officer for MockSentry can be contacted at anuragkr8651@gmail.com. We will acknowledge your complaint within 24 hours and resolve it within 15 business days.

Session Cookies

NextAuth.js sets an encrypted session cookie (`next-auth.session-token`) to keep you logged in. This cookie is HTTP-only, Secure, and SameSite=Lax. It expires after 30 days of inactivity.

Local Storage

The browser's localStorage is used to: (a) remember if you have dismissed the PWA install banner, and (b) auto-save answer drafts while you are typing so that a page refresh does not lose your work.

No Advertising Cookies

MockSentry does not use any advertising, tracking, or third-party analytics cookies.

MockSentry is intended for users who are at least 16 years of age (typically 3rd and final-year engineering students). We do not knowingly collect personal data from anyone under 16. If you believe a minor has created an account, please contact us at anuragkr8651@gmail.com and we will delete the account promptly.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (to the address registered on your account) and update the "Last updated" date at the top of this page. Continued use of MockSentry after the updated policy takes effect constitutes acceptance of the new terms.