Privacy Policy

Last updated: July 2026

1. Introduction

SudoMock ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mockup rendering service.

Our service is operated by SudoMock, located at 1209 MOUNTAIN ROAD PL NE, STE N, ALBUQUERQUE, NM 87110, USA. We are committed to GDPR and CCPA compliance.

2. Information We Collect

2.1 Information You Provide

  • Account information (email address, password hash)
  • Payment information (processed securely through Stripe - we never store card details)
  • API usage data and preferences
  • PSD files and design assets you upload (processed only for rendering)
  • Communication data when you contact support

2.2 Automatically Collected Information

  • Usage analytics and performance metrics
  • Device information and IP addresses (for security and fraud prevention)
  • Cookies and similar tracking technologies (see Cookie Policy)
  • API request logs (for debugging and optimization)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our rendering service
  • Process transactions and manage subscriptions
  • Send you technical notices, updates, and support messages
  • Respond to your comments and questions
  • Monitor and analyze usage patterns for optimization
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations

4. Data Processing & Storage

PSD Files & Rendered Outputs: Your uploaded PSD files are stored securely for as long as the associated mockups exist in your account. Rendered mockups are stored temporarily for delivery; renders attached to orders and renders served through custom domains are retained for as long as they are needed. We do not claim ownership or rights to your content.

Data Location: Our servers are located in the United States. By using our service, you consent to data processing in the US.

5. Third-Party Services

We use the following third-party services that may process your information:

  • Supabase: Authentication and database services (GDPR compliant)
  • Stripe: Payment processing (PCI DSS compliant)
  • Google Analytics: Usage analytics (can be disabled via cookie settings)
  • Cloudflare: CDN and security services
  • Shopify: E-commerce platform integration (see Section 5.1 below)

5.1 Shopify Integration

If you use our Shopify app ("SudoMock - Product Customizer"), the following additional data practices apply:

Data We Access Through Shopify APIs

Our app requests the following Shopify API scopes:

  • read_products: To display your product catalog so you can map products to mockup designs
  • write_products: To store mockup configuration on products via Shopify metafields (namespace: sudomock)
  • read_themes: To check theme compatibility when embedding the customizer button

We do not request access to customer personal data, orders, customer accounts, or any protected customer data fields (name, email, phone, address).

Data Collected from Merchants

  • Shop domain (e.g., your-store.myshopify.com) for identifying your connection
  • Connection to your existing SudoMock account via OAuth (we store the link, not Shopify credentials)
  • Customizer configuration preferences (colors, feature toggles, display mode)

Data Collected from Your Customers (Buyers)

When your customers use the product customizer on your storefront:

  • Artwork uploads (while designing): Images uploaded during the design session are processed in memory to generate previews and are not stored.
  • Artwork uploads (order fulfillment): When a customer adds a customized product to the cart, the uploaded design file(s) and the final preview image are stored securely and attached to the order as URLs, so you can produce the item. These files are retained for fulfillment and deleted upon your request or a data-redaction request.
  • No cookies or tracking: Our storefront theme extension does not set cookies, use local storage, or employ any tracking technologies on your customers' devices.
  • No other personal data: Beyond the artwork itself, we do not collect names, emails, addresses, or any other personally identifiable information from your customers.
  • Rendered outputs: Preview renders generated while designing are stored temporarily (up to 7 days) on our CDN, then automatically deleted. The final preview attached to an order is retained for fulfillment as described above.

GDPR Compliance Webhooks

Our app implements all mandatory Shopify GDPR webhooks: customers/data_request, customers/redact, and shop/redact. Customer artwork stored for order fulfillment is treated as customer data: redaction requests result in deletion of the stored artwork and preview files associated with the redacted customer or shop.

App Uninstallation

When you uninstall the SudoMock app from your Shopify store, we automatically disconnect and deactivate the store connection in our system. Metafields set on your products remain in Shopify (you can remove them via the Shopify admin). Your SudoMock account and credits are not affected by uninstallation.

6. Your Rights (GDPR & CCPA)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Request transfer of your data in a structured format
  • Objection: Object to processing of your data
  • Opt-out: Opt-out of sale of personal information (CCPA - note: we do not sell data)

To exercise these rights, please contact us at [email protected]. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS 1.3) and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Secure API key management

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account data: Until account deletion + 30 days
  • PSD files: Stored while the associated mockup exists in your account (free plans are subject to inactivity cleanup with advance notice)
  • Rendered outputs: Preview renders are automatically deleted after 7 days; renders attached to orders and custom-domain renders are retained until deletion is requested
  • Order fulfillment artwork: Customer design files attached to orders are retained for fulfillment, and deleted upon merchant request or data-redaction request
  • Usage logs: 90 days
  • Billing records: 7 years (legal requirement)

9. Cookies

We use cookies to enhance your experience. Our cookies include:

  • Essential: Required for the website to function (authentication, security)
  • Functional: Enable features like live chat support
  • Analytics: Help us understand usage patterns (requires consent)
  • Marketing: Measure advertising effectiveness (requires consent)

You can manage your cookie preferences at any time. For details, see our Cookie Policy.

10. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email.

12. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us:

Email: [email protected]
Support: [email protected]
Address: 1209 MOUNTAIN ROAD PL NE, STE N, ALBUQUERQUE, NM 87110, USA