Privacy Policy

Last updated: March 2026

1. Introduction

SudoMock ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mockup rendering service.

Our service is operated by SudoMock, located at 1209 MOUNTAIN ROAD PL NE, STE N, ALBUQUERQUE, NM 87110, USA. We are committed to GDPR and CCPA compliance.

2. Information We Collect

2.1 Information You Provide

  • Account information (email address, password hash)
  • Payment information (processed securely through Stripe - we never store card details)
  • API usage data and preferences
  • PSD files and design assets you upload (processed only for rendering)
  • Communication data when you contact support

2.2 Automatically Collected Information

  • Usage analytics and performance metrics
  • Device information and IP addresses (for security and fraud prevention)
  • Cookies and similar tracking technologies (see Cookie Policy)
  • API request logs (for debugging and optimization)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our rendering service
  • Process transactions and manage subscriptions
  • Send you technical notices, updates, and support messages
  • Respond to your comments and questions
  • Monitor and analyze usage patterns for optimization
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations

4. Data Processing & Storage

PSD Files & Rendered Outputs: Your uploaded PSD files and rendered mockups are processed in memory and stored temporarily on secure servers. We do not claim ownership or rights to your content.

Data Location: Our servers are located in the United States. By using our service, you consent to data processing in the US.

5. Third-Party Services

We use the following third-party services that may process your information:

  • Supabase: Authentication and database services (GDPR compliant)
  • Stripe: Payment processing (PCI DSS compliant)
  • Google Analytics: Usage analytics (can be disabled via cookie settings)
  • Cloudflare: CDN and security services
  • Shopify: E-commerce platform integration (see Section 5.1 below)

5.1 Shopify Integration

If you use our Shopify app ("SudoMock - Product Customizer"), the following additional data practices apply:

Data We Access Through Shopify APIs

Our app requests the following Shopify API scopes:

  • read_products: To display your product catalog so you can map products to mockup designs
  • write_products: To store mockup configuration on products via Shopify metafields (namespace: sudomock)

We do not request access to customer personal data, orders, customer accounts, or any protected customer data fields (name, email, phone, address).

Data Collected from Merchants

  • Shop domain (e.g., your-store.myshopify.com) for identifying your connection
  • Connection to your existing SudoMock account via OAuth (we store the link, not Shopify credentials)
  • Customizer configuration preferences (colors, feature toggles, display mode)

Data Collected from Your Customers (Buyers)

When your customers use the product customizer on your storefront:

  • Artwork uploads: Customer-uploaded images are processed in-memory for rendering and are not stored on our servers. Images are sent as base64 data directly in the render request, processed, and discarded.
  • No cookies or tracking: Our storefront theme extension does not set cookies, use local storage, or employ any tracking technologies on your customers' devices.
  • No personal data: We do not collect, process, or store any personally identifiable information from your customers.
  • Rendered outputs: Mockup render results are stored temporarily (24-72 hours) on our CDN for delivery, then automatically deleted.

GDPR Compliance Webhooks

Our app implements all mandatory Shopify GDPR webhooks: customers/data_request, customers/redact, and shop/redact. Since we do not store customer personal data, data request and redaction webhooks acknowledge receipt and confirm no customer data is held.

App Uninstallation

When you uninstall the SudoMock app from your Shopify store, we automatically disconnect and deactivate the store connection in our system. Metafields set on your products remain in Shopify (you can remove them via the Shopify admin). Your SudoMock account and credits are not affected by uninstallation.

6. Your Rights (GDPR & CCPA)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Request transfer of your data in a structured format
  • Objection: Object to processing of your data
  • Opt-out: Opt-out of sale of personal information (CCPA - note: we do not sell data)

To exercise these rights, please contact us at [email protected]. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS 1.3) and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Secure API key management

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account data: Until account deletion + 30 days
  • PSD files: Deleted after processing (not stored long-term)
  • Rendered outputs: Stored for 24-72 hours for delivery, then deleted
  • Usage logs: 90 days
  • Billing records: 7 years (legal requirement)

9. Cookies

We use cookies to enhance your experience. Our cookies include:

  • Essential: Required for the website to function (authentication, security)
  • Functional: Enable features like live chat support
  • Analytics: Help us understand usage patterns (requires consent)
  • Marketing: Measure advertising effectiveness (requires consent)

You can manage your cookie preferences at any time. For details, see our Cookie Policy.

10. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email.

12. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us:

Email: [email protected]
Support: [email protected]
Address: 1209 MOUNTAIN ROAD PL NE, STE N, ALBUQUERQUE, NM 87110, USA