Privacy Policy

This Privacy Policy describes how MockupFlow AI ("we", "us", "our") handles information when you use our desktop application and website.

1. Overview

MockupFlow AI is a local desktop application. It runs entirely on your machine. We are committed to minimal data collection. The core application does not require an internet connection to function, except when communicating with third-party APIs that you configure yourself (AI providers, e-commerce platforms).

2. Local-First Architecture

All processing happens on your computer:

• AI-generated designs are created via API calls directly from your machine to the AI provider (e.g., Replicate, OpenRouter). We do not proxy these requests.
• Mockup rendering is performed locally via Adobe Photoshop's scripting engine.
• Database storage uses a local SQLite file on your filesystem.
• Marketplace API connections (Etsy, Shopify, Printify, Gelato) are made directly from your machine using your own API credentials.
• Voice transcription (Faster-Whisper) runs entirely on your local CPU when using the local engine.
• PDF generation and image processing are performed locally.

3. Data We Collect

3.1. License Validation

To validate your software license, we collect:

• License key — the key you purchased
• Hardware fingerprint — a SHA-256 hash derived from your machine's MAC address, hostname, OS, and CPU identifier. This is used solely to enforce device limits per your license tier.

This data is sent to our licensing server (Supabase) and is the only data that leaves your machine to our servers.

3.2. Waitlist / Contact Forms

If you submit your email via our website waitlist form, we collect your email address via Web3Forms. This is used solely to notify you about product availability. You can unsubscribe at any time.

3.3. Backblaze B2 Storage

When you use the bundle distribution feature, product asset bundles are temporarily uploaded to Backblaze B2 cloud storage with a 36-hour automatic lifecycle deletion. Files are deleted automatically after 36 hours. You may optionally connect your own Backblaze bucket for custom retention.

4. Data We Do NOT Collect

We do not collect, transmit, or store:

• Your designs or generated artwork
• Your product listings, titles, or descriptions
• Your shop data, sales data, or customer information
• Your API keys or marketplace credentials
• Your research data or niche analysis results
• Usage analytics or telemetry from the desktop application
• Browsing history or keystrokes
• Voice recordings or audio data

5. Voice & Audio Data

5.1. Microphone Access

The AI Assistant's voice input feature requests access to your device's microphone via the web browser. Microphone access is optional and can be denied without affecting other functionality.

5.2. Voice Transcription Processing

When you use voice input, audio is processed according to the engine you select:

• Web Speech API (Browser) — Audio is processed by your browser's built-in speech recognition. Data handling is governed by your browser vendor's privacy policy (e.g., Google Chrome, Safari).
• Faster-Whisper (Local) — Audio is processed entirely on your device. No audio data leaves your machine. The Whisper model runs on your local CPU.
• Groq API (Cloud) — Audio is sent directly from your machine to Groq using your own API key. We do not proxy, intercept, or store this audio. Groq's privacy policy applies.

5.3. Text-to-Speech

The voice reply feature uses gTTS (Google Text-to-Speech), an open-source library. When voice replies are enabled, the text of the AI Assistant's response is sent to Google's TTS service to generate audio. No personal information, API keys, or metadata is transmitted — only the text content. The generated audio file is stored temporarily on your device and deleted after playback.

5.4. Audio Data Retention

Audio recordings and generated speech files are stored as temporary files on your local machine and are deleted immediately after processing or playback. We never retain, transmit, or store audio data on our servers.

6. Third-Party Services

MockupFlow integrates with third-party services that have their own privacy policies. When you use these integrations, data flows directly between your machine and the third-party service:

• Etsy (Open API v3, OAuth2) — Etsy Privacy Policy
• Shopify (Admin GraphQL API) — Shopify Privacy Policy
• Printify (REST API) — Printify Privacy Policy
• Gelato (API v5) — Gelato Privacy Policy
• OpenAI (GPT API) — OpenAI Privacy Policy
• Replicate (AI Generation) — Replicate Privacy Policy
• OpenRouter (AI Routing) — OpenRouter Privacy Policy
• Groq (Whisper STT API) — Groq Privacy Policy
• Google gTTS (Text-to-Speech) — Google Privacy Policy
• Google Trends (via pytrends) — Google Privacy Policy
• Backblaze B2 (Cloud Storage) — Backblaze Privacy Policy
• Supabase (License Validation) — Supabase Privacy Policy

7. API Keys & Credentials

All API keys and OAuth tokens are:

• Stored locally in your SQLite database
• Encrypted at rest using Fernet symmetric encryption (AES-128-CBC)
• Never transmitted to MockupFlow servers

You are responsible for the security of your own API keys. We recommend keeping your .env file and database backups secure.

8. Cookies & Analytics

Our website (mockupflow.ai) may use basic analytics cookies to understand traffic patterns. The desktop application does not use cookies, tracking pixels, or any form of telemetry.

9. GDPR & Your Rights (EU)

As a company based in the European Union (Croatia), we comply with the General Data Protection Regulation (GDPR).

9.1. Legal Basis for Processing

• Contract performance — License key validation and hardware fingerprinting (necessary to deliver the Software you purchased)
• Legitimate interest — Security monitoring and license fraud prevention
• Consent — Email marketing communications (waitlist, product updates). You can withdraw consent at any time.

9.2. Your Data Rights

Under GDPR, you have the right to:

• Access — Request a copy of all personal data we hold about you
• Rectification — Correct any inaccurate personal data
• Erasure — Request deletion of your personal data ("right to be forgotten"). We will delete your license activation records, hardware fingerprints, and email from our systems within 30 days of request.
• Portability — Receive your data in a structured, machine-readable format (JSON)
• Object — Object to processing of your personal data for marketing purposes
• Restrict — Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at info@mockupflow.ai. We will respond within 30 days as required by GDPR.

9.3. International Data Transfers

License validation data is stored on Supabase servers. When you use third-party AI or e-commerce APIs, data flows directly from your machine to those providers. We do not control or process this data. Refer to each provider's privacy policy for their data transfer practices.

10. Data Retention

• License records — Retained for the duration of your license plus 12 months after expiration
• Hardware fingerprints — Retained only while your license is active; deleted upon deactivation or erasure request
• Email addresses (waitlist) — Retained until you unsubscribe or request deletion
• Backblaze uploads — Auto-deleted after 36 hours
• Audio/voice data — Temporary files deleted immediately after processing; never stored on our servers

11. Children's Privacy

MockupFlow AI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have it deleted.

12. Open-Source Licensing

MockupFlow AI uses open-source libraries under permissive licenses (MIT, BSD, Apache 2.0). These libraries do not collect personal data independently. All open-source components used in this Software are commercially licensed and permit redistribution. A full list of third-party components is available in the Software's documentation.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For significant changes that affect your data rights, we will provide notice via email (if you are a registered user) or via a notification in the Software. Continued use of the Software after changes constitutes acceptance of the updated policy.

14. Contact & Data Protection

If you have questions about this Privacy Policy, want to exercise your data rights, or wish to file a complaint, contact us at:

Email: info@mockupflow.ai
Company: MockupFlow AI
Location: Croatia, European Union

If you are unsatisfied with our response, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) or your local EU supervisory authority.

Last updated: February 8, 2026