GDPR Compliance

Your data protection rights and how we comply with the General Data Protection Regulation (GDPR).

Last updated: 6 December 2025

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives you control over your personal data. It applies to all organizations that process personal data of EU residents, including UK residents.

As a UK-based service, we comply with UK GDPR (which mirrors EU GDPR) and the Data Protection Act 2018, ensuring your personal data is handled with the highest standards of protection and transparency.

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of all personal data we hold about you, including how it's being used and who it's shared with.

Right to Rectification

You can ask us to correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You can request that we delete your personal data in certain circumstances, such as when it's no longer necessary for the original purpose.

Right to Data Portability

You can request a copy of your data in a structured, machine-readable format to transfer to another service.

How We Process Your Data

We process your personal data in accordance with UK GDPR principles. Here's how we handle different types of data:

Account Information

What we collect:
  • Email address
  • Name (if provided)
  • Account preferences
  • Usage statistics
Legal basis:

Contract performance and legitimate interests

Retention period:

Until account deletion + 30 days

Mockup Generation Data

What we collect:
  • Uploaded artwork files
  • Template selection data
  • Generation parameters
  • Generated mockup files
Legal basis:

Contract performance

Retention period:

48 hours maximum (automatic deletion)

Analytics Data

What we collect:
  • Page views and navigation
  • Feature usage patterns
  • Error reports
  • Performance metrics
Legal basis:

Consent (can be withdrawn)

Retention period:

Up to 2 years (anonymized)

Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Encryption

All data is encrypted in transit and at rest using industry-standard protocols.

Access Controls

Strict access controls ensure only authorized personnel can access your data.

Regular Audits

We regularly audit our security measures and update them as needed.

Secure Infrastructure

We use secure cloud infrastructure with built-in security features.

Data Minimization

We only collect and process data that is necessary for our service.

Staff Training

Our team is trained on data protection best practices and GDPR compliance.

Data Retention

We only keep your personal data for as long as necessary to fulfill the purposes for which it was collected. Here's our retention schedule:

Retention Schedule

Account dataUntil deletion + 30 days
Generated mockups48 hours maximum
Analytics dataUp to 2 years (anonymized)
Support communications3 years
Legal compliance data7 years

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Provide clear information about the nature of the breach and steps being taken
  • Offer guidance on protective measures you can take

Exercising Your Rights

To exercise any of your data protection rights, please contact us using the information below. We will respond to your request within one month of receipt.

How to Make a Request

Email us:

support@mockupkit.app

Include in your request:
  • Your full name and email address
  • Specific right you wish to exercise
  • Any relevant details to help us locate your data

Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for data protection.

Information Commissioner's Office

Website: ico.org.uk

Phone: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated information on our website.

Contact Us

If you have any questions about our GDPR compliance or data protection practices, please contact us:

Email

support@mockupkit.app

Service Provider

MockupKit