Legal
Data Handling
Last updated: 10 June 2026
This is a plain-English document. It will be expanded when the NoteMock app launches.This page describes how we handle your data right now during the pre-launch period, and sets out our clear commitments for the future product. We believe you should know not just what we do today, but what we are committing to do when the app goes live.
Now: waitlist data
NoteMock is not yet live. The only data we collect today is what you provide when joining the waitlist: your email address, a source tag indicating which form you used, your browser user-agent string, and your country (derived from your IP address by Cloudflare at the moment of submission — your IP itself is not stored).
This data is stored in a Cloudflare D1 database, a SQLite-compatible database hosted on Cloudflare's infrastructure. Cloudflare acts as our data processor. We do not use your email address for any purpose other than notifying you when NoteMock launches. We do not share it with anyone. We do not sell it. We delete it once the launch notification is complete or if you ask us to remove you.
For the full legal basis and your rights over this data, see our Privacy Policy.
Now: what we do not do
- We do not sell or share your email address with any third party.
- We do not run advertising or retargeting campaigns using your data.
- We do not enrich your record with data from other sources.
- We do not profile you.
- We set no cookies and use no third-party analytics scripts.
Future: commitments for the NoteMock app
The following commitments describe how we intend to handle data when the NoteMock product launches. They are commitments, not yet live policies — the product does not exist yet, and these details will be confirmed and formalised in the full Privacy Policy and Terms of Service published at launch.
Your notes are yours. Files or text you upload to generate a mock test are used solely to create the test you requested. They are not used to train third-party AI models, not shared with other users, and not retained beyond what is necessary to deliver your results.
No AI training without explicit consent. We will never use your uploaded content to train any AI model — first-party or third-party — without your explicit, informed consent. We will make the opt-in clear, separate from other agreements, and freely revocable.
No sale of user content. Your notes, generated tests, and any other content you create in NoteMock will never be sold to any third party.
Minimal retention. Uploaded source files will be deleted after your test is generated unless you explicitly choose to save them in your account. Generated tests will be stored only as long as your account is active, unless you delete them sooner.
Transparency about AI providers. At launch we will clearly disclose which AI model(s) and infrastructure providers process your content, so you can make an informed decision about using the service.
Sub-processors
Currently our only sub-processor (a company that processes data on our behalf) is Cloudflare, which provides hosting and database infrastructure.
When the product launches, we will publish a full list of sub-processors, including any AI inference providers. You will be able to object to new sub-processors before they are used to process your data.
Data security
All communication between your browser and our servers uses HTTPS/TLS. Access to the database is restricted via Cloudflare's access controls. We do not store plaintext passwords (no password-based auth exists yet). We follow the principle of least privilege: each part of our infrastructure accesses only the data it strictly needs.
Contact
For any data handling questions, requests, or concerns, email us at hello@notemock.com. We aim to respond within 5 business days.
Related documents
- Privacy Policy — your rights and the legal basis for our processing.
- Cookie Policy — what localStorage keys we use and why.
- Terms of Service — the terms that govern your use of this site.