How It WorksPricingReviewsAboutFor Educators
Start Free

Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your data.

Privacy Policy

Last updated: 19/05/2026

Related: View our Terms of Service for information about using our platform.

Applies to users in Australia, the United Kingdom, and the European Union.

This Privacy Policy explains how Deepmock Pty Ltd ACN 696 954 088 ("Deepmock", "we", "us", or "our") collects, uses, stores, and shares your personal information when you use our services at deepmock.io. It is designed to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR 2016/679).

Please read this policy carefully. By using our services, you acknowledge that you have read and understood this policy.

1. Who We Are (Data Controller)

Deepmock operates deepmock.io, an AI-powered interview preparation platform. For the purposes of UK GDPR and EU GDPR, Deepmock is the data controller responsible for your personal information.

Contact details:

  • Email: support@deepmock.io
  • Website: deepmock.io

2. Information We Collect

We collect the following categories of personal information:

2.1 Account Information

  • Email address and password (for traditional accounts)
  • Profile information provided through Single Sign-On (SSO) providers
  • Authentication tokens and session data

2.2 Practice Session Data

  • Video recordings of your interview practice sessions, stored securely in AWS S3
  • AI-generated feedback, scores, and analysis data from your sessions

2.3 Special Category Data - Biometric and Emotional Data

Important: We use AWS Rekognition to perform facial analysis and emotion detection on your video recordings. This processing analyses facial expressions and emotional states to provide feedback on your interview delivery. Under UK/EU GDPR, this constitutes processing of special category (sensitive) data and requires your explicit consent, which we obtain at the point of recording. You may withdraw this consent at any time by contacting us at support@deepmock.io, though doing so will limit the features available to you.

2.4 Usage Data

  • Usage patterns and preferences within the platform
  • Device and browser information
  • Log data including IP addresses and access times

3. Lawful Basis for Processing (UK/EU GDPR)

For users in the UK and EU, we process your personal data on the following legal bases:

  • Contract performance (Article 6(1)(b)): Processing your account information, session data, and subscription details to deliver the services you have signed up for.
  • Explicit consent (Article 6(1)(a) and Article 9(2)(a)): Processing of facial analysis and emotion detection data (special category data) is conducted only on the basis of your explicit consent, obtained before any such processing begins.
  • Legitimate interests (Article 6(1)(f)): Analysing usage patterns to improve our platform, detect account sharing, and ensure service security, where these interests are not overridden by your rights.
  • Legal obligation (Article 6(1)(c)): Retaining certain records where required by applicable law.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your subscription and send related transaction information
  • Send technical notices, security alerts, and support messages
  • Respond to your comments, questions, and support requests
  • Analyse usage patterns to improve the user experience
  • Process video recordings using AWS Rekognition for facial analysis and emotion detection (with your explicit consent)
  • Store and manage video data securely using AWS S3 cloud storage
  • Facilitate peer review by sharing recordings with other users you have chosen to share with
  • Analyse usage patterns to detect and prevent account sharing and ensure membership compliance

We will not use your personal information for purposes incompatible with those described in this policy without first notifying you and, where required, obtaining your consent.

6. Data Retention

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

7. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

7.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our platform:

  • AWS S3: Secure cloud storage for video recordings and data
  • AWS Rekognition: Facial analysis and emotion detection processing

These providers act as data processors under our instructions and are contractually bound to handle your data securely and in accordance with applicable privacy law.

7.2 Peer Review

When you choose to share a recording for peer review, that recording will be visible to other individuals you have selected. You control which recordings are shared and may withdraw them at any time.

7.3 Legal Requirements

We may disclose your information where required to comply with a legal obligation, court order, or governmental request, or to protect the rights, property, or safety of Deepmock, our users, or the public.

7.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change.

8. International Data Transfers

Our use of AWS services means your data may be transferred to and processed in countries outside Australia, the UK, or the European Economic Area (EEA), including the United States, where AWS operates data centres.

AWS participates in applicable data protection frameworks and provides contractual commitments regarding data protection. Details of AWS's data protection practices are available at https://aws.amazon.com/compliance/gdpr-center/

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of all data in transit using industry-standard TLS/SSL protocols
  • Encryption of all data at rest using AES-256 encryption
  • Secure storage of video recordings and analysis data in AWS S3
  • Access controls limiting data access to authorised personnel only
  • Regular security updates and monitoring of our systems

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms. This applies under both the UK/EU GDPR and the Australian Notifiable Data Breaches (NDB) scheme.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your information, but we are committed to protecting it to the highest reasonable standard.

10. Your Rights

10.1 Rights Under Australian Law (Privacy Act 1988)

  • Right to access your personal information (APP 12)
  • Right to request deletion of personal information (APP 11)
  • Right to make a complaint to the Office of the Australian Information Commissioner (OAIC)
  • Right to be notified of data breaches that may cause serious harm

10.2 Rights Under UK GDPR / EU GDPR

If you are located in the UK or EU, you have the following additional rights:

  • Right of access (Article 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): Request deletion of your personal data ('right to be forgotten'), subject to legal retention obligations.
  • Right to restriction of processing (Article 18): Request that we limit how we use your data in certain circumstances.
  • Right to data portability (Article 20): Receive your data in a structured, commonly used, machine-readable format and have it transferred to another controller where technically feasible.
  • Right to object (Article 21): Object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent: Where processing is based on consent (including facial/emotion analysis), you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@deepmock.io. We will endeavour to respond within 30 days. We may ask you to verify your identity before processing your request.

11. Minors and Age Requirements

Our services are intended for users aged 16 and over. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child under 16 has provided us with personal information, please contact us at support@deepmock.io and we will delete that information promptly.

12. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyse usage patterns. You can control cookie settings through your browser. Disabling certain cookies may affect the functionality of our services.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email or by posting a prominent notice on our website, and update the "Last updated" date at the top of this policy. Your continued use of our services after such notification constitutes acceptance of the updated policy.

14. Complaints and Supervisory Authorities

If you have concerns about how we handle your personal information, please contact us first at support@deepmock.io so we can try to resolve the issue directly.

You also have the right to lodge a complaint with the relevant supervisory authority:

Australia

  • Office of the Australian Information Commissioner (OAIC)
  • Website: www.oaic.gov.au

United Kingdom

  • Information Commissioner's Office (ICO)
  • Website: ico.org.uk

Contact Us

Deepmock is operated by Deepmock Pty Ltd ACN 696 954 088.

If you have any questions about this Privacy Policy, please contact us:

Email: support@deepmock.io

Website: deepmock.io

This policy was last updated on 19 May 2026. © Deepmock Pty Ltd. All rights reserved.