Global Privacy Policy

About This Policy

At Mockwin Technologies Private Limited ("Mockwin", "we", "our", or "us"), we are committed to protecting the privacy, security, and fundamental rights of all our users. We provide an AI-powered recruitment, mock interview, and candidate screening platform designed to connect talent with opportunity while ensuring fairness and transparency. Effective Date: April 2026 | Last Updated: April 2026 | Website: https://www.mockwin.ai | Contact: privacy@mockwin.ai

Who This Policy Applies To

This Global Privacy Policy explains how we collect, use, process, share, and protect Personal Data across our platform. It applies to:

• Candidates (B2C): Individuals utilising Mockwin for mock interviews, skill assessments, profile creation, and job applications.
• Organisations and Recruiters (B2B): Employers, hiring managers, HR teams, and recruitment agencies utilising Mockwin to screen, evaluate, and communicate with candidates.
• Website Visitors: Anyone browsing mockwin.ai without creating an account.

1.1 Our Role in Data Processing

Depending on how you interact with Mockwin, our legal role regarding your Personal Data changes:

• Data Controller (Data Fiduciary under Indian law): When Candidates create independent profiles for mock interviews, or when we collect website analytics, billing information, and account registration data, Mockwin acts as the Data Controller.
• Data Processor (Service Provider): When an Organisation invites a Candidate to complete an assessment or interview via our platform, the Organisation is the Data Controller. Mockwin processes this data strictly on behalf of the Organisation according to their documented instructions and our Data Processing Agreement.

Data Minimisation

We practise data minimisation, ensuring we only collect what is necessary to deliver the Services. The categories below describe the types of Personal Data we may process.

2.1 Information Provided Directly by You

• Account Identifiers: First name, last name, email address, phone number, physical address, and account credentials.
• Professional Data: Resumes, CVs, cover letters, employment history, educational background, certifications, portfolios, and job preferences.
• Communications: Support requests, feedback, messages sent to recruiters via the platform, and survey responses.
• Payment Information: Billing address, payment method details (processed via third-party payment processors; Mockwin does not store full card numbers).

2.2 Interview, Assessment, and AI Data

Because Mockwin utilises advanced AI to evaluate candidates, we process specialised datasets during mock and live interviews:

• Audio and Video Recordings: Media captured during one-way video interviews, live assessments, and AI conversational interactions.
• Transcripts and Text: Automated speech-to-text transcriptions of interview responses, as well as code snippets submitted during technical assessments.
• AI Evaluation Outputs: AI-generated behavioural markers, communication analysis (tone, clarity, pacing, filler word frequency), technical skill scores, STAR framework detection, gap analyses, pivot suggestions, and overall readiness rankings.

2.3 Biometric, Proctoring, and Security Data

To prevent fraud and ensure assessment integrity, we may collect (with appropriate consent and where legally permitted):

• Identity Verification Data: AI-based facial comparison matching a government-issued ID against webcam feeds. This data is classified as biometric data under certain jurisdictions and is only processed with explicit consent.
• Dual-Camera Proctoring Data: Video feeds from laptop camera (face tracking) and mobile camera (room monitoring), analysed in real-time for environmental anomalies.
• Browser Proctoring Logs: Tab switching, copy-paste activity, developer tools usage, screen-sharing detection, and application switching.
• Language Pattern Analysis: Speech cadence, pausing patterns, eye-tracking indicators, and vocabulary consistency to detect potential reading from hidden reference materials.

2.4 Technical and Usage Data

• Device Information: IP address, browser type and version, operating system, hardware specifications, screen resolution, and time zone.
• Platform Activity: Pages visited, time spent on assessments, clickstream data, feature usage patterns, and interaction analytics.
• Cookies and Tracking Technologies: Please refer to our Cookie Policy for detailed information.

Processing Activities

Under global privacy laws, we must have a valid legal basis to process your Personal Data. The following summarises our processing activities and their legal bases:

• Delivering mock interviews, AI feedback, and operating the core platform — Legal Basis: Contractual Necessity.
• Processing interviews and scores on behalf of a hiring Organisation — Legal Basis: Legitimate Interest (of Employer) / Contractual Necessity.
• Detecting cheating, preventing fraud, and authenticating identity — Legal Basis: Explicit Consent / Legitimate Interest.
• Talent Discovery Pool — surfacing free tier Candidate profiles to subscribing hiring Organisations — Legal Basis: Consent (at signup for EU/UK) / Legitimate Interest (other jurisdictions).
• Marketing communications — product updates, career content, hiring opportunities, newsletters — Legal Basis: Consent (explicit opt-in for EU/UK) / Legitimate Interest (other jurisdictions).
• AI Model Training — using anonymised and de-identified data to improve AI accuracy, reduce bias, and develop new features — Legal Basis: Legitimate Interest.
• Improving platform performance using anonymised analytics — Legal Basis: Legitimate Interest.
• Billing, payment processing, and financial record-keeping — Legal Basis: Contractual Necessity / Legal Obligation.
• Responding to lawful requests and defending legal claims — Legal Basis: Legal Obligation.

AI Compliance Overview

As an AI-first platform, Mockwin complies with emerging global regulations regarding automated employment tools.

4.1 EU AI Act Compliance

Under the European Union Artificial Intelligence Act, AI systems used in employment and worker management are classified as "High-Risk". Mockwin adheres to the following:

• Human-in-the-Loop (HITL): Mockwin's AI tools act as decision-support systems. We explicitly mandate that hiring Organisations exercise meaningful human oversight. AI scores must not be the sole basis for hiring or rejection.
• Transparency and Quality: Our AI models are tested on diverse, representative datasets to minimise algorithmic bias. We provide technical documentation to B2B clients regarding the AI's logic, limitations, and intended use.
• Prohibited Practices: Mockwin does not use AI to deduce protected characteristics (race, gender, religion, sexual orientation) or to perform unlawful emotion recognition or biometric categorisation in the workplace.

4.2 GDPR Article 22 Compliance

Under GDPR Article 22, individuals have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Because Mockwin operates as a decision-assistance tool and employers make the final hiring decisions, purely automated legal effects do not occur. However, candidates retain the right to request human intervention and contest AI-assisted evaluation scores by contacting the relevant Data Controller (the hiring Organisation).

4.3 NYC Local Law 144 (AEDT)

For employers screening candidates residing in New York City:

• Annual Bias Audits: Mockwin undergoes independent, third-party bias audits annually, evaluating AI models for disparate impact across gender, race, and ethnicity intersections.
• Audit Transparency: We provide bias audit summaries to B2B clients so they may publish them on their career pages as required by law.
• Candidate Notification: Employers using Mockwin are contractually required to provide NYC candidates with notice at least ten (10) business days prior to using our AI tools.

4.4 India DPDP Act 2023

Under the Digital Personal Data Protection Act, 2023, Mockwin processes data based on free, informed, specific, and unambiguous consent of the Data Principal. We provide clear notice of the purposes of processing before collecting any Personal Data.

4.5 AI Model Training

Mockwin uses anonymised and de-identified data derived from platform usage to train, improve, and benchmark its AI interview and assessment models.

• What data is used: Only anonymised data — interview response patterns, speech analytics (cadence, tone, fluency), assessment scoring distributions, and interaction data. All personally identifiable information is stripped before data enters the training pipeline.
• What data is never used for training: Identifiable video recordings, personal photographs, raw audio with identifiable voices, or any Organisation's proprietary BYOKB content.
• Deletion and model training: If you request deletion of your Personal Data, all identifiable records are removed. However, anonymised derivatives already incorporated into trained models cannot be individually extracted or reversed. This is an inherent technical limitation of machine learning.
• Enterprise opt-out: B2B Organisations with custom enterprise agreements (MSAs) may negotiate an opt-out of AI model training for their Assessment data.

No Sale of Personal Data

We do not sell your Personal Data. We only share information under the following circumstances:

• With Hiring Organisations: If you complete an interview via a company's link, or if you set your B2C profile visibility to "Public", your profile, interview recordings, transcripts, and AI scores will be shared with the relevant recruiters.
• Via the Talent Discovery Pool: If you are a free tier Candidate, your profile summary, assessment scores, AI readiness rankings, and professional information are included in Mockwin's Talent Discovery Pool, accessible to subscribing B2B Organisations. Your full interview recordings, transcripts, and direct contact details are never shared without your explicit, per-instance consent.
• With Service Providers: We use trusted third-party sub-processors for cloud hosting (e.g., AWS, GCP), video streaming, email delivery, payment processing, and customer support. All providers are bound by Data Processing Agreements.
• With Third-Party ATS Platforms: If an Organisation integrates Mockwin with their ATS (e.g., Workday, Greenhouse, Lever), your data will be transmitted to those platforms in accordance with the Organisation's instructions.
• Legal and Regulatory Authorities: We may disclose data if required by a valid subpoena, court order, regulatory inquiry, or to protect the safety, rights, or property of Mockwin or the public.
• Business Transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred to the acquiring entity under equivalent privacy commitments. You will be notified of any such transfer.

Visibility Modes

Mockwin empowers candidates to control their data through three visibility modes:

• Private Mode (Paid Subscribers): Your self-initiated mock interviews, feedback, and AI analytics remain entirely confidential. Only you can view them unless you manually share a direct link. Your profile is not included in the Talent Discovery Pool.
• Talent Discovery Mode (Free Tier Default): Your profile summary, assessment scores, and AI readiness rankings are visible to subscribing Organisations through the Talent Discovery Pool. Your full recordings, transcripts, and direct contact details are not shared. Organisations may reach you only via Mockwin's in-platform messaging.
• Public Mode (Opt-In): By opting in, you consent to have your full profile, technical scores, behavioural analytics, and selected interview highlights indexed and viewable by all Organisations utilising Mockwin's talent discovery tools.

Changing Your Visibility

You can change your visibility setting at any time through your account dashboard (subject to plan-level availability). Free tier users wishing to switch to Private mode may upgrade to a paid plan.

7.1 What You Will Receive

• Transactional Communications (always active): Account verification, security alerts, billing receipts, interview reminders, and service notices. These cannot be opted out of.
• Promotional Communications: Product updates, career advice, hiring opportunities, job alerts, recruiter messages, partner offers, webinars, and newsletters. Delivered via email, SMS, push notifications, WhatsApp, or in-app messages.

7.2 Legal Basis by Jurisdiction

• India, United States, and other non-EEA jurisdictions: Account registration constitutes consent for promotional communications. You may opt out at any time.
• EEA, UK, and explicit-consent jurisdictions: Promotional communications are sent only if you opt in via a separate checkbox at registration. You may withdraw consent at any time.

7.3 How to Opt Out

You may opt out of promotional communications at any time via the unsubscribe link in any email, your Account Settings → Communication Preferences, replying "STOP" to SMS/WhatsApp, or emailing support@mockwin.ai. Opting out does not affect transactional communications or your use of the Services. Allow up to seventy-two (72) hours for opt-out processing.

Cross-Border Processing

Mockwin operates globally. Your Personal Data may be stored and processed in India, the United States, the European Union, or other locations depending on your geography and that of the hiring Organisation.

Transfer Safeguards

When transferring data from the EEA, the United Kingdom, or Switzerland to countries without an "adequacy decision":

• Standard Contractual Clauses (SCCs): We utilise the European Commission-approved SCCs (2021 version) alongside supplementary technical measures.
• EU-U.S. Data Privacy Framework: Where applicable, we rely on the EU-U.S. Data Privacy Framework for transatlantic transfers.
• Technical Safeguards: All cross-border transfers are protected by AES-256 encryption at rest and TLS 1.3 in transit.

9.1 Security Measures

We implement enterprise-grade security protocols, including:

• Transport Layer Security (TLS 1.3) for all data in transit.
• AES-256 encryption for all data at rest, including video recordings and transcripts.
• Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for internal teams and B2B recruiter accounts.
• Routine penetration testing, vulnerability scanning, and security audits.
• Incident response procedures with defined escalation paths.
• Employee security training and background checks for personnel with data access.

9.2 Retention Periods

We retain Personal Data only for as long as necessary:

• B2B Employer Data: Candidate interview recordings and scores are retained according to the Organisation's data retention configuration (typically one to three years). Upon Organisation request or contract termination, data is purged within thirty (30) days.
• B2C Candidate Accounts: Data is retained as long as the account is active. If an account is inactive for twenty-four (24) months, or upon user deletion request, data is permanently deleted or anonymised within thirty (30) days.
• Proctoring and Security Data: Logs are retained for a maximum of ninety (90) days before automatic deletion.
• Billing Records: Financial records are retained for the minimum period required by Indian tax and accounting regulations (typically eight years).
• AI Training Data: Anonymised and de-identified data used for AI model training is retained indefinitely, as it does not constitute Personal Data. Identifiable source data is deleted per the retention schedules above.

10.1 European Economic Area and United Kingdom (GDPR / UK GDPR)

Under GDPR and UK GDPR, you have the following rights:

• Right of Access: Request a copy of your Personal Data held by us.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data ("Right to be Forgotten"). Note: anonymised data already incorporated into AI models cannot be individually extracted.
• Right to Restriction: Request suspension of data processing in certain circumstances.
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Rights Regarding Automated Decisions: Request human intervention in AI-assisted scoring.
• Right to Withdraw Consent: Withdraw consent for marketing communications at any time.

Supervisory Authority

You also have the right to lodge a complaint with your local Data Protection Authority (e.g., the ICO in the UK, CNIL in France, BfDI in Germany).

10.2 United States (CCPA/CPRA, VCDPA, CPA, and State Laws)

• Right to Know/Access: Know what categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of personal information, subject to legal exceptions.
• Right to Correct: Correct inaccuracies in your data.
• Right to Opt-Out of Sale/Sharing: Mockwin does not sell Personal Data. The Talent Discovery Pool constitutes a service feature, not a sale of data.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

10.3 India (Digital Personal Data Protection Act, 2023)

In compliance with the DPDP Act, Indian Data Principals have the right to:

• Access a summary of their data and the identities of entities with whom it has been shared.
• Correct, complete, and update their Personal Data.
• Erase their data when it is no longer needed for the purpose for which it was collected.
• Withdraw consent at any time, without prejudice to the lawfulness of processing based on consent prior to withdrawal.
• Nominate a representative in the event of death or incapacity.
• Lodge a grievance with Mockwin's Grievance Officer or escalate to the Data Protection Board of India.

10.4 Other Jurisdictions

Users in Canada (PIPEDA), Brazil (LGPD), Australia (Privacy Act 1988), Japan (APPI), South Korea (PIPA), and other jurisdictions are afforded equivalent rights to access, correction, deletion, and transparent information regarding data handling. We align our practices with the accountability, consent, and safeguard principles required by these frameworks. To exercise any privacy right, contact: privacy@mockwin.ai. We will respond within thirty (30) days, or the timeframe mandated by your local law, whichever is shorter.

Age Restriction

Mockwin's Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect Personal Data from children. If we become aware that a child under 18 has provided us with Personal Data, we will take immediate steps to delete such information from our servers and notify any relevant data protection authority if required by law.

Cookie Policy

We use cookies, web beacons, and similar tracking technologies to improve platform functionality, remember user preferences, and analyse site traffic. Please refer to our separate Cookie Policy at mockwin.ai/cookies for detailed information about the types of cookies we use, consent mechanisms, and how to manage your preferences.

Policy Updates

We may update this Global Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Effective Date" and "Last Updated" date at the top of this policy.
• Post a prominent notice on our platform.
• Send you a direct email notification prior to the changes taking effect (for registered users).

Continued Use

Continued use of the platform after the effective date constitutes your acknowledgment of the updated policy.

Privacy Team

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or how our AI models function, please contact:

• Entity: Mockwin Technologies Private Limited
• Team: Privacy and Data Protection Team
• Email: privacy@mockwin.ai
• Website: https://www.mockwin.ai/support

Grievance Officer (India)

For grievances under the IT Act, 2000 and DPDP Act, 2023:

• Email: grievance@mockwin.ai
• The Grievance Officer will acknowledge complaints within twenty-four (24) hours and resolve them within fifteen (15) days, or such period as prescribed by applicable law.

B2B Data Processor Queries

For queries relating to data processed on behalf of an Organisation (where Mockwin is the Data Processor), we recommend contacting the hiring Organisation directly to expedite your request. Mockwin will fully assist our B2B clients in honouring your privacy rights.