MockDPE

Privacy Policy

Effective date: May 24, 2026

Who We Are

Burrow Studio LLC (“we,” “us,” “our”) operates MockDPE, an AI-powered FAA Instrument Rating oral exam simulator, accessible at mockdpe.org. This Privacy Policy describes how we collect, use, and protect your information when you use our service.

Information We Collect

Account Information

When you create an account, we collect your email address and display name; sign-in is verified via one-time email codes (no password is stored). If you sign in with Google or Discord, we receive your name, email, and profile image from those services.

Practice Session Data

We store your questions, AI-generated responses, and performance evaluations from practice checkride sessions. This data is used to provide the service and track your progress.

Payment Information

Payments are processed entirely by Stripe (our merchant of record). We do not store your credit card number, expiration date, or CVC. We store only your Stripe customer ID and subscription status.

Technical Data

We collect IP addresses for rate limiting and abuse prevention. We use a single session cookie for authentication. We use a small set of privacy-respecting tools to understand site usage and verify search-engine reachability:

  • Plausible Analytics — a cookieless, GDPR-friendly analytics service. Records aggregate page views and visit data; does not set cookies, does not collect personal data, does not share data with third parties.
  • Google Search Console and Bing Webmaster Tools — free webmaster tools used to verify domain ownership and monitor search performance. Do not place tracking on visitors.
  • IndexNow — when we publish or update a page, we notify Bing’s crawler so search results stay fresh. Sends only URL strings; no visitor data involved.

We do not use behavioral tracking, advertising pixels, or any tool that sets cookies for tracking purposes.

Device Fingerprinting

To enforce free-tier limits and prevent abuse, we generate a device fingerprint using ThumbmarkJS, an open-source library that derives a hash from browser and hardware signals (e.g. screen resolution, installed fonts, graphics capabilities). This hash does not identify you personally and cannot be reversed to reconstruct the underlying signals.

The hash is cached in your browser’s localStorage for up to 30 days to avoid re-computing it on every visit. Server-side, we store the hash alongside associated IP addresses and account identifiers for up to one year. This data is used solely to enforce per-device limits and detect coordinated abuse — it is never sold or shared with third parties.

How We Use Your Information

  • Provide, operate, and improve the MockDPE service
  • Process your payments and manage your subscription
  • Send transactional emails (sign-in codes, account notifications)
  • Prevent abuse, enforce rate limits, and maintain platform security
  • Improve the AI examiner based on aggregated, anonymized session data

MockDPE developers, employees, or contractors may access individual session data to operate the service, investigate issues, respond to support requests, review service quality, and improve the AI examiner. We do not share individual session content with third parties or use it for marketing without your explicit consent.

Third-Party Services

We share data with the following third-party services as necessary to operate MockDPE:

  • Google Gemini — Your practice exchanges (questions and responses) are sent to Google’s Gemini API for AI processing. Google’s data usage is governed by their Gemini API Terms of Service.
  • Stripe — Payment processing (merchant of record under Stripe Managed Payments). Stripe’s handling of your payment data is governed by their Privacy Policy.
  • Google & Discord — OAuth authentication, if you choose to sign in with these providers.
  • Cloudflare — Turnstile CAPTCHA for signup verification.
  • Resend — Transactional email delivery (sign-in codes, account notifications).
  • MongoDB Atlas — Account, session, and progress data are stored in a MongoDB Atlas database hosted in the United States. MongoDB, Inc. acts as a data sub-processor; their handling of stored data is governed by their Privacy Policy.
  • Vercel — Application hosting and serverless compute. Request metadata (IP, user-agent, request paths) may be processed by Vercel as part of normal operation.

Data Retention

Your account data and session history are retained for as long as your account is active. If you request account deletion, we will delete your personal data and session records within 30 days. Anonymized, aggregated data may be retained for service improvement.

Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing support@mockdpe.org. We will respond within 30 days.

Children

MockDPE is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the site. Your continued use of MockDPE after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy? Contact us at support@mockdpe.org.