mock.health is a synthetic FHIR sandbox. No PHI ever enters the system — all patient data is algorithmically generated by Synthea and our Markov progression module trained on de-identified journey data.
Account data: email address, name, organization name, and role. Operational telemetry: API request counts, endpoint usage, and error rates tied to your API key. We do not collect protected health information because we do not store any.
To operate the service: authenticate your sessions, enforce rate limits, bill your subscription, and respond to support requests. To improve the product: aggregate usage patterns help us decide which endpoints and synthetic cohorts to prioritize. To communicate with you: product updates, security notices, and billing emails. We never sell account data.
Google Cloud in us-central1. Postgres behind a VPC with private IPs only. AES-256 at rest. TLS 1.3 in transit. Auth0 for authentication with a custom domain. Secrets in GCP Secret Manager. Audit logs retained.
Request a copy of your account data, request deletion, or close your account at any time. Email support for any of the above.