Data Privacy
Overview
At mixus, protecting your privacy is fundamental to our mission. We believe you should have complete control over your personal data, understand how it’s used, and trust that it’s handled with the highest standards of care and security. Our privacy practices are designed around transparency, minimal data collection, user control, and compliance with global privacy regulations including GDPR, CCPA, and other applicable laws.How We Protect Your Privacy
Privacy by Design
Built-in Privacy Protection- Privacy considerations integrated into every feature from the ground up
- Minimal data collection - we only collect what’s necessary for service delivery
- Purpose limitation - data used only for stated purposes
- Data minimization - automatic deletion of unnecessary data
Data Protection Principles
- Transparency: Clear information about what data we collect and why
- Control: You decide how your data is used and shared
- Security: Industry-leading security measures protect your information
- Purpose Limitation: Data used only for legitimate business purposes
- Retention Limits: Data kept only as long as necessary
What Data We Collect
Account Information
Required for Service Delivery- Email address (for account creation and communication)
- Name (for personalization and identification)
- Password (encrypted, never stored in plain text)
- Account preferences and settings
Conversation Data
AI Interaction Records- Messages you send to AI assistants
- AI responses and suggestions
- Conversation context and history
- Files uploaded for AI analysis
Usage Analytics
Service Improvement Data- Feature usage patterns (aggregated and anonymized)
- Performance metrics (response times, error rates)
- Device and browser information (for compatibility)
- General location data (country/region level only)
Technical Information
Security and Operation Data- IP addresses (for security and fraud prevention)
- Session information (for authentication)
- Error logs (for troubleshooting and improvement)
- Security events (for threat detection)
What We Don’t Collect
Never Collected
- Detailed location tracking or GPS coordinates
- Contact lists or address books
- Banking or financial account information
- Health or medical information (unless explicitly provided)
- Biometric data
- Content of private communications outside mixus
Optional Information Only
- Profile photos (only if you choose to upload)
- Organization information (only for business accounts)
- Social media connections (only if you link accounts)
- Additional contact methods (only if you provide them)
How We Use Your Data
Primary Uses
Service Delivery- Provide AI assistance and conversation capabilities
- Maintain your account and preferences
- Deliver requested features and functionality
- Process payments and billing (for paid plans)
- Protect against fraud, abuse, and security threats
- Verify account ownership and prevent unauthorized access
- Monitor for spam and malicious content
- Maintain system security and integrity
- Analyze usage patterns to improve features
- Develop new capabilities based on user needs
- Optimize performance and reliability
- Conduct research and development
Communication
- Send important account and security notifications
- Provide customer support and assistance
- Share product updates and new features (with consent)
- Send billing and payment information
Your Privacy Rights
Access and Control
Your Data, Your Control- View: Access all data we have about you
- Export: Download complete data archives
- Correct: Update incorrect or outdated information
- Delete: Remove specific data or your entire account
Regional Privacy Rights
European Union (GDPR)- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to know what data is collected
- Right to delete personal information
- Right to opt-out of sale of personal information
- Right to non-discrimination for exercising privacy rights
- We comply with applicable privacy laws worldwide
- Additional rights may apply based on your location
- Contact us to learn about rights in your region
Data Sharing and Disclosure
Limited Data Sharing
Service Providers- Cloud infrastructure providers (for hosting and storage)
- Payment processors (for billing and payments)
- Email service providers (for account communications)
- Analytics services (with anonymized data only)
- Compliance with valid legal requests
- Protection of our rights and property
- Safety of users and the public
- Prevention of fraud and illegal activities
Never Shared
- Your conversation content with third parties for marketing
- Personal information for advertising purposes
- Data with unauthorized parties
- Information beyond what’s legally required
Data Security
Technical Safeguards
Encryption- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Encrypted database storage
- Secure key management with regular rotation
- Multi-factor authentication for all systems
- Role-based access control for employees
- Regular access reviews and audits
- Principle of least privilege enforcement
- SOC 2 Type II compliant hosting
- 24/7 security monitoring
- Regular security assessments and penetration testing
- Incident response and breach notification procedures
Organizational Safeguards
Employee Training- Regular privacy and security training
- Confidentiality agreements for all staff
- Background checks for employees with data access
- Ongoing security awareness programs
- Privacy and security requirements for all vendors
- Regular audits of service providers
- Data processing agreements with strict controls
- Vendor risk assessments and monitoring
Data Retention
Retention Periods
Account Data- Retained while your account is active
- Deleted within 30 days of account closure
- Backup copies deleted within 90 days
- Retained according to your preferences
- Automatic deletion options available
- Immediate deletion upon request
- Retained for 1 year for security purposes
- Anonymized after 90 days where possible
- Deleted completely after retention period
- Some data may be retained longer to comply with legal obligations
- Clear notification provided if extended retention is required
- Minimum retention periods applied consistently
Children’s Privacy
Age Restrictions
- mixus is designed for users 13 years and older
- Parental consent required for users under 16 in EU
- No intentional collection of data from children under 13
- Immediate deletion if underage use is discovered
Educational Use
- Special protections for educational institutions
- COPPA compliance for school-supervised use
- Additional privacy controls for classroom environments
- Parent and teacher oversight features
International Data Transfers
Global Service Delivery
Data Processing Locations- Primary data centers in United States and European Union
- Automatic data residency options for EU users
- All transfers protected by appropriate safeguards
- Standard contractual clauses for international transfers
- Encryption during all international transfers
- Adequacy decisions and approved transfer mechanisms
- Regular review of transfer arrangements
- Additional protections for sensitive data
Privacy Settings and Controls
Account Privacy Settings
Data Collection Controls- Opt-out of optional analytics collection
- Control conversation data retention periods
- Manage communication preferences
- Set data sharing restrictions
- Control profile information visibility
- Manage organization directory listings
- Set collaboration and sharing permissions
- Configure notification and communication settings
Organization Privacy Controls
Administrator Settings- Organization-wide privacy policies
- Data residency requirements
- Retention period enforcement
- User privacy training requirements
Incident Response
Data Breach Procedures
Immediate Response- Incident containment within 1 hour of detection
- Assessment of scope and impact within 24 hours
- User notification within 72 hours if required
- Regulatory notification as required by law
- Forensic analysis to determine cause and scope
- Implementation of additional safeguards
- Ongoing monitoring for related incidents
- Regular communication with affected users
Cookie and Tracking Policy
Essential Cookies
- Authentication and session management
- Security and fraud prevention
- Basic functionality and preferences
- These cannot be disabled while using the service
Optional Cookies
- Analytics and performance monitoring (with consent)
- Preference storage for improved experience
- Customer support chat functionality
- These can be managed through browser settings
Third-Party Tracking
- No third-party advertising trackers
- Limited analytics with privacy-focused providers
- Social media widgets only with explicit consent
- Full control over optional tracking features
Contact and Requests
Privacy Inquiries
Data Subject Requests- Email: support@mixus.com
- Include specific request type and account information
- Response within 30 days for most requests
- Identity verification required for sensitive requests
- Privacy policy questions and clarifications
- Concerns about data handling practices
- Suggestions for privacy improvements
- Information about privacy practices
Data Protection Officer
- Available for complex privacy inquiries
- GDPR compliance questions and concerns
- Privacy impact assessment information
- Regulatory inquiry coordination
Related Information
- Security Overview - Complete security measures
- Authentication Methods - Account access security
- Account Settings - Manage your privacy preferences
- Legal Policies - Complete privacy policy
Your privacy is our priority. We’re committed to transparency, giving you control, and protecting your data with the highest standards. If you have any privacy questions or concerns, please don’t hesitate to contact us.