Legal · Last updated June 2, 2026

Privacy Policy

This Privacy Policy explains how MixBench ("MixBench", "we", "us", "our") collects, uses, shares, retains, and protects personal data when you visit mixbench.online, use our APIs, mobile or desktop clients, or any related feature (collectively, the "Service"). MixBench is the controller of the personal data described in this Policy. By using the Service you acknowledge the practices described here. Capitalized terms not defined here have the meanings given in our Terms of Service.

1. Data we collect

We collect the following categories of data:

  • Account data: email address, hashed password or OAuth identifier (e.g. Google ID), display name, profile image (if provided), authentication tokens, and account timestamps.
  • Uploaded audio & metadata: audio files, cover art, track titles, artist or release names, genre tags, lyrics, notes, and any other content you submit for analysis.
  • Audit results & derived data: features extracted from your uploads (e.g. spectral, loudness, and structural signals), AI-generated reports, scores, and embeddings.
  • Usage & technical data: IP address, approximate location derived from IP, device and browser information, operating system, language, referring URL, pages viewed, actions taken, error logs, and timestamps.
  • Communications: messages sent through our contact form or support channels and any attachments.
  • Billing data: if you purchase paid features, limited transaction data (amount, currency, last four digits of card, billing country) provided by our payment processor. We do not store full card numbers.
  • Cookies & similar technologies: see section 8.

2. How we use your data

We use personal data to:

  • Provide, operate, and maintain the Service, including running audits and returning reports.
  • Authenticate users, secure accounts, prevent fraud and abuse, and enforce our Terms.
  • Process payments, manage subscriptions, and issue invoices.
  • Respond to support requests and other communications.
  • Send service announcements and, with your consent where required, product updates.
  • Improve and develop the Service, including our analysis pipeline, using aggregated and de-identified signals.
  • Comply with legal obligations and enforce or defend legal rights.

We do not sell your personal data. We do not use Your Content to train third-party general-purpose AI models for the benefit of other customers; AI providers process Your Content under contract solely to deliver the requested output.

3. Service providers & sharing

We share personal data only as needed to operate the Service or as required by law. Our processors and sub-processors include:

  • Hosting, database & storage: our managed cloud backend (authentication, Postgres database, and object storage for uploaded audio).
  • AI providers: large-language and audio models that generate audit output from your uploads. These providers are bound by data processing agreements that prohibit using your data to train their models, where available.
  • Email & authentication: transactional email delivery providers and OAuth providers (e.g. Google) when you choose to sign in with them.
  • Payment processors: for billing of paid features.
  • Analytics & error monitoring: to understand usage and diagnose problems.

We may also share data: (a) to comply with law, regulation, or valid legal process; (b) to enforce our Terms or protect the rights, safety, or property of MixBench, our users, or others; and (c) in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this Policy or notify you of changes.

4. Legal bases (EEA / UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:

  • Contract: to provide the Service you requested and manage your account.
  • Legitimate interests: securing the Service, preventing abuse and fraud, debugging, and improving our products, where these interests are not overridden by your rights.
  • Consent: for non-essential cookies, optional marketing communications, and any processing where consent is required by law. You may withdraw consent at any time.
  • Legal obligation: to comply with tax, accounting, and other legal duties.

5. International transfers

Personal data may be processed in countries outside your own, including the United States and other jurisdictions where our processors operate. Where required, we rely on appropriate transfer mechanisms such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent safeguards.

6. Data retention

We retain personal data for as long as your account is active or as needed to provide the Service. Uploads and audit reports are kept while your account is active so you can revisit them. You may request deletion at any time, and we will remove your account data, uploaded audio, and reports within 30 days, except where we are required to retain limited records to comply with legal obligations, resolve disputes, prevent fraud, or enforce our agreements. Anonymized or aggregated data, which cannot reasonably be used to identify you, may be retained indefinitely.

7. Your rights

Subject to your local law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data ("right to be forgotten").
  • Export a copy of your data in a portable format.
  • Restrict or object to certain processing, including processing based on legitimate interests.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

California residents (CCPA/CPRA): you may request to know, delete, correct, and limit the use of sensitive personal information, and to opt out of any "sale" or "sharing" of personal information. We do not sell personal data. To exercise these rights, use our contact form. We will not discriminate against you for exercising your rights.

We may need to verify your identity before fulfilling a request. We will respond within the time required by law.

8. Cookies & similar technologies

We use cookies and similar technologies (local storage, session storage) to operate the Service. These fall into the following categories:

  • Strictly necessary: sign-in, session, security, and load balancing. These cannot be disabled.
  • Functional: remembering preferences such as your cookie choice.
  • Analytics: aggregated usage statistics to help us improve the Service. Used only with consent where required.

You can manage cookies in your browser, and you can change your choice at any time by clearing your browser storage; the cookie banner will appear again on your next visit. We do not use advertising cookies and do not sell personal data.

9. Security

We implement reasonable technical and organizational measures designed to protect personal data, including encryption in transit, access controls, audit logging, and secure cloud infrastructure. No method of transmission or storage is 100% secure; we cannot guarantee absolute security and are not liable for breaches that occur despite reasonable safeguards. If we become aware of a personal data breach affecting you, we will notify you as required by applicable law.

10. Children

The Service is not directed to children under 16 (or the applicable age of digital consent), and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us via the contact form and we will delete it.

11. Automated decision-making

The Service applies automated processing (including AI models) to generate audit reports and similar outputs. These outputs are advisory only and do not produce legal effects or similarly significant effects on you within the meaning of Article 22 GDPR. You may contact us to discuss any output you disagree with.

12. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the new version on this page with an updated "Last updated" date and, for material changes, notify you in-app or by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact

For privacy questions or to exercise any of your rights, please reach us through our contact form. We aim to respond within 30 days.