Mixlayer
Get Started
Legal

Mixlayer Privacy Policy

Effective Date: February 25, 2026
Last Updated: February 25, 2026

This Privacy Policy explains how Mixlayer Labs Inc. (“Mixlayer,” “we,” “us,” or “our”) collects, uses, discloses, and retains information when you access or use our websites, dashboards, APIs, SDKs, and related services (collectively, the “Services”).

This Privacy Policy applies to the Services available at:

  • Website: https://mixlayer.com
  • Dashboard/Console: https://console.mixlayer.com

If you do not agree with this Privacy Policy, do not use the Services.

1. Who We Are / How to Contact Us

Mixlayer Labs Inc.
2383 Greenwich Street
San Francisco, CA 94123
Email: [email protected]

2. Key Definitions

  • Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual (as defined by applicable law).
  • Customer Content: Data you submit to the Services (including Inputs) and data generated by the Services in response (including Outputs).
  • Inputs: Content you send for inference (e.g., text, images, audio, video, embeddings, prompts, files).
  • Outputs: Results returned by the Services in response to Inputs.

3. Information We Collect

We collect information in three ways: (A) information you provide, (B) information collected automatically, and (C) information from third parties.

A) Information you provide

Account and profile information

  • Name (if provided), email address, password (or SSO/OAuth identifiers), organization/workspace information, role/permissions (as applicable)

Customer Content (Inputs and Outputs)

  • Inputs you send to the Services and Outputs you receive back
  • Configuration and settings (e.g., model selection, routing, opt-in settings)

Support and communications

  • Messages you send to support or sales, including attachments and error reports you choose to provide

Billing information (if applicable)

  • Billing contact information and invoice records
  • Payments are processed by Stripe (see Section 6)

B) Information we collect automatically

Usage, diagnostics, and log data

  • Event timestamps, API endpoints called, success/error codes, performance metrics (latency), throughput and rate-limit events
  • Authentication and security events (e.g., sign-in attempts, token activity), and IP address
  • Console usage events (e.g., page views, clicks, feature usage)

Device and network data

  • Browser type, device type, operating system, language preferences, approximate location derived from IP address

Cookies and similar technologies

  • Cookies and similar technologies used for authentication, security, preferences, and analytics (see Section 7)

C) Information from third parties

SSO/OAuth and identity providers

  • Basic profile information needed to authenticate you (typically name, email, and a stable identifier)

Payment processors

  • Stripe provides us with confirmation of payment and certain billing details (we do not typically receive your full card number)

Analytics providers

  • We use PostHog to help us understand how users interact with our website and console (see Section 7)

4. Request/Response Body Logging (Important)

We do not log full API request/response bodies by default. In other words, we generally do not store the full contents of your Inputs and Outputs as part of routine API logging.

However, we may store Customer Content in limited circumstances, such as when:

  • you use console features that are designed to retain history (e.g., a playground session or saved examples), if available;
  • you explicitly enable logging, debugging, evaluation, or monitoring features that store content;
  • you send content to support for troubleshooting; or
  • retention is required for security investigations or legal compliance.

When we do store Customer Content, we retain it as described in Section 9 unless otherwise agreed in writing.

5. How We Use Information

We use information to:

Provide and operate the Services

  • Create and manage accounts and organization workspaces
  • Authenticate users and secure access (including SSO/OAuth, API keys, service accounts)
  • Process Inputs and generate Outputs
  • Provide console functionality, analytics, and developer tooling

Maintain, improve, and protect the Services

  • Debug, monitor reliability, and improve performance
  • Detect, prevent, and investigate fraud, abuse, or security incidents
  • Enforce rate limits and protect service integrity

Support and communications

  • Respond to support requests and provide customer service
  • Send service-related communications (e.g., security alerts, billing notices, policy updates)

Billing

  • Process payments, manage subscriptions/usage billing, and prevent payment fraud (through Stripe)

Legal and compliance

  • Comply with applicable law and enforce our Terms
  • Protect rights, safety, and property of Mixlayer, our users, and others

6. Model Improvement and Training Using Customer Content

Default: no training on Customer Content

By default, Mixlayer does not use Customer Content (Inputs/Outputs) to train or improve models for general availability.

Opt-in training

If you opt in (for example, through a setting in the console or another explicit mechanism), you authorize Mixlayer to use Customer Content to improve and develop models and Services, as described at the time of opt-in.

You can withdraw this opt-in prospectively through settings (if available) or by contacting [email protected]. Withdrawal may not affect Customer Content already incorporated into trained parameters or completed processes.

Customer-directed fine-tuning / adaptation

If you explicitly enable or request features that fine-tune, adapt, or optimize models on your behalf (including “auto fine-tune” or similar), we use Customer Content to perform that operation and to host/serve the resulting model for you, consistent with your configuration and plan.

7. Cookies, Analytics, and Similar Technologies

We use cookies and similar technologies for:

Essential functionality

  • Authentication, session management, load balancing, security, and fraud prevention

Preferences

  • Remembering settings and improving user experience

Analytics

  • Understanding how our website and console are used, so we can improve usability and performance

PostHog analytics

We use PostHog to collect analytics events (such as page views and feature interactions) and associated technical data (like device/browser information). This helps us understand usage patterns and improve the Services.

You can manage cookies through your browser settings. Blocking certain cookies may impact functionality.

8. How We Share Information

We share information only as described below:

Service providers (processors)

We share information with vendors that help us provide the Services, such as:

  • Stripe (payment processing)
  • PostHog (analytics)
  • Cloud infrastructure, security monitoring, customer support tooling, and related vendors

These vendors are authorized to process information only to provide services to us and must protect it consistent with applicable contractual obligations.

Subprocessor list: We do not currently publish a subprocessor list. If we publish one in the future, we will update this Privacy Policy accordingly.

Within your organization workspace

If you use the Services through an organization workspace, administrators may access information associated with organization accounts (such as user lists, roles, and usage metrics), depending on your plan and settings.

Legal, safety, and rights protection

We may disclose information when we believe it is reasonably necessary to:

  • comply with law or legal process,
  • respond to lawful requests from authorities,
  • investigate or prevent fraud, abuse, or security incidents, or
  • protect the rights, property, and safety of Mixlayer, our users, or others.

Business transfers

If Mixlayer is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to customary confidentiality protections.

With your direction

We may share information when you instruct us to do so (for example, connecting third-party integrations you choose to enable).

9. Data Retention

Unless otherwise agreed in writing, Mixlayer may retain:

  • logs and metadata,
  • console usage analytics,
  • security/audit logs, and
  • stored Customer Content (only when stored under Section 4 circumstances)

for up to a maximum of 1 year, for purposes such as operating the Services, troubleshooting, analytics, security, fraud prevention, and legal compliance.

We may retain certain records longer where necessary for legitimate business purposes (e.g., accounting/tax records, dispute resolution, enforcing agreements, or legal obligations).

10. Security

We maintain administrative, technical, and physical safeguards designed to protect information and the Services. SOC 2 is in progress.

No system is completely secure. You are responsible for maintaining the security of your credentials and API keys and using the Services responsibly.

11. Your Choices and Rights

Depending on your location, you may have rights regarding your Personal Information.

Account information

  • You may access and update certain account details through the console (where available).

Opt-in choices

  • If you opt in to training/model improvement using Customer Content, you can withdraw opt-in prospectively (where available) or by contacting [email protected].

Marketing communications

  • You can opt out of marketing emails by using the “unsubscribe” link or by contacting us. Service and administrative communications may still be sent.

Access, deletion, and other requests

  • You can request access to, correction of, or deletion of Personal Information by emailing [email protected].
  • We may need to verify your identity and may deny requests where permitted by law (e.g., to protect others, comply with legal obligations, or maintain security).

12. International Data Transfers

Mixlayer is based in the United States. If you access the Services from outside the U.S., you understand that information may be processed and stored in the U.S. and other countries where Mixlayer or its service providers operate, which may have different data protection laws than your jurisdiction.

13. Children’s Privacy

The Services are intended for users 18 years and older. We do not knowingly collect Personal Information from minors. If you believe a minor has provided Personal Information, please contact [email protected] so we can take appropriate steps to delete it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy and update the “Last Updated” date. For material changes, we may also provide notice through the console and/or via email where reasonably practicable. Your continued use of the Services after the effective date of an updated policy constitutes acceptance.

15. Contact Us

Email: [email protected]
Mail: Mixlayer Labs Inc., 2383 Greenwich Street, San Francisco, CA 94123