1. Introduction
This Privacy Policy explains how Mixbinder, operated by Todal Musikkproduksjon ("we", "us", "our"), collects, uses, and protects your information when you use our service at mixbinder.com.
GDPR Compliance
As a Norwegian company, we comply with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven). This means you have strong rights over your personal data, including access, correction, deletion, and portability.
2. Data Controller
3. Information We Collect
3.1 Information You Provide
- Account Information: Name, email address, profile picture (via Google OAuth)
- Payment Information: Processed by Stripe; we do not store credit card numbers
- User Content: Audio files, project names, notes, and feedback you create
3.2 Information Collected Automatically
- Usage Data: Features used, pages visited, timestamps
- Device Information: Browser type, operating system, IP address
- Cookies: Session cookies for authentication only
3.3 Information from Third Parties
- Google: Profile information when you sign in with Google
- Stripe: Subscription status and payment history
4. Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Providing the Service | Contract performance |
| Processing payments | Contract performance |
| Sending transactional emails | Legitimate interest |
| Security and fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation |
5. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Process payments and manage subscriptions
- Send transactional emails (welcome, receipts, etc.)
- Respond to support requests
- Improve the Service based on usage patterns
- Comply with legal obligations
We do NOT:
- Sell your personal information
- Use your audio files for AI training
- Share your data for advertising purposes
- Profile you for marketing
6. Data Storage and Security
6.1 Storage Location
- Data is stored on Supabase (hosted on AWS in the European Union)
- Audio files are stored in secure cloud storage within the EU
- All data remains within the European Economic Area (EEA)
6.2 Security Measures
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for sensitive data
- Row-level security for data isolation
- Regular security updates and monitoring
- Access controls and authentication
6.3 Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While account is active |
| Audio files | Until deleted or account closed |
| Server logs | 90 days |
| Backups | 30 days after deletion |
| Payment records | 7 years (legal requirement) |
7. Data Sharing
We share your information only with:
| Recipient | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database hosting | All user data | EU |
| Stripe | Payment processing | Email, payment info | EU/US* |
| Authentication | OAuth tokens | EU/US* |
*These providers have appropriate safeguards for EU-US data transfers (Standard Contractual Clauses).
We may also disclose data:
- To comply with legal obligations
- To protect our rights or safety
- In connection with a merger or acquisition (with notice)
8. Your Rights Under GDPR
As a user in the EEA, you have the following rights:
- Right of Access (Art. 15): Request a copy of your personal data
- Right to Rectification (Art. 16): Correct inaccurate data
- Right to Erasure (Art. 17): Delete your data ("right to be forgotten")
- Right to Restrict Processing (Art. 18): Limit how we use your data
- Right to Data Portability (Art. 20): Export your data in a standard format
- Right to Object (Art. 21): Object to processing based on legitimate interest
- Right to Withdraw Consent: Where processing is based on consent
To exercise these rights, contact us at privacy@mixbinder.com. We will respond within 30 days.
8.1 Data Export
You can export your projects and notes from the app at any time.
8.2 Account Deletion
To delete your account and all associated data:
- Contact us at privacy@mixbinder.com
- We will confirm your identity
- Your account and data will be permanently deleted within 30 days
9. Cookies
We use only essential cookies required for the Service to function:
| Cookie | Purpose | Duration |
|---|---|---|
| sb-access-token | Authentication | Session |
| sb-refresh-token | Token refresh | 7 days |
We do not use tracking, analytics, or advertising cookies. No consent banner is required as we only use strictly necessary cookies.
10. Children's Privacy
The Service is not intended for children under 16. We do not knowingly collect information from children. If you believe a child has provided us data, contact us immediately and we will delete it.
11. International Transfers
Your data is primarily stored within the European Economic Area (EEA). When data is transferred outside the EEA (e.g., to Stripe or Google in the US), we ensure appropriate safeguards are in place, including:
- EU-US Data Privacy Framework certification
- Standard Contractual Clauses (SCCs)
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via:
- Email to your registered address
- Notice on the website
Continued use after changes constitutes acceptance of the updated policy.
13. Complaints
If you have concerns about how we handle your data, please contact us first. If you are not satisfied with our response, you have the right to lodge a complaint with:
Datatilsynet (Norwegian Data Protection Authority)
Website: www.datatilsynet.no
Email: postkasse@datatilsynet.no
14. Contact Us
For privacy-related questions or to exercise your rights:
Todal Musikkproduksjon
Email: privacy@mixbinder.com
Website: https://mixbinder.com