1. Who we are
MixLift ("we", "us") provides a Bayesian marketing mix modeling service accessible via Claude and other MCP-compatible clients. For any privacy-related question, contact privacy@mixlift.io.
2. What we collect
Cloud service users
- Uploaded CSV files — processed in-memory to run your requested models. Not persisted to disk beyond the duration of your session. Deleted on session close.
- License and billing data — email address, subscription tier, and OAuth tokens. Tokens are encrypted at rest. Stored in our license database hosted on Fly.io.
- Usage metadata — tool call logs (no CSV content), timestamps, and model run counts. Retained for 90 days for abuse prevention and billing reconciliation.
- OAuth tokens — stored encrypted; used only to authenticate your session.
Local installation users
- Your CSV data never leaves your machine. The analysis engine runs locally via the pip package.
- License verification sends only your license key hash and a machine fingerprint to
api.mixlift.io. No marketing data is transmitted.
3. How we use your data
- To operate the service and run the models you request.
- To enforce license terms and prevent abuse.
- We do not sell your data. We do not use your marketing data to train machine-learning models.
4. Data sharing
- Fly.io — cloud infrastructure provider. Processes data under a Data Processing Agreement.
- Stripe — payment processor. Handles payment data under its own privacy policy.
- Google Analytics 4 + Google Ads — pageview and conversion analytics on
mixlift.io. Data is aggregated and retained for 14 months.
- Resend — transactional email provider (license keys, sign-in links).
- No other third-party data sharing.
5. Data retention
- CSV uploads — deleted at session end.
- License records — retained for the life of the account plus 90 days after account closure, for billing dispute resolution.
- Usage logs — 90 days.
6. Your rights
- You may request deletion of your account and license data by emailing privacy@mixlift.io. We will respond within 30 days.
- If you are in the EEA or UK, you have rights under GDPR including access, rectification, erasure, restriction of processing, and data portability.
7. Security
- Data in transit — TLS 1.2 or higher on all endpoints.
- Data at rest — AES-256 encryption for the license database.
- We conduct periodic security reviews and third-party penetration testing as the service scales.
8. Changes
We will notify active subscribers of material changes 14 days in advance via the email on their account. Immaterial changes (clarifications, typo corrections) may be made without notice but will be reflected in the "Last updated" date above.
9. Contact
Questions about this policy: privacy@mixlift.io
Note
This policy is in effect as of the date above. A registered legal entity name, address, and governing jurisdiction will be added after corporate formation is finalized. Until then, all rights and responsibilities apply to MixLift as a going concern operated by its principal.