Privacy Policy
Last updated: March 10, 2026
1. Introduction
Welcome to Mixplit ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR/RGPD) and applicable French data protection laws.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our audio stem separation service at mixplit.io (the "Service").
2. Data Controller
The data controller responsible for your personal data is:
Thierry Bombard
[DEFERRED: ADDRESS — pending micro-entreprise registration]
France
Email: privacy@mixplit.io
3. Personal Data We Collect
We collect and process the following categories of personal data:
3.1 Account Information
- Email address (required for account creation)
- User identifier (automatically generated)
- Account creation date
3.2 Payment Information
- Transaction records (order ID, amount, currency, date)
- Credit balance
Note: We do not store your credit card details. All payment processing is handled securely by our payment provider, LemonSqueezy.
3.3 Usage Data
- Audio files you upload for processing
- Original filename of uploaded files
- File size and duration
- Processing job history (dates and status)
3.4 Technical Data
- Authentication tokens (for session management)
- Cookie preferences
4. How We Use Your Data
We process your personal data for the following purposes and legal bases:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the stem separation service | Contract performance (Art. 6(1)(b)) |
| Processing payments and managing credits | Contract performance (Art. 6(1)(b)) |
| Account authentication and security | Contract performance (Art. 6(1)(b)) |
| Responding to your inquiries | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance and fraud prevention | Legal obligation (Art. 6(1)(c)) |
5. Third-Party Services
We use the following third-party services to operate Mixplit. Each service may process your data according to their own privacy policies:
Clerk (Authentication)
Handles user authentication, account management, and session security.
Data shared: Email address, authentication tokens
Clerk Privacy PolicyLemonSqueezy (Payments)
Processes payments and handles checkout securely. LemonSqueezy, Inc. is a US-based company acting as a data processor for payment processing and as an independent data controller for its own fraud prevention and regulatory compliance purposes.
Data shared and collected by LemonSqueezy:
- Email address (pre-filled from your account)
- Internal user identifier (for order tracking)
- Name and billing address (entered by you during checkout)
- Payment card details (handled directly by LemonSqueezy, never stored by Mixplit)
- IP address, browser and device information (collected by the LemonSqueezy checkout script)
After a successful payment, LemonSqueezy sends order data back to Mixplit via a webhook. We store the webhook payload (which may include your name, email, and order details) for transaction record-keeping. See Section 6 for retention periods.
Legal basis for this data sharing: contract performance (GDPR Article 6(1)(b)).
LemonSqueezy Privacy PolicySupabase (File Storage)
Temporarily stores your uploaded audio files and generated stems.
Data shared: Audio files (temporarily)
Supabase Privacy PolicyReplicate (AI Processing)
Processes your audio files to separate stems using AI models.
Data shared: Audio files (for processing only)
Replicate Privacy Policy6. Data Retention
We retain your personal data for the following periods:
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Audio files and stems | 24 hours after processing | Contract performance |
| Account data (email, user ID) | Until account deletion + 30 days | Contract performance |
| Transaction financial data (amount, date, order ID) | 10 years from transaction date | Legal obligation (Code General des Impots, Art. L102 B) |
| Webhook payloads (personal data within) | 90 days, then redacted | Legitimate interest (debugging, fraud prevention) |
| Job metadata (processing history) | Until account deletion | Contract performance |
After 90 days, personal data within webhook payloads (name, email, billing address) is redacted. Only financial transaction data required for tax compliance is retained for the full 10-year period.
7. Cookies
We use the following types of cookies:
Strictly Necessary Cookies
These cookies are essential for the Service to function and cannot be disabled. They include authentication cookies set by Clerk to keep you logged in.
Optional Cookies
With your consent, we may load third-party scripts (such as LemonSqueezy for payment processing) that may set their own cookies. You can manage your cookie preferences at any time using the cookie settings link in our footer.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access: You can request a copy of all personal data we hold about you.
- Right to rectification: You can ask us to correct any inaccurate data.
- Right to erasure: You can request that we delete your personal data ("right to be forgotten").
- Right to data portability: You can request your data in a machine-readable format.
- Right to restriction of processing: You can request that we restrict the processing of your personal data under certain conditions (e.g., while we verify accuracy or assess an objection).
- Right to object: You can object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at privacy@mixplit.io. We will respond without undue delay and in any event within one month, as required by GDPR Article 12(3).
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- HTTPS encryption for all data in transit
- Secure authentication via Clerk
- Automatic deletion of audio files after 24 hours
- Cryptographic signature verification for payment webhooks
10. International Data Transfers
Some of our third-party service providers are located outside the European Economic Area (EEA). The following providers involve international data transfers:
- LemonSqueezy (USA) — payment processing. Transfer mechanism: Standard Contractual Clauses (SCCs) as included in LemonSqueezy's Data Processing Agreement (Section 11.1).
- Clerk (USA) — authentication. Transfer mechanism: Standard Contractual Clauses (SCCs).
- Replicate (USA) — AI audio processing. Transfer mechanism: Standard Contractual Clauses (SCCs). Audio files are processed transiently and not retained by Replicate after processing.
- Supabase — file storage. Transfer mechanism: Standard Contractual Clauses (SCCs) where applicable.
We ensure appropriate safeguards are in place for all international transfers in compliance with GDPR Chapter V, primarily through Standard Contractual Clauses (June 2021 version) approved by the European Commission.
11. Children's Privacy
Mixplit is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice on our website or sending you an email. The "Last updated" date at the top of this policy indicates when it was last revised.
13. Complaints
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the French data protection authority:
CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
www.cnil.fr14. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@mixplit.io
- General inquiries: contact@mixplit.io
See also: Terms of Service | Legal Notices | Withdrawal Form