Privacy Policy | AiMixUp
Last updated: April 29, 2026
AiMixUp is operated by a company incorporated in Portugal. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.
1. Information We Collect
- Account Information: name, email address, password.
- Payment Information: processed securely by Paddle.com (web) and RevenueCat (Android/iOS). We do not store full payment card details.
- AI Usage Data: prompts, conversations, uploaded files, generated outputs, and credit consumption.
- Usage & Technical Data: IP address, device type, browser/app usage analytics.
2. Legal Basis for Processing (GDPR)
We process your personal data based on:- Contract – to provide the service and manage your subscription/credits.
- Legitimate Interest – to improve our platform, prevent fraud, and ensure security.
- Consent – for optional marketing communications (you can withdraw consent at any time).
3. How We Use Your Information
- Provide, maintain, and improve the AiMixUp service (multi-agent conversations, image generation, Smart Folders, Kanban, local LLMs, etc.).
- Calculate and manage credit usage.
- Process payments and subscriptions.
- Communicate with you about your account.
4. Data Sharing & Third-Party Services
We do not sell your personal data.To generate AI responses, we send your prompts, conversation history, uploaded files, and necessary context over authenticated HTTPS to the AI model provider you choose for that conversation. The providers we currently integrate are:
- OpenAI – standard production API. OpenAI does not train its models on data sent through this API.
- Anthropic – standard production API. Anthropic does not train its models on data sent through this API.
- xAI – standard production API. xAI does not train its models on data sent through this API.
- Google – Google Gemini paid API tier, billed through our Google Cloud project. Per Google's API terms, prompts sent through the paid tier are not used to train Google's models.
We also use the following service providers:
- Paddle.com (web payments)
- RevenueCat (mobile in-app purchases)
- Amazon Web Services – AWS (S3 storage and hosting in the United States)
All service providers are bound by appropriate data processing agreements.
5. International Data Transfers
As a Portuguese company, we may transfer personal data outside the European Economic Area (EEA), primarily to AWS servers in the United States and to AI model providers via their APIs. We rely on the Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of protection.6. HIPAA Disclaimer
AiMixUp is NOT HIPAA compliant. Our service is not designed or intended for the storage, processing, or transmission of Protected Health Information (PHI) as defined under the U.S. Health Insurance Portability and Accountability Act (HIPAA). Do not use AiMixUp to handle any PHI or other regulated health data. We do not sign Business Associate Agreements (BAAs) at this time.7. Your GDPR Rights
You have the right to:- Access, rectify, or erase your data
- Restrict or object to processing
- Data portability
- Withdraw consent
- Not be subject to automated decision-making (where applicable)
8. Data Retention
We keep your data only as long as necessary:- Account data: duration of account + up to 2 years after deletion (legal/fraud prevention)
- Conversations: until you delete them in the product, or your account is deleted. Today, full account deletion is handled by support — email support@aimixup.com and we will delete your account and the data associated with it. Self-service account deletion is in development.
- Payment records: up to 7 years for accounting/tax purposes