Security

Last updated: April 2026

This page describes how AiMixUp protects your data today and what we are actively improving. We've chosen to publish the current, honest state rather than the ideal future state. If anything here is unclear or you need a security questionnaire answered for your organisation, write to support@aimixup.com.

In transit

All connections between your devices and AiMixUp are encrypted using HTTPS with TLS 1.2 or 1.3 and modern cipher suites. HTTP requests are redirected to HTTPS. Passwords are never stored in plain text. We use bcrypt with 12 hashing rounds.

AI provider privacy

When you send a prompt, AiMixUp forwards it over an authenticated HTTPS connection to the AI provider you have selected. The provider generates the answer and returns it to us. AiMixUp does not use your prompts or answers to train any models.

Provider-by-provider status:

  • OpenAI (GPT, DALL·E). Paid production API tier. OpenAI does not train its models on data sent through this API.
  • Anthropic (Claude). Paid production API tier. Anthropic does not train its models on data sent through this API.
  • xAI (Grok). Paid production API tier. xAI does not train its models on data sent through this API.
  • Google (Gemini). Paid Gemini API tier, billed through our Google Cloud project. Per Google's API terms, prompts sent through the paid tier are not used to train Google's models.

We do not use any free or developer-tier endpoints from these providers, because free tiers typically allow the provider to use prompts for service improvement. Every provider call from AiMixUp goes through the paid, production tier.

Embeddings used for our knowledge-base and Smart Folders feature are generated by OpenAI's embeddings API (no training) and stored locally in our infrastructure. Files you upload (PDF, DOCX, XLSX) are converted to text inside our infrastructure before any LLM call. They are not sent to any third-party file-processing service.

At rest

Your chat messages, AI replies, and API tokens are encrypted at rest in our database using AES-256-GCM. The encryption key is managed by the AiMixUp application and is not stored alongside the data, so a database compromise alone does not expose message content. Sessions are also encrypted at rest. Your data is stored in our managed databases inside our cloud infrastructure with restricted network access.

Database backups are encrypted at the source with AES-256-CBC (PBKDF2 key derivation, 100,000 iterations) before they leave the database server, using a key managed by AiMixUp and held separately from the cloud storage that holds the backup files. This means a compromise of our backup storage alone does not expose backup content; the encryption key would also need to be obtained.

Access and admin controls

Each user's chats, files, smart folders, and assistants are isolated to that user's account. Other users of AiMixUp cannot see your data.

Authorised AiMixUp staff can access an account's data through internal tools when assisting you with a support request, investigating abuse, or complying with a lawful request from a competent authority. We are expanding our internal audit logging so that every such access is recorded with the staff member, the timestamp, and the affected account; some of those audit records exist today, and we are completing coverage in the same release as the encryption-at-rest work.

We never sell your data and we do not share it with third parties for advertising or for training their AI models.

Account and data rights

Account deletion. To delete your account and the data associated with it (chats, files, smart folders, transactions), email support@aimixup.com. We will confirm and execute the deletion. A self-service deletion option is in development and will appear in your account settings.

Data export. You can already export individual chats from inside the product. To request a full export of all data we hold about you (GDPR Article 15 and Article 20), email support@aimixup.com. A self-service export endpoint is also being added.

Other rights. See our Privacy Policy for the full set of data subject rights and how to exercise them.

Reporting a security issue

If you believe you have found a security vulnerability in AiMixUp, please report it to support@aimixup.com. Please do not publish details before we have had a reasonable opportunity to fix the issue. We'll acknowledge your report and keep you informed about remediation.

Roadmap

Public roadmap items currently being worked on, in order of priority:

  • Self-service account deletion and full data export from inside the product.
  • Two-factor authentication for user and admin accounts.
  • Public security and Trust Centre with current sub-processor list and audit posture.

We'll update this page as each item ships.

Questions? Write to support@aimixup.com. We answer security questionnaires from prospective business customers. Just reach out and we'll connect you with the right person.