Privacy Policy

1. Data Fiduciary / Controller Information

For the purposes of the DPDP Act, MixerLead acts as a Data Fiduciary in respect of personal data processed for account creation, billing, security, service operations, and customer support.

Contact: privacy@mixerlead.in

2. Personal Data We Collect

We may collect the following categories of data:

• Account Data: name, email address, password hash, account identifiers, and profile preferences.
• Connected Platform Data: LinkedIn and Instagram account identifiers, profile metadata, and OAuth authorization information.
• OAuth Token Data: platform access/refresh tokens, stored in encrypted form (AES-GCM) in our systems.
• Content and Media Data: post drafts, scheduled posts, text, media URLs, and metadata associated with uploaded files.
• Billing and Subscription Data: plan type (Free/Pro), billing status, payment references, invoice information, and subscription events.
• Technical and Usage Data: IP address, device/browser details, log events, timestamps, diagnostics, and analytics event data.
• Support Data: communications sent to support, feedback, and issue reports.

3. How We Collect Data

• Directly from you during registration, onboarding, and account use.
• From OAuth providers (LinkedIn/Instagram) when you authorize access.
• Automatically through logs, cookies, and analytics technologies.
• From payment and infrastructure partners for billing and operations.

4. Purposes and Legal Basis for Processing

We process personal data for the following purposes:

• To provide and operate the MixerLead platform and features.
• To authenticate users and maintain account security.
• To connect, refresh, and manage LinkedIn/Instagram integrations.
• To store and deliver user content and media files via AWS S3.
• To perform subscription management, invoicing, and billing support.
• To monitor reliability, detect abuse/fraud, and improve performance.
• To provide support, troubleshooting, and legal compliance.

Under the DPDP Act, processing is performed based on valid consent, legitimate uses as permitted by law, and compliance with legal obligations. For GDPR contexts, processing may rely on consent, performance of a contract, legitimate interests, and legal obligations, as applicable.

5. Cookies and Similar Technologies

We use necessary cookies and related technologies to maintain sessions, secure authentication, and remember key preferences. We may also use analytics technologies to measure product usage and improve user experience. You can control cookies through browser settings, but disabling certain cookies may affect service functionality.

6. Data Storage, Security, and Retention

• OAuth tokens are encrypted at rest using AES-GCM before storage.
• Media files are stored on AWS S3 with access controls and scoped URLs.
• Data is stored using industry-standard administrative, technical, and organizational safeguards.
• We retain personal data only for as long as necessary for service provision, legal compliance, dispute resolution, and security.

Typical retention periods may vary by data category. Upon account closure, we will delete or anonymize personal data within a commercially reasonable period, except where retention is required by law or for legitimate legal purposes.

7. Data Sharing and Recipients

We may share data with:

• Cloud and hosting providers (including AWS) for infrastructure.
• OAuth platform providers (LinkedIn/Instagram) as required for integrations.
• Payment service providers for subscription processing.
• Security, monitoring, and support vendors under confidentiality obligations.
• Government, regulators, or law enforcement when legally required.

We do not sell personal data.

8. Cross-Border Data Transfers

Due to cloud-based infrastructure and third-party services, data may be processed outside India. We apply contractual, organizational, and technical safeguards for such transfers and comply with applicable Indian law and GDPR transfer requirements where relevant.

9. Your Rights (DPDP Act and Other Applicable Law)

You may have the right to:

• Access information about your personal data we process.
• Request correction, completion, or updating of your data.
• Request erasure of your data, subject to legal exceptions.
• Withdraw consent for specific processing activities.
• Raise grievances regarding processing of personal data.
• Nominate another person to exercise rights in specified circumstances.

To exercise these rights, contact us at privacy@mixerlead.in.

10. GDPR Compliance (Where Applicable)

If you are located in the EEA, UK, or Switzerland, you may have rights under GDPR/UK GDPR, including rights of access, rectification, erasure, restriction, objection, and data portability, and the right to lodge a complaint with a supervisory authority. Where required, we implement appropriate transfer safeguards for cross-border processing.

For GDPR-related queries, contact: privacy@mixerlead.in.

11. Children's Data

MixerLead is not intended for children. We do not knowingly collect personal data from minors without lawful authorization. If you believe a child has provided personal data, contact us to request deletion.

12. Grievance Redressal

For grievances related to personal data handling, contact our Grievance Officer at grievance@mixerlead.in. We will acknowledge and process complaints within timelines prescribed by applicable law.

13. Policy Updates

We may update this Privacy Policy from time to time. Material changes will be notified through the platform or email where required. Continued use of the Services after an update constitutes acceptance of the revised Policy.