Privacy Policy

Effective date: 1 June 2026 · Last updated: 26 May 2026

The short version: We collect only what we need to run Mixio. We do not sell your data. Your audio is processed entirely on your local device — it is never transmitted to our servers. You have full rights over your data under UK and EU law.

1. Who we are

Spike AI, Inc. ("Spike AI", "we", "us") is the data controller for personal data collected through mixio.music and the Mixio DAW plugin. Mixio is a product of Spike AI, Inc. For privacy enquiries, contact us at info@mixio.music.

2. What data we collect

Account and contact data

  • Name and email address (waitlist sign-up, account creation)
  • Password (stored as a secure hash — we never see your plaintext password)
  • Subscription tier and billing history

Payment data

Payments are processed by Stripe. We do not store credit card numbers. We receive a tokenised payment reference and billing confirmation from Stripe. Stripe's privacy policy governs their processing of your payment data.

Audio files

All audio processing in Mixio takes place entirely on your local device. Your audio sessions, stems, and project files are never transmitted to our servers. We do not have access to your audio content, and we do not use it to train our AI models.

Usage and analytics data

  • Plugin activity (features used, session length, token consumption)
  • Device and DAW information (e.g. OS version, plugin version, host DAW)
  • IP address and approximate location (country/region)
  • Web analytics on mixio.music (page views, referral source, browser type)

Communications

If you contact us by email or through a support form, we retain that correspondence.

3. How we use your data

  • To provide the service — managing your account, delivering outputs, tracking token usage
  • To manage billing — processing payments, handling refunds, sending invoices
  • To communicate with you — product updates, beta launch notifications, support responses, and where you've opted in, marketing emails
  • To improve Mixio — aggregated, anonymised analytics to understand how the plugin is used
  • To meet legal obligations — fraud prevention, tax records, compliance with applicable law

4. Legal basis for processing

For users in the UK and EU (GDPR), we process personal data on the following bases:

  • Contract — processing necessary to provide the service you've signed up for, including account management and billing
  • Legitimate interests — security, fraud prevention, product analytics, and improving our service
  • Consent — marketing emails, which you can withdraw from at any time
  • Legal obligation — where processing is required by law, such as financial records

For California residents, the California Consumer Privacy Act (CCPA) grants additional rights — see Section 8 below. We do not sell personal information as defined under CCPA.

5. Who we share data with

We do not sell your data. We share data only with the following categories of trusted service providers, under appropriate data processing agreements:

  • Stripe — payment processing
  • Email service provider — transactional and marketing emails
  • Analytics providers — aggregated, anonymised usage data

We may also disclose data where required by law, court order, or to protect the rights and safety of Mixio, our users, or the public.

6. Data retention

  • Audio files — all audio is processed locally on your device and is never held by us; no retention period applies
  • Account data — retained while your account is active and for up to 3 years after closure for legal and accounting purposes
  • Marketing emails — retained until you unsubscribe or withdraw consent
  • Analytics data — retained in anonymised, aggregated form

7. International transfers

Spike AI is based in the United States. If you are located in the UK or EEA, your personal data will be transferred to and processed in the United States. Where this occurs, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO — to protect your data in transit and at rest.

8. Your rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten"), subject to legal retention requirements
  • Restrict our processing of your data in certain circumstances
  • Data portability — receive your data in a machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time for consent-based processing such as marketing

To exercise any of these rights, email us at info@mixio.music. We will respond within 30 days. If you are in the UK or EU, you also have the right to lodge a complaint with your local data protection authority — in the UK, that is the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

Our website uses cookies for the following purposes:

  • Essential — required for the site to function, such as session management
  • Analytics — understanding how visitors use the site, such as page views and traffic source. These are anonymised.
  • Marketing — only placed with your explicit consent

You can manage cookie preferences via our cookie banner or your browser settings.

10. Children's data

Mixio is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have done so inadvertently, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or via an in-app notice. Continued use of Mixio after the effective date constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or to exercise your rights:
info@mixio.music
Spike AI, Inc., 2381 Rosecrans Ave, Suite 350, El Segundo, CA 90245

© 2026 Spike AI, Inc. All rights reserved.