MixReflect
← back

[ legal ]

privacy policy.

Last updated: 7/1/2026

This policy describes how MixReflect ("we", "us", "our") collects, uses, stores, and shares information when you use our music feedback service. By creating an account or using MixReflect, you agree to the practices described here.

MixReflect is operated by MixReflect, based in Melbourne, Victoria, Australia. For privacy enquiries, contact us at privacy@mixreflect.com.

1. data we collect

Account information

When you sign up we collect your name, email address, and a hashed password (or OAuth credentials if you sign in via a third-party provider). If you create an artist profile we also store your artist name, genre preferences, and optional bio.

Track submissions

When you submit a track we store the track title, artist note, genre tags, source URL or link (e.g. SoundCloud, Spotify, YouTube), and any uploaded audio file. If you upload an MP3 or WAV file directly, the file is stored in cloud object storage (Amazon S3 or Cloudflare R2). We also store artwork images, either uploaded by you or fetched automatically from the linked platform via oEmbed.

AI analysis

When you submit a track for a score report, the track's audio and metadata are processed by automated analysis systems, including third-party AI services, to generate your score, verdict, and written read. The resulting report is stored with your account. We may also derive an audio fingerprint of the track so that re-uploads of the same track can be recognised.

Public vs. private tracks

Tracks and reports are private to you and the listeners assigned to your track unless a track is marked public. Public tracks may appear in discovery sections of the site, visible to all visitors — including your track title, artist name, artwork, genre tags, and an embedded player or link to the audio source. You can change a track's visibility at any time.

Reactions and feedback

We store the full content of every listener reaction and review, including structured ratings, free-text feedback, timestamp annotations, and technical issue flags.

Listening behavior data

While a listener plays a track, we passively capture behavioural signals from the audio player to improve feedback quality. This includes play, pause, and seek events; volume changes; replay and skip zones; tab focus/blur events; and the overall engagement curve. This data is used to compute metrics such as completion rate, attention score, and behavioural-explicit alignment (how well the listener's listening patterns match their written feedback). Listening behaviour data is associated with the reaction, not the listener's broader account, and is presented to artists only in aggregate across all listeners for a given track.

Payment and payout information

We store transaction metadata (product purchased, amount, currency, Stripe session and payment IDs) to track order status. For listener payouts we store payout details, accrued balances, and payout history. We do not store full credit card numbers or bank account details — those are held by Stripe.

Subscription data

If you subscribe to the Unlimited plan (or hold a legacy MixReflect Pro subscription) we store your Stripe customer ID, subscription ID, and subscription status to manage your plan and billing.

Usage and analytics

We use PostHog for product analytics and may optionally use Microsoft Clarity for session replays. These tools collect anonymised interaction data such as page views, clicks, scroll depth, and device information. We also use TikTok Pixel and Reddit Pixel to measure the performance of our advertising campaigns. These tools are only activated with your consent — see section 5 below. Public play counts on tracks are also recorded.

Support tickets

If you contact support, we store the subject, message body, and any follow-up messages to resolve your request.

Cookies and session data

We use cookies to authenticate your session (via NextAuth) and to remember your preferences. Authentication cookies are essential for the service to function. Analytics and advertising tools may set their own cookies only after you give consent — see section 5 below.

2. how we use your data

  • Authenticate you and manage your account and profiles.
  • Generate AI score reports — your track's audio and metadata are processed by automated analysis, including third-party AI services, to produce your score, verdict, and written read.
  • Assign tracks to members of the paid listening panel and manage the claim pool.
  • Process payments for report unlocks and subscriptions, and listener payouts, via Stripe.
  • Display public tracks, artwork, and artist names in discovery sections of the site.
  • Compute feedback quality scores (text specificity, actionability, technical depth) to surface higher-quality reactions.
  • Analyse listening behaviour to provide artists with aggregate engagement insights (replay hotspots, drop-off points, attention curves).
  • Generate automated feedback synthesis that combines multiple reactions into actionable summaries.
  • Send transactional emails (report-ready notifications, payment receipts, account verification) via Resend.
  • Send optional announcement or marketing emails (you can unsubscribe at any time).
  • Detect and prevent abuse, fraud, and low-quality reactions.
  • Improve product quality through analytics and aggregated usage patterns.
  • Manage subscription entitlements, and legacy Classic mechanics (credits and slot limits) during the wind-down.
  • Measure the effectiveness of advertising campaigns on TikTok and Reddit (only with your consent).

3. what we share publicly

If you mark a track as public, the following information may be visible to any visitor on MixReflect in discovery sections of the site:

  • Track title and artwork image
  • Artist name (from your artist profile)
  • Genre tags
  • An embedded audio player or link to the external source (SoundCloud, Spotify, YouTube, etc.)
  • Public play count

Score reports, reactions, and detailed feedback are never shown publicly unless you choose to share your report link. Listening behaviour data is only shown to the track owner in aggregate form.

4. third-party services

We share data with the following third parties only as needed to operate the service:

  • Anthropic — AI analysis. Your track's audio characteristics and metadata are processed to generate your score report's written read.
  • Stripe — payment processing for report unlocks, subscriptions, and payouts. Stripe receives your email, payment details, and payout account information.
  • Resend — transactional and announcement emails. Resend receives your email address and name.
  • Amazon S3 / Cloudflare R2 — cloud storage for uploaded audio files and artwork. Files are stored securely and served via signed or public URLs.
  • Vercel — hosting and deployment. Vercel processes web requests and may log IP addresses and request metadata.
  • Neon — managed PostgreSQL database hosting. All account, track, report, reaction, and behavioural data is stored in Neon's infrastructure.
  • PostHog — product analytics. PostHog receives anonymised event data about how you interact with the product. Activated only with your consent.
  • Microsoft Clarity (optional) — session replay and heatmaps. If enabled, Clarity captures anonymised interaction recordings. Activated only with your consent.
  • TikTok Pixel — advertising measurement. If you consent to analytics cookies, the TikTok Pixel fires on page load and sends anonymised event data (page views, conversions) to TikTok to measure the performance of our ads. TikTok may use this data in accordance with their own privacy policy. No personal data you enter on MixReflect is sent to TikTok.
  • Reddit Pixel — advertising measurement. If you consent to analytics cookies, the Reddit Pixel fires on page load and sends anonymised event data (page views, conversions) to Reddit to measure the performance of our ads. Reddit may use this data in accordance with their own privacy policy. No personal data you enter on MixReflect is sent to Reddit.

We do not sell your personal data to any third party.

5. cookies and consent

We use the following types of cookies:

  • Essential cookies — authentication session tokens (NextAuth). Required for the service to function. Set immediately on login and cannot be disabled without logging out.
  • Analytics cookies — set by PostHog and optionally Microsoft Clarity to understand product usage. These are only set after you accept cookies via the consent banner.
  • Advertising cookies — set by TikTok Pixel and Reddit Pixel to measure advertising campaign performance. These are only set after you accept cookies via the consent banner. If you decline, these scripts are never loaded.

When you first visit MixReflect, a banner will ask for your consent to set non-essential cookies. You can decline and the service will still work fully — only the authentication cookie will be set. You can change your preference at any time by clearing your browser's local storage for mixreflect.com.

6. lawful basis for processing

Where the General Data Protection Regulation (GDPR) applies (including for users in the European Economic Area and United Kingdom), we process your personal data on the following legal bases:

  • Performance of a contract — account data, track submissions, AI analysis, reaction data, payment and subscription data, and transactional emails are processed to fulfil our agreement with you when you use MixReflect.
  • Legal obligation — payment records and related data may be retained to comply with financial and tax regulations.
  • Legitimate interests — listening behaviour analytics (presented only in aggregate to track owners), fraud detection, abuse prevention, and product improvement through anonymised usage data. We have assessed that these interests are not overridden by your data protection rights.
  • Consent — advertising pixels (TikTok, Reddit), session replay (Microsoft Clarity), product analytics (PostHog), and marketing emails. You can withdraw consent at any time — for cookies by clearing your consent preference in browser local storage, and for marketing emails by unsubscribing via the link in any email.

MixReflect is also subject to the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). Users in Australia have the right to access, correct, and complain about the handling of their personal information.

7. data retention

We retain your account data, track submissions, reports, reactions, and listening behaviour data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal, financial, or fraud-prevention purposes (e.g. payment records required by tax law). Uploaded audio files and artwork are deleted when the associated track is removed. Anonymised and aggregated analytics data may be retained indefinitely.

8. data security

We use industry-standard measures to protect your data, including HTTPS encryption in transit, hashed passwords, secure session tokens, and access-controlled cloud storage with signed URLs for audio uploads. However, no system is perfectly secure and we cannot guarantee absolute security.

9. your rights

  • Access — you can request a copy of the personal data we hold about you.
  • Correction — you can update your account information, artist profile, and track details at any time.
  • Deletion — you can request deletion of your account and associated data. Some data may be retained as described in section 7.
  • Visibility control — you can change any track between public and private at any time, immediately removing it from or adding it to discovery sections.
  • Opt out of marketing — you can unsubscribe from announcement emails at any time. Transactional emails (e.g. report-ready notifications, payment receipts) cannot be opted out of while your account is active.
  • Data portability — you can request an export of your reports and track data in a machine-readable format.
  • Withdraw consent — where we process data based on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Object to processing — you can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds.

To exercise any of these rights, contact us using the details in the Contact section below. If you are in the EEA or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. If you are in Australia, you may contact the Office of the Australian Information Commissioner (OAIC).

10. children

MixReflect is not intended for use by anyone under the age of 13. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 13, we will delete it promptly.

11. governing law

This Privacy Policy is governed by the laws of Victoria, Australia. Any disputes relating to this policy that cannot be resolved informally will be subject to the exclusive jurisdiction of the courts of Victoria, Australia.

Where you access MixReflect from the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR also applies to the processing of your personal data, in addition to Australian law.

12. changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the site. Your continued use of MixReflect after any changes constitutes acceptance of the updated policy.

contact

For privacy questions or to exercise your data rights, contact us at privacy@mixreflect.com.

MixReflect
termscontact
© 2026