[ legal ]
Last updated: 7/1/2026
This policy describes how MixReflect ("we", "us", "our") collects, uses, stores, and shares information when you use our music feedback service. By creating an account or using MixReflect, you agree to the practices described here.
MixReflect is operated by MixReflect, based in Melbourne, Victoria, Australia. For privacy enquiries, contact us at privacy@mixreflect.com.
When you sign up we collect your name, email address, and a hashed password (or OAuth credentials if you sign in via a third-party provider). If you create an artist profile we also store your artist name, genre preferences, and optional bio.
When you submit a track we store the track title, artist note, genre tags, source URL or link (e.g. SoundCloud, Spotify, YouTube), and any uploaded audio file. If you upload an MP3 or WAV file directly, the file is stored in cloud object storage (Amazon S3 or Cloudflare R2). We also store artwork images, either uploaded by you or fetched automatically from the linked platform via oEmbed.
When you submit a track for a score report, the track's audio and metadata are processed by automated analysis systems, including third-party AI services, to generate your score, verdict, and written read. The resulting report is stored with your account. We may also derive an audio fingerprint of the track so that re-uploads of the same track can be recognised.
Tracks and reports are private to you and the listeners assigned to your track unless a track is marked public. Public tracks may appear in discovery sections of the site, visible to all visitors — including your track title, artist name, artwork, genre tags, and an embedded player or link to the audio source. You can change a track's visibility at any time.
We store the full content of every listener reaction and review, including structured ratings, free-text feedback, timestamp annotations, and technical issue flags.
While a listener plays a track, we passively capture behavioural signals from the audio player to improve feedback quality. This includes play, pause, and seek events; volume changes; replay and skip zones; tab focus/blur events; and the overall engagement curve. This data is used to compute metrics such as completion rate, attention score, and behavioural-explicit alignment (how well the listener's listening patterns match their written feedback). Listening behaviour data is associated with the reaction, not the listener's broader account, and is presented to artists only in aggregate across all listeners for a given track.
We store transaction metadata (product purchased, amount, currency, Stripe session and payment IDs) to track order status. For listener payouts we store payout details, accrued balances, and payout history. We do not store full credit card numbers or bank account details — those are held by Stripe.
If you subscribe to the Unlimited plan (or hold a legacy MixReflect Pro subscription) we store your Stripe customer ID, subscription ID, and subscription status to manage your plan and billing.
We use PostHog for product analytics and may optionally use Microsoft Clarity for session replays. These tools collect anonymised interaction data such as page views, clicks, scroll depth, and device information. We also use TikTok Pixel and Reddit Pixel to measure the performance of our advertising campaigns. These tools are only activated with your consent — see section 5 below. Public play counts on tracks are also recorded.
If you contact support, we store the subject, message body, and any follow-up messages to resolve your request.
We use cookies to authenticate your session (via NextAuth) and to remember your preferences. Authentication cookies are essential for the service to function. Analytics and advertising tools may set their own cookies only after you give consent — see section 5 below.
If you mark a track as public, the following information may be visible to any visitor on MixReflect in discovery sections of the site:
Score reports, reactions, and detailed feedback are never shown publicly unless you choose to share your report link. Listening behaviour data is only shown to the track owner in aggregate form.
We share data with the following third parties only as needed to operate the service:
We do not sell your personal data to any third party.
We use the following types of cookies:
When you first visit MixReflect, a banner will ask for your consent to set non-essential cookies. You can decline and the service will still work fully — only the authentication cookie will be set. You can change your preference at any time by clearing your browser's local storage for mixreflect.com.
Where the General Data Protection Regulation (GDPR) applies (including for users in the European Economic Area and United Kingdom), we process your personal data on the following legal bases:
MixReflect is also subject to the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). Users in Australia have the right to access, correct, and complain about the handling of their personal information.
We retain your account data, track submissions, reports, reactions, and listening behaviour data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal, financial, or fraud-prevention purposes (e.g. payment records required by tax law). Uploaded audio files and artwork are deleted when the associated track is removed. Anonymised and aggregated analytics data may be retained indefinitely.
We use industry-standard measures to protect your data, including HTTPS encryption in transit, hashed passwords, secure session tokens, and access-controlled cloud storage with signed URLs for audio uploads. However, no system is perfectly secure and we cannot guarantee absolute security.
To exercise any of these rights, contact us using the details in the Contact section below. If you are in the EEA or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. If you are in Australia, you may contact the Office of the Australian Information Commissioner (OAIC).
MixReflect is not intended for use by anyone under the age of 13. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 13, we will delete it promptly.
This Privacy Policy is governed by the laws of Victoria, Australia. Any disputes relating to this policy that cannot be resolved informally will be subject to the exclusive jurisdiction of the courts of Victoria, Australia.
Where you access MixReflect from the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR also applies to the processing of your personal data, in addition to Australian law.
We may update this policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the site. Your continued use of MixReflect after any changes constitutes acceptance of the updated policy.
For privacy questions or to exercise your data rights, contact us at privacy@mixreflect.com.