Mixtil
Policy

Privacy Policy

Effective date: March 10, 2026

This privacy policy explains how Mixtil collects, uses, and protects information when you use our desktop application, website, and related services.

Information We Collect

We collect information you provide directly when using our services:

  • Account information: Email address, display name, password hash, role, verification state, and login timestamps for Mixtil cloud accounts.
  • Content data: Blog drafts, posts, product listings, and other content you create or manage within the application. This data is stored locally on your device.
  • Integration credentials: API keys, OAuth tokens, and application passwords for connected services (WordPress, Shopify, Google, Facebook, Printify), stored encrypted on your device.
  • Analytics data: Metrics fetched from Google Analytics 4, Google Search Console, Google Ads, AdSense, Facebook Insights, and Shopify, stored locally for offline access and trend analysis.
  • Usage data: Operational logs, session metadata, and admin audit events generated during API interactions for debugging, service reliability, and abuse prevention.

How We Use Information

  • To provide and maintain the application and its features.
  • To publish content to WordPress and Facebook as you direct.
  • To fetch and display analytics from Google Analytics 4, Search Console, Google Ads, and AdSense.
  • To retrieve and display Shopify store data including orders, products, and revenue.
  • To manage Printify products, orders, and print-on-demand workflows.
  • To process AI-assisted writing requests through third-party AI providers.
  • To process and edit images for product creation and publishing.
  • To create, verify, recover, and administer Mixtil cloud accounts.
  • To revoke sessions, suspend accounts, and protect the service from abuse.
  • To secure our services and prevent abuse.

Third-Party Services

Mixtil integrates with the following third-party services. Data is shared only as necessary to provide the functionality you request:

  • WordPress: Content is published to WordPress sites you connect via the REST API. Data shared includes post content, titles, metadata, and media.
  • Facebook / Meta: If you connect Facebook, we access your Pages, publish posts, and retrieve engagement insights as permitted by your permissions. You may revoke access at any time through Facebook settings.
  • Google (Analytics, Search Console, Ads, AdSense): We use Google OAuth to access your analytics properties and accounts. Data retrieved includes traffic metrics, search performance, campaign data, and revenue. All data is stored locally.
  • Shopify: We access your store data including orders, products, and analytics through the Shopify API using your store credentials.
  • Printify: We access your Printify shops, products, orders, and catalog data. We may upload product images to Printify for product creation.
  • AI providers: When you use AI writing features, text content is sent to the AI provider configured by your API key. We do not store AI request content on our servers beyond the duration of the request.
  • Cloudflare: Our companion API runs on Cloudflare Workers. Temporary images uploaded for Printify workflows are stored in Cloudflare R2 with automatic expiration. Mixtil cloud accounts, session state, and account audit events are stored in Cloudflare D1.
  • Transactional email provider: If enabled, account verification, password reset, and invite links are delivered through our configured email provider. In local development those links may be logged instead of sent.

Data Storage and Security

Mixtil is a local-first application. Your content, credentials, analytics data, and settings are stored on your device in an encrypted SQLite database. Sensitive credentials such as API keys and passwords are encrypted at rest using AES encryption with keys stored in your operating system keychain.

Cookies

Our website does not use advertising or cross-site tracking cookies. We do use essential cookies for login sessions, sign-out, CSRF protection on forms, and other account-security behaviors required to operate the service.

Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will take steps to delete it.

Data Retention and Deletion

Local application data is retained on your device until you delete it. Server-side operational logs, account audit events, and account-recovery metadata are retained for up to 90 days unless a longer period is required for security or legal compliance. You may request deletion of any data we hold by contacting support@mixtil.com.

Changes to This Policy

We may update this policy from time to time. We will notify users of material changes by updating the effective date at the top of this page.

Contact Us

If you have questions about this privacy policy, contact us at support@mixtil.com.