What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This policy engages GDPR (EU) and UK GDPR, the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), and the EU-U.S. Data Privacy Framework and UK Extension thereof. Enforcement authorities include the relevant EU supervisory authorities (Mixpanel's lead supervisory authority is identified as the Irish Data Protection Commission), the UK Information Commissioner's Office, and the California Privacy Protection Agency and California Attorney Gener…

How does Mixpanel's Mixpanel Privacy Statement affect users?

Mixpanel's policy states that it collects identifiers, device information, IP addresses, behavioral event data, and email addresses from website visitors and customers, and shares this data with advertising, analytics, infrastructure, and professional services vendors. For end users of third-party apps and websites that use Mixpanel's analytics tools, the policy notes that Mixpanel acts as a data processor on behalf of that app or website operator, meaning Mixpanel's direct obligations to those…

How often is Mixpanel's Mixpanel Privacy Statement updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Mixpanel updates this document?

Yes. Watcher subscribers ($9.99/month) can add Mixpanel to their watchlist and receive same-day email alerts whenever this document or any other Mixpanel document changes.

CA-D-000704

Mixpanel Privacy Statement

Mixpanel

Last change detected May 5, 2026 Privacy policy

SHA-256: 7930745bd9b797f4d7f… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Mixpanel ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

6 Medium severity

1 Low severity

Summary

This is Mixpanel's privacy policy, which explains what personal data Mixpanel collects about people who visit its website, use its analytics platform, or whose data is processed through its tools by other companies. Mixpanel collects information such as IP addresses, device identifiers, browsing behavior, event data, and email addresses, and shares this data with third-party vendors including advertising and analytics partners. If you are an end user of an app or website that uses Mixpanel's tracking tools, your data rights are primarily governed by that app or website's privacy policy, not Mixpanel's; however, you can submit a data deletion or opt-out request directly to Mixpanel at privacy@mixpanel.com.

Technical / Legal Breakdown

This document is Mixpanel's Privacy Policy, governing the collection, use, storage, and disclosure of personal data by Mixpanel, Inc. in its capacity as both a data controller (for data collected about visitors to its own website and marketing contacts) and a data processor (for personal data that Mixpanel's business customers send to Mixpanel's analytics platform on behalf of their own end users). The policy states that Mixpanel collects identifiers, device information, IP addresses, usage and behavioral event data, and customer-provided profile data; authorizes use of this data for product analytics, service delivery, marketing communications, and security purposes; and discloses sharing with infrastructure, analytics, advertising, and professional services vendors as well as in corporate transaction contexts. The policy's dual-role structure (controller and processor) is operationally significant: as a processor, Mixpanel's obligations to end users of its customers' applications are governed by those customers' own privacy practices rather than this policy, which may limit end users' direct recourse against Mixpanel. The policy states compliance with GDPR and engages the EU-U.S. Data Privacy Framework, UK GDPR, and the California Consumer Privacy Act (CCPA); it provides data subject rights mechanisms including deletion, correction, portability, and opt-out of sale or sharing of personal information. Material compliance considerations include the adequacy of Mixpanel's processing agreements with its business customers, the lawfulness of cross-border data transfers, and the scope of Mixpanel's data deletion obligations where it acts as a processor on behalf of enterprise clients.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

High — 1 provision

Controller and Processor Dual-Role Structure Compare →

When you use a third-party app that runs Mixpanel's analytics tools, Mixpanel handles your data on behalf of that app's owner, not on its own behalf, which means your data rights must generally be directed to that app rather than to Mixpanel.

Added May 12, 2026 Standard Seen across 189 platforms

Medium — 6 provisions

Third-Party Advertising and Analytics Vendor Sharing Compare →

Mixpanel shares personal data including identifiers and behavioral information with outside companies that provide advertising, analytics, and marketing services on Mixpanel's behalf.

Added May 12, 2026 Standard Seen across 189 platforms
CCPA Opt-Out of Sale or Sharing of Personal Information Compare →

If you are a California resident, you have the right to tell Mixpanel not to share your personal information with third parties for advertising purposes, and you can do this through Mixpanel's opt-out page or by email.

Added May 12, 2026 Standard Seen across 262 platforms
EU-U.S. Data Privacy Framework Certification Compare →

Mixpanel has certified under the EU-U.S. Data Privacy Framework, meaning it has committed to specific data protection standards when transferring personal data from the EU, UK, and Switzerland to the United States.

Added May 12, 2026 Standard Seen across 262 platforms
Data Retention Policy Compare →

Mixpanel keeps your personal data only as long as needed for the purposes described in this policy, after which it is deleted or anonymized; for data processed on behalf of business customers, retention is governed by Mixpanel's agreement with those customers.

Added May 12, 2026 Standard Seen across 223 platforms
Data Subject Rights (Access, Correction, Deletion, Portability) Compare →

Depending on where you live, you may have rights to see, correct, delete, or export your personal data held by Mixpanel, and you can exercise these rights by contacting privacy@mixpanel.com.

Added May 12, 2026 Standard Seen across 223 platforms
Cookies and Tracking Technologies Compare →

Mixpanel uses cookies and similar tracking tools on its website to record how you navigate and use the site, and this data is used for analytics, site administration, and demographic analysis.

Added May 12, 2026 Standard Seen across 251 platforms

Low — 1 provision

Corporate Transaction Data Disclosure

If Mixpanel is acquired, merged with another company, or sells its assets, your personal data may be transferred to the acquiring entity as part of that transaction.

Added May 12, 2026 Rare

Monitoring

Mixpanel has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Controller and Processor Dual-Role Structure and similar clauses.

Compare across platforms →