What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This policy engages GDPR (EU) and UK GDPR, the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), and the EU-U.S. Data Privacy Framework and UK Extension thereof. Enforcement authorities include the relevant EU supervisory authorities (Mixpanel's lead supervisory authority is identified as the Irish Data Protection Commission), the UK Information Commissioner's Office, and the California Privacy Protection Agency and California Attorney Gener…

How does Mixpanel's Mixpanel Privacy Statement affect users?

The statement establishes that end users of third-party applications and websites employing Mixpanel's tracking tools operate under data governance structures defined by those applications or websites rather than Mixpanel directly. The statement authorizes Mixpanel to process and share user data including identifiers, device information, behavioral events, and email addresses with third-party vendors. End users and data subjects may submit data deletion, correction, or opt-out requests to Mixpa…

How often is Mixpanel's Mixpanel Privacy Statement updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Mixpanel updates this document?

Yes. Monitor subscribers ($19/month) can add Mixpanel to their watchlist and receive same-day email alerts whenever this document or any other Mixpanel document changes.

CA-D-000704

Mixpanel Privacy Statement

Mixpanel

Last change detected June 2, 2026 Privacy policy

SHA-256: 2bcb11dee9567aec1e9… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Mixpanel ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

6 Medium severity

1 Low severity

Summary

This privacy statement establishes Mixpanel's data collection, processing, and sharing practices for individuals who access Mixpanel's website, use its analytics platform, or whose data is processed through Mixpanel's tools by third-party operators. Mixpanel collects IP addresses, device identifiers, browsing behavior, event data, and email addresses, and discloses this data to third-party vendors including advertising, analytics, infrastructure, and professional services providers. For end users of applications or websites that integrate Mixpanel's analytics tools, the statement designates Mixpanel as a data processor operating under the terms established by the app or website operator, with limited direct obligations to those individuals.

Technical / Legal Breakdown

This document is Mixpanel's Privacy Policy, governing the collection, use, storage, and disclosure of personal data by Mixpanel, Inc. in its capacity as both a data controller (for data collected about visitors to its own website and marketing contacts) and a data processor (for personal data that Mixpanel's business customers send to Mixpanel's analytics platform on behalf of their own end users). The policy states that Mixpanel collects identifiers, device information, IP addresses, usage and behavioral event data, and customer-provided profile data; authorizes use of this data for product analytics, service delivery, marketing communications, and security purposes; and discloses sharing with infrastructure, analytics, advertising, and professional services vendors as well as in corporate transaction contexts. The policy's dual-role structure (controller and processor) is operationally significant: as a processor, Mixpanel's obligations to end users of its customers' applications are governed by those customers' own privacy practices rather than this policy, which may limit end users' direct recourse against Mixpanel. The policy states compliance with GDPR and engages the EU-U.S. Data Privacy Framework, UK GDPR, and the California Consumer Privacy Act (CCPA); it provides data subject rights mechanisms including deletion, correction, portability, and opt-out of sale or sharing of personal information. Material compliance considerations include the adequacy of Mixpanel's processing agreements with its business customers, the lawfulness of cross-border data transfers, and the scope of Mixpanel's data deletion obligations where it acts as a processor on behalf of enterprise clients.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

2 versions captured · Last updated: June 2026

June 2, 2026

low

What changed Mixpanel added a reference to 'Mixpanel AI - Trust, Safety, and Compliance' in the navigation menu of their Privacy Statement on June 2, 2026. This new menu item appears three times throughout the document's navigation structure. The change is a documentation and disclosure addition rather than a substantive revision to existing privacy practices or obligations.

Why this matters The updated Privacy Statement now includes a navigation link to 'Mixpanel AI - Trust, Safety, and Compliance' resources. This is a disclosure and navigation addition rather than a substantive change to privacy practices or data handling. The change makes AI governance documentation more discoverable but does not alter data collection, retention, or processing obligations.

View full change record →

Recent Provision Changes Jun 2, 2026

8 provisions unchanged.

View full change record →

High — 1 provision

Controller and Processor Dual-Role Structure Compare →

When you use a third-party app that runs Mixpanel's analytics tools, Mixpanel handles your data on behalf of that app's owner, not on its own behalf, which means your data rights must generally be directed to that app rather than to Mixpanel.

Added May 12, 2026 Standard Seen across 284 platforms

Medium — 6 provisions

Third-Party Advertising and Analytics Vendor Sharing Compare →

Mixpanel shares personal data including identifiers and behavioral information with outside companies that provide advertising, analytics, and marketing services on Mixpanel's behalf.

Added May 12, 2026 Standard Seen across 252 platforms
CCPA Opt-Out of Sale or Sharing of Personal Information Compare →

If you are a California resident, you have the right to tell Mixpanel not to share your personal information with third parties for advertising purposes, and you can do this through Mixpanel's opt-out page or by email.

Added May 12, 2026 Standard Seen across 284 platforms
EU-U.S. Data Privacy Framework Certification Compare →

Mixpanel has certified under the EU-U.S. Data Privacy Framework, meaning it has committed to specific data protection standards when transferring personal data from the EU, UK, and Switzerland to the United States.

Added May 12, 2026 Standard Seen across 284 platforms
Data Retention Policy Compare →

Mixpanel keeps your personal data only as long as needed for the purposes described in this policy, after which it is deleted or anonymized; for data processed on behalf of business customers, retention is governed by Mixpanel's agreement with those customers.

Added May 12, 2026 Standard Seen across 284 platforms
Data Subject Rights (Access, Correction, Deletion, Portability) Compare →

Depending on where you live, you may have rights to see, correct, delete, or export your personal data held by Mixpanel, and you can exercise these rights by contacting privacy@mixpanel.com.

Added May 12, 2026 Standard Seen across 284 platforms
Cookies and Tracking Technologies Compare →

Mixpanel uses cookies and similar tracking tools on its website to record how you navigate and use the site, and this data is used for analytics, site administration, and demographic analysis.

Added May 12, 2026 Standard Seen across 284 platforms

Low — 1 provision

Corporate Transaction Data Disclosure Compare →

If Mixpanel is acquired, merged with another company, or sells its assets, your personal data may be transferred to the acquiring entity as part of that transaction.

Added May 12, 2026 Standard Seen across 252 platforms

Monitoring

Mixpanel has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Controller and Processor Dual-Role Structure and similar clauses.

Compare across platforms →