Businesses using Mixpanel are not allowed to send Mixpanel data about users' health, finances, government IDs, biometrics, or children's information unless Mixpanel specifically approves it in writing.
This analysis describes what Mixpanel's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Many analytics implementations inadvertently capture sensitive data — for example, through form field tracking or URL parameters — and this clause makes the customer solely responsible for preventing such transmissions, creating regulatory exposure under HIPAA, COPPA, and financial privacy laws if violations occur.
The updated terms establish an automatic 7% fee increase mechanism that takes effect upon each subscription renewal. Previously, subscription fees remained fixed for the duration of the subscription …
If a business accidentally sends your health, financial, or children's data to Mixpanel through its analytics tracking, that business — not Mixpanel — bears full legal responsibility for the violation, and Mixpanel's terms explicitly prohibit such transmissions without prior written approval.
How other platforms handle this
You may not access the Services in any way other than through the currently available, published interfaces that we provide. For example, this means that you cannot scrape the Services without X's express written permission, try to work around any technical limitations we impose, or otherwise attemp...
You must not pre-fetch, cache, index, or store any Content, except that you may store: (i) limited amounts of Content for the purpose of improving the performance of your Maps API Implementation, but only for a temporary period as specified in the Maps APIs Documentation; and (ii) any content that G...
You must not sell, license, or purchase User Data obtained from us. You must not transfer User Data obtained from us without our prior written permission except when: transferring to your service provider acting on your behalf and in compliance with this Policy; transferring as part of a merger, acq...
Monitoring
Mixpanel has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Customer will not submit to the Service any Sensitive Personal Information without Mixpanel's express written authorization. Sensitive Personal Information includes health or medical information, financial account information, social security numbers or government-issued identification numbers, biometric data, information relating to children under the age of 13 (or the applicable age of digital consent in the relevant jurisdiction), and other categories of sensitive personal information as defined under applicable law.— Excerpt from Mixpanel's Mixpanel Terms of Use
(1) REGULATORY FRAMEWORK: This provision directly implicates COPPA 16 CFR Part 312 (prohibition on collecting personal information from children under 13 without verifiable parental consent), enforced by the FTC; HIPAA 45 CFR §§164.502 and 164.514 (restrictions on PHI disclosure), enforced by HHS OCR; GLBA 15 U.S.C. §6802 (financial data privacy), enforced by federal financial regulators; GDPR Art. 9 (special categories of personal data requiring explicit consent); and CCPA §1798.121 (sensitive personal information rights). The EU AI Act's provisions on biometric data processing may also apply where biometric identifiers are involved. (2)
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Many analytics implementations inadvertently capture sensitive data — for example, through form field tracking or URL parameters — and this clause makes the customer solely responsible for preventing such transmissions, creating regulatory exposure under HIPAA, COPPA, and financial privacy laws if violations occur.
If a business accidentally sends your health, financial, or children's data to Mixpanel through its analytics tracking, that business — not Mixpanel — bears full legal responsibility for the violation, and Mixpanel's terms explicitly prohibit such transmissions without prior written approval.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mixpanel.