Privacy Policy
Last Updated: May 19, 2026
1. Introduction
Mixiebar ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our cocktail and mixology mobile application, currently branded as Mixiebar, although the branding or store listing name may be updated from time to time (the "App").
Data Controller: Andrei Kovalev (Individual Developer, Cyprus)
Contact: support@mixiebar.com
Regulatory Compliance: We aim to comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant regulations.
Your use of the App is governed by our Terms of Use. This Privacy Policy should be read together with the Terms of Use.
2. Data We Collect
We collect only the data reasonably necessary to operate, secure, improve, and communicate about the App.
| Data Type | Purpose | Third-Party Processors |
|---|---|---|
| Installation IdentifierAnonymous UUID generated on first app launch. Not directly linked to your real-world identity. | Manage AI request limits · Prevent abuse and fraud · Link requests to your installation · Support introductory or promotional AI credit logic at the installation level, where applicable | Supabase (USA) |
| Device & Technical DataDevice model, OS version, app version, language, timezone, device identifiers such as IDFV on iOS or Android ID. | Identify unique devices for analytics and fraud prevention · Debug crashes · Improve compatibility and performance · Support subscriptions · Determine eligibility for one-time introductory, promotional, or welcome AI credits · Prevent repeated claims through reinstall, local data deletion, or similar reset attempts | PostHog (EU), Sentry (EU), RevenueCat (USA), Supabase (EU) |
| Contact InformationEmail address and related communication preferences, if you choose to provide them. | Account access or recovery · Respond to support requests · Send service & promotional communications | Communications providers, Supabase |
| Push Notification DataDevice push token, notification preferences, and limited delivery data. | Send service notices · Product updates and promotional notifications · Measure message delivery | Platform notification services |
| Mixie (AI) ContentYour questions/prompts, AI responses, and recent conversation context. | Process AI requests · Provide cocktail recommendations · Maintain conversation flow Note: We do not generally store full chat content on our servers. | Google Gemini API (Varies) or other current AI provider |
| AI Quality Review DataSelected prompts and the corresponding AI responses associated with failed, empty, blocked, invalid, or clearly low-quality AI responses, including cases where you explicitly submit negative feedback on an AI reply, together with issue labels, limited helpfulness feedback signals, timestamps, app version, and provider name. | Debug failed or low-quality AI responses · Investigate relevance issues · Improve answer quality and user experience · Measure aggregated helpfulness trends | Supabase (USA) |
| Usage & AnalyticsOnboarding progress, feature usage, aggregated or de-identified AI interaction signals, aggregated feedback trends, session duration, and other in-app usage signals. | Understand user behavior · Improve features and UX · Measure engagement · Identify common request patterns that may be surfaced as shortcuts or buttons | PostHog (EU), RevenueCat (USA) |
| Crash Logs & DiagnosticsError reports, stack traces, device state, and diagnostic information. | Diagnose issues · Improve stability · Fix bugs | Sentry (USA) |
| Purchase HistorySubscription status, transaction identifiers, dates, plan/tier. | Fulfill subscriptions · Verify Premium access · Process refunds · Tax compliance | RevenueCat (USA), Apple / Google Stores |
| AI Request MetadataInstallation ID, timestamps, request counts, success/failure status. | Enforce request limits · Prevent abuse · Support debugging | Supabase (USA) |
Important Notes:
- Email / Phone: We do not currently require a phone number. We may collect your email address if you choose to create an account, contact support, or subscribe to updates.
- Marketing Communications: Where permitted, we may send newsletters, product updates, and promotional communications. You can opt out using the unsubscribe link or device settings.
- Location: We do not collect precise GPS location. Approximate location may be inferred by service providers from network information.
- Advertising IDs: We do not collect Apple's IDFA or Google's GAID for cross-app advertising or tracking.
- One-Time Introductory Credits: We may use installation identifiers and device identifiers to determine eligibility for one-time introductory, promotional, or welcome AI credits and to prevent repeated claims through reinstalling the App, deleting local data, or similar reset attempts.
- Session Recording: Session recording / replay is currently disabled.
- User Content Stays Local: Recipes, photos, and notes you create are generally stored locally on your device only.
- Mixie AI History Stays Local (Generally): Your full Mixie AI request history is generally stored locally on your device.
- AI Feedback: If you explicitly mark an AI answer as unhelpful, we may temporarily process the related prompt and the full content of the AI response for debugging and quality improvement. Positive feedback may be recorded in aggregated or minimal form to measure feature usefulness.
- AI Usage Trends: We may analyze aggregated or de-identified AI usage patterns and feedback trends to improve prompts, flows, and suggested actions in the App, including highlighting common request types as shortcuts or buttons.
- Analytics: We use privacy-minded analytics to understand how the App is used.
2.1. Legal Bases (EEA/UK GDPR)
Where applicable, we process personal data under the following legal bases (Art. 6 GDPR):
- Contract (Art. 6(1)(b)): To provide the App's core functionality and Premium features.
- Legitimate Interests (Art. 6(1)(f)): To secure the App, prevent abuse and fraud, maintain and debug the service, improve product performance and AI response quality, investigate relevance issues, analyze aggregated or de-identified usage patterns to improve UX, and enforce eligibility rules for one-time introductory, promotional, or welcome AI credits.
- Legal Obligation (Art. 6(1)(c)): To comply with tax, accounting, consumer protection, and other legal obligations.
- Consent (Art. 6(1)(a)): For optional analytics, marketing emails, promotional push notifications where required by law.
3. AI Features & Third-Party Processing
3.1. AI Service Provider
We currently use Google Gemini API to power AI features. We may switch providers over time. The current provider is indicated in the App settings and on our website.
3.2. What is Sent to AI Providers
When you use AI features, the following may be sent to the AI provider:
- Your current question or prompt
- Recent conversation context, limited to what is reasonably needed
- System instructions used to generate cocktail-related responses
What is generally NOT sent by us: Installation ID, device identifiers, saved recipes, photos, notes, subscription status, or data from other apps.
3.3. How AI Providers Process Your Data
Google Gemini API: Google may retain prompts, contextual information, and outputs for up to 55 days for abuse monitoring. Google states that such data is used for policy enforcement and not to train AI/ML models.
Other Providers: If we switch providers, their terms and privacy policies will apply.
3.4. What We Store
We do not generally store your full Mixie AI history on our servers. We do store AI request metadata such as Installation ID, timestamps, request counts, success/failure status, and related operational data.
In limited cases, we may also temporarily store selected prompts and the full AI responses associated with failed, blocked, empty, invalid, or clearly low-quality AI responses, including cases where you explicitly submit negative feedback on an AI reply, together with limited helpfulness feedback signals and technical metadata such as app version and provider name.
We may also retain limited installation-level or device-level operational records in minimized form to prevent fraud, abuse, circumvention of AI limits, and repeated claims of one-time introductory, promotional, or welcome AI credits.
3.5. AI Quality Review Data
We collect AI Quality Review Data in two cases only:
- (a) Automatically on system failures: When an AI request times out, results in a provider/server error, is blocked by safety filters, or returns an empty or invalid response.
- (b) On explicit user feedback: When you tap the thumbs down icon on an AI response in chat.
When you tap the thumbs up icon, we may record an aggregated or minimal helpfulness signal to measure overall usefulness, without needing to store the full prompt or response content for that action.
We may also analyze aggregated or de-identified AI usage patterns and feedback trends to improve prompts, flows, and suggested actions in the App, including highlighting common request types as shortcuts or buttons.
Our legal basis is legitimate interests (Art. 6(1)(f) GDPR). We retain AI Quality Review Data for up to 30 days.
You may object to this processing by contacting support@mixiebar.com.
3.6. Local Mixie AI History
Your full Mixie AI request history is stored locally on your device. You can delete it at any time via Settings → Privacy → Clear AI request history.
4. Data Sharing & Third-Party Services
We share data only with service providers who help operate the App.
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Supabase | Database / backend services | EU (Ireland) | Standard DPA, SCCs |
| PostHog | Analytics | EU | Standard DPA, SCCs, GDPR mode |
| Sentry | Error monitoring and diagnostics | EU | Standard DPA, SCCs |
| RevenueCat | Subscriptions and entitlements | USA | Standard DPA, SCCs |
| Google Gemini API / AI provider | AI processing | Varies | Provider terms |
| Communications Providers | Email, push notifications, marketing | Varies | Standard DPA, SCCs |
| Apple / Google Stores | Payments, subscriptions, distribution | Varies | Store / platform terms |
Data Transfers: Your data may be processed in the EU, the USA, or other jurisdictions depending on the provider. Where required, we rely on Standard Contractual Clauses (SCCs).
IP Address & Identifiers: We do not intentionally collect or forward IP addresses beyond what is necessary for normal network communications.
Other Disclosures: We may disclose data if required by law, to protect our rights or safety, to investigate fraud, or in connection with a business transfer.
5. Data Retention
We retain data only as long as reasonably necessary:
- Installation ID & operational metadata: While the App is active, or for a limited period after inactivity.
- Device-based anti-abuse / promo eligibility records: For as long as reasonably necessary to prevent fraud, abuse, circumvention of AI limits, or repeated claims of one-time introductory, promotional, trial, or welcome credits, including after app reinstallation or deletion of local data.
- AI Quality Review Data: Up to 30 days, then deleted or anonymized.
- Mixie Content (provider-side): Retained by AI providers according to their own policies.
- Analytics & diagnostics: Typically up to 14 months.
- Contact information: For as long as needed to provide account, support, or communication functionality.
- Push notification data: For as long as notifications remain enabled.
- Purchase history: As required for tax, accounting, and legal compliance.
- Local device data: Until you delete the App or clear it manually.
6. Data Security
We implement reasonable technical and organizational security measures, including encryption in transit, access controls, and use of established third-party service providers. However, no method of storage or transmission is 100% secure.
7. Data Breach Notification
If we become aware of a personal data breach, we will notify the relevant supervisory authority and affected users when required by applicable law.
8. Your Rights
Depending on your location, you may have the following rights:
EU/EEA & UK (GDPR)
- Right of access, rectification, erasure, restriction, and data portability
- Right to object, including objection to processing based on legitimate interests
- Right to withdraw consent where processing is based on consent
- Right to lodge a complaint with a supervisory authority
California (CCPA/CPRA)
- Right to know, delete, and correct certain personal information
- Right to opt out of sale/sharing — we do not sell personal information
- Right to non-discrimination for exercising privacy rights
How to Exercise Rights
- Email: support@mixiebar.com (subject: Data Rights Request)
- In-App: Settings → Privacy → Delete My Data
- Clear Mixie AI: Settings → Privacy → Clear AI request history
- Marketing Emails: Use the unsubscribe link
- Push Notifications: Disable in your device settings or in the App
Important: Deleting your data or reinstalling the App may remove local content and certain installation-linked records, but it may not reset eligibility for one-time introductory, promotional, trial, or welcome AI credits where limited anti-abuse or promo-eligibility records are retained to prevent fraud or repeated claims.
We will respond within the time required by applicable law.
9. Tracking & Advertising
- We do not track you across third-party apps or websites for targeted advertising.
- We do not collect IDFA or GAID for cross-app advertising purposes.
- We may send our own promotional communications where permitted.
- We do not sell your personal data.
10. Children's Privacy
The App is intended only for users who are at least 18 years old or the legal drinking age in their jurisdiction. We do not knowingly collect personal data from children. If you believe someone under the required age has provided personal data, contact support@mixiebar.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes may be notified in the App, by email, or by push notification. Your continued use of the App after the effective date constitutes acceptance to the extent permitted by law.
12. International Users
This App is operated from Cyprus and is designed with EU privacy principles in mind. Depending on your location, additional local laws may apply.
13. Contact & Complaints
Privacy Inquiries: support@mixiebar.com
Supervisory Authorities: If you are in the EU/EEA or UK, you may lodge a complaint with your local data protection authority.
Consumer ADR (EU/EEA): You may have access to certified alternative dispute resolution bodies. We encourage you to contact us first at support@mixiebar.com.