Privacy Policy Mixed In Key Privacy Policy (Global)

Mixed In Key, LLC (“Mixed In Key,” “we,” “us,” “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and retain information when you visit MixedInKey.com, use my.mixedinkey, or use our software products (including Mixed In Key 11, Captain Plugins Epic, Pilot Plugins, Wingman and any of our standalone applications or plugins for Mac and Windows) (collectively, the “Services”).

1) Scope

This Policy applies to information collected through:

• MixedInKey.com (including landing pages and checkout flows)
• my.mixedinkey (account and license management)
• Our desktop software/plugins (including optional telemetry and online/API features)

Third-party services (e.g., payment checkout hosted by our Merchant of Record) may have their own privacy policies.

2) Information We Collect

A) Purchases and Licensing

When you purchase a product, we (and/or our Merchant of Record) process:

• Contact info (e.g., email address)
• Purchase and license details (e.g., product purchased, transaction status, license/authorization codes, refund status)
• Tax-related information where required (e.g., VAT/GST or billing country/region)

Payments: We use Paddle.com as our Merchant of Record, which processes payment information. We do not receive or store your full payment card details.

B) Account Information (my.mixedinkey)

If you create an account, we collect:

• Account identifiers (e.g., email)
• Account settings and license/key history associated with your account

C) Software Telemetry (Optional)

Our software may collect limited information to help us maintain, secure, and improve the Services, such as:

• App/plugin version, OS version, device and performance signals
• Feature usage (high-level events)
• Diagnostic and crash/error logs
• Security signals (e.g., IP address, timestamps, fraud/abuse indicators)

Opt-out: Where available, you can disable telemetry in product settings.

D) Audio / API Processing Data

Some features may require an internet connection and may process audio via our servers to provide functionality (for example, analysis used for key/chord-related features). Depending on the feature, processing may involve:

• Limited audio content submitted for analysis and/or
• Derived data (e.g., analysis outputs or metadata produced by the feature)

No model training on customer audio: We do not use customer audio data to train machine-learning models.

E) Website Data (Cookies and Similar Technologies)

We and our partners use cookies/pixels/tags to operate, measure, and promote the Services, including:

• GA4, Google Tag Manager (GTM), Matomo (analytics)
• Meta Pixel, Google Ads, TikTok (advertising measurement and targeted advertising)

We manage cookie preferences via CookieYes.

3) How We Use Information

We use information to:

• Provide licenses, accounts, downloads, and updates
• Provide customer support and respond to requests
• Process transactions, refunds, taxes, and fraud checks (via Paddle and other providers)
• Maintain security, prevent abuse, enforce our terms, and reduce piracy
• Improve product performance and reliability (including optional telemetry)
• Send marketing communications (email) where permitted or with consent (via ActiveCampaign)
• Measure marketing performance and run targeted advertising (where enabled)

4) Legal Bases (GDPR/UK GDPR Where Applicable)

Where GDPR/UK GDPR applies, we process personal data under these bases:

• Contract: to provide the Services you request or purchase
• Legitimate interests: to secure our Services, prevent fraud/piracy, improve reliability, and understand product performance (balanced against your rights)
• Consent: for marketing emails where required and for non-essential cookies/targeted advertising where required by local law
• Legal obligation: to comply with tax, accounting, and other legal requirements

5) How We Disclose Information

A) We do not sell personal information for money

We do not sell your personal information for monetary consideration.

B) We may “share” information for targeted advertising

We use advertising and measurement technologies (e.g., Meta Pixel, Google Ads, TikTok) that may involve sharing certain identifiers (like cookie IDs and device/usage signals) for targeted advertising and measurement. Some privacy laws define this as “sharing” (even if no money changes hands).

C) Categories of recipients

We disclose information to:

• Merchant of Record / payments & tax: Paddle.com
• Email marketing & automation: ActiveCampaign
• Hosting, storage, and infrastructure: Microsoft Azure and AWP (storage provider)
• Analytics, tag management, and measurement: GA4, GTM, Matomo
• Advertising partners: Meta, Google, TikTok
• Support and operations providers (as needed to provide the Services)
• Legal/security recipients when required (e.g., to comply with law, enforce rights, or protect users and our business)

We require service providers to use information only to provide services to us, consistent with applicable law and contracts.

6) Your Privacy Choices and Rights

A) Cookie choices / “Do Not Sell or Share”

You can manage cookie preferences using our cookie banner and preferences center. Where required, we provide a “Do Not Sell or Share My Info” link or equivalent mechanism for opting out of targeted advertising/sharing.

B) Global Privacy Control (GPC)

If your browser sends a Global Privacy Control (GPC) signal, we recognize it through CookieYes and, where required by law, treat it as a request to opt out of applicable online tracking/sharing for targeted advertising.

C) US State Privacy Rights (where applicable)

Depending on your state of residence (including states such as CA, CO, CT, DE, IN, KY, RI, TX, and others), you may have rights to:

• Access/know the personal information we collected
• Delete personal information (subject to legal exceptions)
• Correct inaccuracies
• Obtain a copy (portability)
• Opt out of targeted advertising and certain disclosures
• Appeal certain decisions we make about your request

Historical access: Where required by law, we will provide access covering at least the prior 12 months, and in some cases longer where required/feasible (including for certain data collected on or after January 1, 2022).

D) GDPR/UK GDPR Rights (where applicable)

You may have rights to access, rectify, erase, restrict, object, and data portability, and to withdraw consent (where processing is based on consent). You may also lodge a complaint with your supervisory authority.

7) How to Exercise Rights (Requests, Verification, Appeals)

To submit a privacy request, email [email protected].

To protect users, we may need to verify your identity (for example, by confirming access to the email associated with your purchase/account). If you use an authorized agent (where permitted), we may require proof of authorization and verification of your identity.

If we deny your request, you can appeal by replying to our response and stating you would like to appeal.

8) Data Retention

We retain information as long as reasonably necessary for the purposes described above, including:

• License and account records: while your account is active and as needed for support, security, and legal compliance
• Purchase records: maintained as needed for accounting/tax/refund obligations (including by Paddle as Merchant of Record)
• Telemetry and logs: generally retained for a limited period (typically up to 90 days) unless needed longer for security investigations, fraud prevention, or legal compliance
• Audio/API processing: processed transiently and not retained as a permanent library; limited operational logs may exist for reliability and security

9) International Data Transfers

We may process and store information in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for international transfers.

10) Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information (e.g., access controls and encryption in transit where applicable). No method of transmission or storage is 100% secure.

11) Children’s Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 where applicable by local law). If you believe a child has provided us information, contact us to request deletion.

12) Changes to This Policy

We may update this Policy from time to time. We will revise the “Last Updated” date when we do, and may provide additional notice for material changes as required by law.

13) Contact Us

For privacy questions or requests, contact: [email protected]

Mixed In Key LLC, 469 NE 51st Street, Miami, FL 33137