MIXORA.AI PRIVACY POLICY

1. General Overview

1.1. This Privacy Policy (the "Policy") governs the processing of personal data in connection with the Mixora.AI platform, website, related interfaces, and associated services (collectively, the "Service").

1.2. This Policy applies to all users, visitors, customers, and other persons who interact with the Service.

1.3. This Policy should be read together with the Terms of Service, the Public Offer / Service Agreement, the Refund Policy, the Data Processing Agreement (where applicable), the Acceptable Use Policy, and the AI Disclaimer.

1.4. By registering an account, accessing the platform, topping up a balance, submitting prompts, uploading content, or otherwise using the Service, you consent to the collection and processing of personal data as described in this Policy where consent is the applicable legal basis, and you otherwise acknowledge such processing where another lawful basis applies.

2. Data Controller

2.1. The data controller for the purposes of this Policy is: Iurii Nazarov, CNP: 7791004400108, Address: Aleea Lipanesti 1, app. 14, 077160, Bucharest, Romania.

2.2. Contact email addresses: Support: support@mixora.ai, Legal and privacy inquiries: office@mixora.ai.

2.3. The Controller determines the purposes and means of personal data processing in accordance with applicable law, including Regulation (EU) 2016/679 (GDPR), where applicable.

3. Categories of Personal Data We Process

3.1. Account and identification data: email address, username, account credentials, profile information, and any other data you provide when creating or updating an account.

3.2. Service interaction data: prompts, text inputs, uploaded files, images, audio, generation requests, outputs, chat history, support messages, timestamps, and other content submitted through the Service.

3.3. Technical and device data: IP address, device identifiers, browser type, operating system, user agent, language settings, approximate geolocation, referral data, crash reports, diagnostics, and security logs.

3.4. Billing and transaction data: payment status, transaction identifiers, invoices, payment method metadata supplied by payment processors, account top-up records, refund requests, and anti-fraud screening data.

3.5. Communications data: correspondence with customer support, dispute communications, abuse reports, and other communications you send to us.

3.6. We do not intentionally collect special categories of personal data under Article 9 GDPR. You should not upload or submit sensitive personal data unless strictly necessary and legally permitted.

4. Sources of Personal Data

4.1. We collect personal data directly from you when you create an account, contact support, submit prompts, upload content, purchase credits, request a refund, or otherwise use the Service.

4.2. We may collect certain personal data automatically through your interaction with the Service, including device, usage, and log information.

4.3. We may receive limited data from third parties such as payment providers, analytics providers, fraud prevention tools, hosting providers, and authentication or infrastructure partners.

5. Purposes of Processing

5.1. To provide and operate the Service, including routing requests to AI providers, storing generation history, displaying outputs, and maintaining account functionality.

5.2. To manage accounts, billing, credit balances, payments, refunds, dispute handling, and customer support.

5.3. To monitor usage, maintain security, prevent abuse, investigate fraud, enforce contractual terms, and comply with legal obligations.

5.4. To improve the Service, troubleshoot technical issues, analyze platform performance, enhance usability, and develop new features.

5.5. To communicate with you regarding updates, support matters, policy changes, important notices, and transactional or administrative messages.

5.6. To establish, exercise, or defend legal claims and protect the rights, property, and safety of Mixora.AI, its users, and third parties.

6. Legal Bases for Processing

6.1. We process personal data on one or more lawful bases, depending on the context of the processing activity.

6.2. Performance of a contract: where processing is necessary to provide the Service you requested, including account creation, access to paid functionality, generation routing, and related support.

6.3. Consent: where you voluntarily provide consent for specific activities, including certain optional communications or other consent-based processing where required by law.

6.4. Legitimate interests: where processing is necessary for security, fraud prevention, abuse detection, analytics, internal administration, product improvement, and the protection of our legal interests, provided such interests are not overridden by your rights.

6.5. Legal obligation: where we are required to process or retain data under applicable laws, tax rules, accounting obligations, law enforcement requests, or regulatory requirements.

7. AI Processing and Third-Party Providers

7.1. Mixora.AI operates as an aggregator and interface layer that may route requests to third-party AI providers and related infrastructure services.

7.2. Depending on the selected model, feature, or technical architecture, your prompts, uploads, metadata, and related request data may be transmitted to third-party providers for processing.

7.3. Such providers may include, without limitation, OpenAI, OpenRouter, Replicate, ElevenLabs, Google, Anthropic, Meta, Amazon, Microsoft, Cohere, Stability AI, ByteDance, Alibaba, Runway, Pika, Kling AI, VEO-related providers, HeyGen, Hedra, Suno, Udio, hosting providers, cloud infrastructure providers, and similar services.

7.4. Third-party providers process data under their own terms, policies, and technical controls. Mixora.AI does not control all downstream processing activities and cannot guarantee uninterrupted availability or identical data handling practices across all providers.

7.5. You are responsible for ensuring that you have all necessary rights, consents, and legal permissions to submit any personal data, voice, image, likeness, or other content through the Service.

8. International Data Transfers

8.1. Personal data may be transferred to and processed in countries outside the European Economic Area, including the United States and other jurisdictions where our service providers or AI providers operate.

8.2. Where required, we rely on appropriate safeguards for international transfers, which may include standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

8.3. By using the Service, you understand that some transfers may occur to providers located in jurisdictions with data protection rules that differ from those in your country.

9. Data Retention

9.1. We retain personal data only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

9.2. Indicative retention periods may include account data for the duration of the account and a reasonable period thereafter; support communications for up to 6 months or longer if needed for dispute handling; financial and billing records for up to 5 years or longer where legally required; logs and security records for periods reasonably necessary for abuse prevention and technical integrity.

9.3. We may retain certain data for longer where necessary to enforce agreements, resolve disputes, comply with legal obligations, prevent fraud, or defend legal claims.

10. Data Sharing

10.1. We may share personal data with service providers, subprocessors, cloud providers, payment processors, analytics providers, fraud prevention tools, support software providers, and AI providers where necessary to operate the Service.

10.2. We may disclose personal data where required by law, legal process, court order, governmental request, or to protect legal rights and safety.

10.3. We may disclose data in connection with a merger, acquisition, financing, corporate reorganization, sale of assets, or other business transaction, subject to applicable confidentiality and legal requirements.

10.4. We do not sell personal data in the ordinary sense of selling user databases for independent commercial exploitation.

11. Cookies and Similar Technologies

11.1. The Service may use essential cookies and similar technologies necessary for login sessions, security, fraud prevention, settings retention, and core functionality.

11.2. We may also use analytics, performance, or functional technologies to understand usage patterns and improve the Service, subject to applicable legal requirements.

11.3. You may manage certain cookie preferences through your browser or device settings; however, disabling essential technologies may affect Service functionality.

12. Security Measures

12.1. We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, destruction, or alteration.

12.2. Such measures may include access controls, transport encryption (including SSL/TLS where applicable), logging, monitoring, role-based restrictions, infrastructure security practices, and internal review procedures.

12.3. No method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

13. Your Rights

13.1. Subject to applicable law, you may have the right to request access to your personal data, rectification of inaccurate data, erasure, restriction of processing, portability, and objection to certain processing activities.

13.2. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

13.3. You may also have the right to lodge a complaint with a competent data protection authority.

13.4. To exercise privacy-related rights, contact us at office@mixora.ai or support@mixora.ai. We may request information necessary to verify your identity before fulfilling a request.

14. Automated Processing and AI Output

14.1. The Service uses automated systems, including artificial intelligence tools, to process user requests, route prompts, generate content, and provide outputs.

14.2. AI-generated outputs may be inaccurate, incomplete, biased, or unsuitable for a particular purpose. You remain responsible for reviewing and verifying outputs before relying on them.

14.3. This Policy does not create any guarantee that AI-generated outputs are correct, lawful, original, or fit for any specific business, legal, medical, financial, or other use.

15. Children's Data

15.1. The Service is intended only for individuals who are at least 18 years old or otherwise have legal capacity to enter into a binding agreement under applicable law.

15.2. We do not knowingly collect personal data from children. If you believe that a child has provided personal data to us in violation of this Policy, please contact us so we can take appropriate action.

16. Policy Updates

16.1. We may amend or update this Policy from time to time to reflect legal, technical, operational, or business changes.

16.2. The updated version becomes effective upon publication on the Service, unless otherwise stated.

16.3. Continued use of the Service after an updated version takes effect constitutes acknowledgment of the revised Policy.

17. Contact Information

• Support inquiries: support@mixora.ai
• Legal and privacy inquiries: office@mixora.ai

18. Final Provisions

18.1. This Policy forms an integral part of the Mixora.AI legal framework and should be read together with the Terms of Service and other applicable legal documents.

18.2. In the event of any inconsistency between language versions, the English-language version shall prevail unless mandatory law requires otherwise.

18.3. By using the Service, you acknowledge this Policy and agree that personal data may be processed as described herein.