PRIVACY POLICY

Effective date: [July 16, 2025]
Last updated: [August 19, 2025]

1) WHO WE ARE

Ainara Innovations LLC (d/b/a “Mixora”)
Address:2 Chapman Pl, Irvington NJ, 07111
Email: support@mixora.io
Website: https://mixora.io

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use Mixora’s websites, apps, and services (collectively, the “Service”).

2) WHAT WE COLLECT

We collect information you provide, automatically, and from connected platforms:

A. Information you provide

  • Account & Profile: name, email, password (hashed), photo/avatar, company, role.

  • Content: text, images, videos, captions, scheduled posts, prompts, drafts, comments, approvals.

  • Support: contact details and the contents of messages you send to us.

  • Billing: subscription plan, invoices, and payment status. Card data is processed by our payment processor (e.g., Stripe) and not stored by Mixora.

B. Information collected automatically

  • Usage data: app interactions, feature usage, pages viewed, referral URLs.

  • Device & log data: IP address, browser type, device identifiers, timestamps, crash/error logs.

  • Cookies & similar tech: cookies, local storage, pixels for essential operations, analytics, and (if enabled) marketing. See Cookies below.

C. Information from connected platforms (only with your permission)

If you connect accounts (e.g., Facebook/Instagram, X (Twitter), TikTok, YouTube), we receive platform‑permitted data such as:

  • Basic profile & account identifiers (to show which account is connected).

  • Your own posts/media and public metrics (for content previews and analytics).

  • Messaging threads addressed to your connected accounts (to power the unified inbox).

  • Auth tokens (to publish scheduled content or reply as you).
    We do not access other users’ private data except messages they send to you, and we do not scrape or resell platform data.

3) HOW WE USE INFORMATION

  • Provide the Service: create accounts, authenticate, connect platforms, schedule and publish posts, manage media, and provide a unified inbox.

  • Analytics & improvements: understand feature usage, fix bugs, and improve performance.

  • Recommendations: suggest post times, formats, or content ideas (AI‑assisted features).

  • Compliance: enforce policies (e.g., Meta/X rules, anti‑spam), detect abuse, secure the Service.

  • Communications: transactional emails (account, billing, security). Marketing emails only with consent/opt‑in where required.

  • Legal: comply with law, defend our rights, prevent fraud.

AI disclosures

We may use third‑party AI providers to generate drafts or insights only from your inputs. Unless you opt‑in, we do not use your Customer Content to train foundation models beyond providing the requested feature. ✅

4) LEGAL BASES (EEA/UK only)

  • Contract: to deliver core features you request.

  • Legitimate interests: to secure and improve the Service, prevent abuse, and support customers (balanced against your rights).

  • Consent: for certain cookies/marketing and for optional integrations.

  • Legal obligation: record‑keeping, tax, and compliance.

5) SHARING & DISCLOSURE

We share information with:

  • Service providers / processors: hosting, cloud storage, analytics, email, payments, logging, error tracking, customer support, AI generation. They process data under contracts that restrict their use.

  • Platform partners: Facebook/Instagram (Meta), X, TikTok, YouTube—only as needed to act on your behalf under each platform’s rules.

  • Business transfers: merger, acquisition, or asset sale (we will notify you).

  • Legal: to comply with valid legal process; we resist overbroad requests and disclose the minimum necessary.

We may publish aggregated or de‑identified metrics that cannot reasonably identify you.

6) DATA RETENTION

  • Account data: kept while your account is active.

  • Content & media: kept until you delete it or disconnect the relevant platform; scheduled items are deleted after posting or expiration.

  • Inbox data: retained to power conversation history; you can delete threads; retention can be reduced on request.

  • Logs: typically 30–180 days.

  • After deletion: backups purge within ~30 days. ✅

7) INTERNATIONAL TRANSFERS

Data may be processed in the United States and other countries. Where required, we use appropriate safeguards (e.g., SCCs) for transfers.

8) SECURITY

We use administrative, technical, and physical safeguards (encryption in transit/at rest where applicable, access controls, least‑privilege, monitoring). No method is 100% secure.

9) YOUR PRIVACY CHOICES & RIGHTS

  • Access, correction, deletion, portability, and restriction/objection (EEA/UK): email support@mixora.io.

  • California (CPRA): access/know, delete, correct, limit sensitive data, and opt‑out of “sharing” for cross‑context ads. We do not sell personal information.

  • Marketing opt‑out: unsubscribe links or email us.

  • Cookies: manage in our cookie banner and your browser settings. We honor Global Privacy Control where required.

10) COOKIES & TRACKING

We use:

  • Essential (required for login/security),

  • Functional (preferences),

  • Analytics (usage trends),

  • Marketing (only if enabled).

11) CHILDREN

The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect such data; contact us to delete any inadvertent collection.

12) PLATFORM‑SPECIFIC DISCLOSURES

  • Meta (Facebook/Instagram): we use permissions solely as documented in App Review, including human_agent for manual replies within permitted windows; we do not send unsolicited or automated promotional DMs in restricted windows.

  • X (Twitter): we publish drafts/schedules on your behalf and read public metrics for your own posts; no follower scraping or bulk unsolicited messages.

  • TikTok/YouTube: used only to connect your account, manage permitted content, and show analytics, consistent with their policies.

13) CONTACT & COMPLAINTS

Controller: Ainara Innovations LLC (d/b/a “Mixora”)
Email: support@mixora.io
Postal: 2 Chapman Pl, Irvington NJ, 07111
If you’re in the EEA/UK, you may lodge a complaint with your local supervisory authority.

14) CHANGES TO THIS POLICY

We will update this Policy as needed and post the revised version with a new “Last updated” date; material changes will be notified in‑app or by email.

CALIFORNIA NOTICE AT COLLECTION (CPRA)

We collect the following categories for the purposes described above: identifiers; customer records; commercial information; internet/network activity; geolocation (coarse IP‑based); inferences (feature usage insights); and professional information. Retention is as described in Data Retention. We do not sell or share personal information as defined by CPRA. You can exercise rights via support@mixora.io.