Mixwell
Back to Home

Privacy Policy

Last Updated: January 12, 2026

1. Introduction

Mixwell ("we", "our", "us") provides an AI-powered recipe generation service. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

By using Mixwell, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.

2. Information We Collect

2.1 Account Information

We collect your email address and password for account creation and authentication. You may optionally provide your name for personalization. Your language preference is saved to display the interface in your preferred language (English or Russian).

2.2 User Content

We store the recipes you create, including ingredients, cooking instructions, and dietary preferences you provide. We also store AI-generated recipe images and any ingredient photos you upload for automatic recognition.

2.3 Technical Data

We use cookies for authentication and language preference only. We do not use tracking cookies, analytics, or advertising cookies. Your IP address may be temporarily stored in memory for rate limiting and abuse prevention purposes, and is automatically deleted after one hour.

3. How We Use Your Information

We use your information to provide and maintain our recipe generation service, authenticate your account, send essential emails such as verification and password reset messages, enforce usage limits based on your subscription plan, and improve our service. We do not use your data for marketing purposes or third-party advertising.

4. Third-Party Services

OpenAI (United States)

We use OpenAI's API for recipe text generation, recipe image creation, and ingredient recognition from photos. We send only ingredient lists, cooking preferences, and images to OpenAI. We do not send your email, name, user ID, or other personally identifiable information. OpenAI retains API data for 30 days for abuse monitoring and does not use it for AI model training.

Brevo (European Union)

We use Brevo, an EU-based email service provider compliant with GDPR, to send transactional emails including email verification links, password reset links, and welcome messages. We do not send marketing emails.

We do not use payment processors, analytics tools, error tracking services, or content delivery networks. All recipe images are stored on our servers.

5. Data Security

We implement industry-standard security measures to protect your data. All data is transmitted over HTTPS encryption. Passwords are securely hashed using bcrypt. Authentication tokens are protected using cryptographic signing and hashing. We use CSRF protection, rate limiting to prevent brute-force attacks, and parameterized database queries to prevent SQL injection.

Despite these measures, no method of transmission over the internet is completely secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your account data until you delete your account. Authentication tokens are automatically deleted after expiration or logout. Email verification tokens are deleted after 24 hours. Password reset tokens are deleted after 1 hour. Recipes are retained until you delete them or delete your account, at which point they become anonymous.

Automated cleanup scripts run daily to remove expired tokens and session data.

7. Your Privacy Rights

Under GDPR and Russian Federal Law No. 152-FZ on Personal Data, you have the following rights:

Right to Access: You can view your personal data in your profile and recipes pages at any time.

Right to Rectification: You can update your name, email, and password in your account settings.

Right to Erasure: You can delete your account at any time, which will remove all your personal data. Your recipes will become anonymous and remain in the system without any identifying information.

Right to Data Portability: You can request a machine-readable export of your data by contacting us at privacy@mixwell.app.

Right to Withdraw Consent: You can withdraw consent for data processing by deleting your account.

To exercise these rights, contact us at privacy@mixwell.app.

8. International Data Transfers

Your data may be transferred to and processed in different countries. Recipes, ingredients, and images are sent to OpenAI's servers in the United States for AI processing, which is necessary for the service to function. Email addresses are sent to Brevo's servers in the European Union for transactional email delivery.

By using our service, you acknowledge and agree to these international data transfers.

9. Children's Privacy

Mixwell is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it immediately. If you believe we have collected information from a child, please contact us at privacy@mixwell.app.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice on our website. The "Last Updated" date at the top indicates when this policy was last revised. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at privacy@mixwell.app or visit our website at https://mixwell.app.

12. Legal Compliance

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR), Russian Federal Law No. 152-FZ on Personal Data, and the California Consumer Privacy Act (CCPA).

For disputes between language versions of this policy, the English version shall prevail.