Welcome to the new MixThat! beta.mixthat.co will remain live until the end of the year for your convenience.
Mix That

Privacy Policy

Last updated on January 6, 2026

This Privacy Policy explains what personal data we collect through MixThat, how we use it, and your rights.

Privacy Policy

Last Updated: 6 Jan 2026

Introduction

This Privacy Policy describes the type of information that we collect from you (“you/your”) through the use of the MixThat application and related services (“Services”, “MixThat”, “the App”) and how that information may be used or disclosed by us and the safeguards we use to protect it. MixThat is an audio and video mixing application that allows users to create, share, and discover mixed content. We have drafted this Privacy Policy to be as clear and concise as possible. Please read it carefully to understand our policies regarding your information and how we will treat it. By using MixThat or providing content through the App, you agree to the collection, use and disclosure of information in accordance with this Privacy Policy. This Privacy Policy may change from time to time and your continued use of MixThat is deemed to be acceptance of such changes, so please check periodically for updates. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you have any comments on this Privacy Policy, please email them to privacy@firstcoders.co.uk.

2. Who We Are

  • 2.1 Here are our details:
    • Our Website addresses are https://mixthat.co and its subdomains
    • Our company name is First Coders Ltd
    • Our registered address is 50 St. Marys Road, Hemel Hempstead, England, HP2 5HL
    • Our nominated representative is Mark Cremer and he can be contacted at mark@firstcoders.co.uk.
  • 2.2 We respect your right to privacy and will only process personal information about you or provided by you in accordance with the Data Protection Legislation which for the purposes of this Privacy Policy shall mean: (i) the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR), the Data Protection Act 2018, the Data Use and Access Act 2025, and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the UK GDPR, the Data Protection Act 2018, or the Data Use and Access Act 2025 and other applicable privacy laws.

3. What we may collect

  • 3.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
  • 3.2 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
    • Identity Data includes first name, last name, username or similar identifier, display name, and profile information you choose to provide within the App.
    • Contact Data includes email address and any contact information you provide when reaching out to us for support.
    • Financial Data includes payment information necessary to process sponsored accounts or premium features. We do not store any payment details on our servers. All payment processing is handled by third-party payment processors (currently Patreon, and potentially Stripe in the future) who are PCI-DSS compliant and adhere to strict security standards for handling financial information.
    • Content Data includes audio files, video files, mixed content (mixes), playlists, and any other user-generated content you create, upload, or share through MixThat.
    • Usage Data includes information about how you use the App, including playback history, mixes created, content shared, interactions with other users’ content, and app performance data.
    • Technical Data includes device information, IP address, browser type, operating system, app version, device identifiers, time zone settings, server logs, error logs, and diagnostic information. This data is automatically collected when you use MixThat and is necessary to provide and improve the App, ensure security (including preventing unauthorized access and DDoS attacks), troubleshoot technical issues, and maintain platform integrity. Under UK GDPR, we recognize that IP addresses and similar identifiers constitute personal data.
    • Social Data includes your interactions within the App such as follows, likes, shares, and any public comments or interactions with other users’ content.
  • 3.3 Non-User Data: If you invite friends or share content with individuals who do not have MixThat accounts (e.g., via email or external sharing links), we do not store the personal data of these non-users beyond the immediate technical necessity of delivering the invitation or shared content. We do not create “shadow profiles” or retain contact information of non-users for marketing or other purposes.
  • 3.4 We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
  • 3.4 Under UK GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
    • a) You have given consent to the processing of your personal data for one or more specific purposes;
    • b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract; or
    • c) processing is necessary for compliance with a legal obligation to which we are subject; and/or
    • d) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our financial payments.
  • 3.5 If you provide personal information to us about another data subject, you are responsible for ensuring that you have their consent to provide that data for the uses set out in this Privacy Policy and for bringing this Privacy Policy to their attention.

4.How we may collect and use your data

  • 4.1 We (or third party data processors, agents and sub-contractors acting on our behalf) may collect, store and use your personal information by way of different methods to collect data from and about you including through:

    • Direct interactions when you create an account, use the App’s features, create mixes, upload content, or contact us for support.
    • Automated technologies or interactions as you navigate through and use the App, including usage data, technical data, and app performance metrics. This includes automatic collection through server logs and application logs.
    • User-generated content you create, upload, or share through MixThat, including audio files, video files, and mixed content.

  • 4.2 In addition to the above, we may use the information in the following ways:

    • a) provide, maintain, and improve MixThat’s features and functionality;
    • b) enable you to create, store, and share audio and video mixes;
    • c) facilitate social features such as following other users, sharing content, and discovering new mixes;
    • d) personalize your experience and provide content recommendations;
    • e) process payments for sponsored accounts or premium features;
    • f) communicate with you about app updates, new features, or service announcements;
    • g) provide customer support and respond to your inquiries;
    • h) ensure the security and integrity of the App and protect against misuse, unauthorized access, fraud, security threats, and unauthorized automated data collection including AI scraping and training;
    • i) monitor and analyze usage patterns and technical performance to debug issues and optimize the App;
    • j) comply with legal obligations and enforce our Terms of Service.

  • 4.3 If you are already our user, we will only contact you electronically about MixThat features, updates, or content similar to what you have previously used or expressed interest in.

  • 4.4 If you are a new user, you will only be contacted for marketing purposes if you agree to it.

  • 4.5 In addition, if you don’t want us to use your personal data for any of the other reasons set out in this section in 4, you can let us know at any time by contacting us at privacy@firstcoders.co.uk, and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide MixThat’s services to you.

  • 4.6 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

    • a) Where we need to perform the contract we are about to enter into or have entered into with you.
    • b) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
    • c) Where we need to comply with a legal or regulatory obligation, for example compliance with health and safety, tax or other statutory obligations.

  • 4.7 Use of Third-Party Services: We use third-party service providers to help us deliver MixThat’s features, including:

    • Cloud hosting infrastructure (Amazon Web Services - AWS) for server hosting, data storage, and content delivery. Production services are hosted in EU regions, while beta/testing environments may be hosted in USA regions. We also use Amazon CloudFront CDN (Content Delivery Network) to deliver content efficiently; CDN edge locations are distributed globally and may temporarily cache and store your content to improve performance.
    • Email service providers (such as Brevo) to send app notifications, newsletters, and announcements
    • Cloud storage providers to store and deliver your content securely
    • Analytics services to understand how users interact with the App and improve performance
    • Payment processors (currently Patreon, and potentially Stripe in the future) for handling subscriptions and sponsored account payments. These payment processors are PCI-DSS compliant and handle all sensitive payment card information directly. We do not store your payment card details on our servers.

    These providers process your personal data on our behalf, in accordance with our instructions and GDPR/UK GDPR requirements. They are contractually obligated to protect your data, use it only for the specified purposes, and ensure appropriate security measures.

  • 4.8 Marketing Communications: We will only send marketing emails, newsletters, or announcements to users who have provided consent or where we have another lawful basis under UK GDPR. You can opt out of receiving marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us at privacy@firstcoders.co.uk.

5.Cookies

  • 5.1 We do not use non-essential tracking or marketing cookies on MixThat or our documentation website. However, we may use essential technical identifiers (including session cookies and security tokens) that are strictly necessary for security, load balancing, DDoS protection, and session management. Under UK Privacy and Electronic Communications Regulations (PECR), these essential technical cookies do not require consent as they are necessary for the provision of our services. Please note that while we do not use cookies for tracking or advertising, we do collect Technical Data (including IP addresses and device information) through standard server logs and application diagnostics as described in Section 3.2 above. This collection is necessary for the operation, security, and improvement of MixThat.

6.Where we store your data and security

  • 6.1 We may transfer your collected data to storage outside the UK. Your data may be processed outside the UK through our cloud hosting provider (Amazon Web Services - AWS). Our production environment is hosted in AWS EU regions to ensure your data remains within the European Economic Area where possible. Beta and testing environments may be hosted in AWS USA regions. Additionally, we use Amazon CloudFront CDN (Content Delivery Network) with edge locations distributed globally to deliver content efficiently; these edge locations may temporarily cache and store your content. If we do store or transfer data outside the UK, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the UK GDPR. Such steps may include, but not be limited to, the use of legally binding contractual terms between us and any third parties we engage with and the use of approved Model Contractual Arrangements. Your acceptance of this Privacy Policy shall be your consent permitting us to store or transfer data outside the UK if it is necessary for us to do so.
  • 6.2 Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure personal data that we hold. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
  • 6.3 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
  • 6.4 By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure.
  • 6.5 We have implemented security measures such as a firewall to protect any data and maintain a high level of security.
  • 6.6 Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet and you take the risk that any sending of that data turns out to be not secure despite our efforts.
  • 6.7 We will keep personal data for as long as is necessary which is usually the life of our relationship with you. Specific retention periods for different types of data are outlined below in our Data Retention Policies. We review our data retention obligations to ensure we are not retaining data for longer than we are legally obliged to.
  • 6.8 International Transfers: Personal data that we process through third-party service providers (including AWS cloud hosting, CloudFront CDN edge locations, email service providers, and other processors) may be stored or processed outside the UK or EU. When this occurs, we ensure that appropriate safeguards are in place, such as standard contractual clauses and AWS’s GDPR-compliant data processing agreements, to comply with UK GDPR requirements and protect your personal data.
  • 6.9 Server Logs and Technical Data: Server logs, error logs, and similar technical data (including IP addresses) are retained for a limited period necessary for security purposes, such as detecting and preventing unauthorized access, fraud, and security threats. These logs are automatically purged after a reasonable retention period.

Data Retention Policies for MixThat Users

  • Active Accounts: Personal data, user-generated content (mixes, audio files, video files), and account information for active MixThat users are retained for the duration of the account relationship.
  • Free Account Inactivity: For free MixThat accounts, user-generated content (mixes, uploads, playlists) may be deleted after 3 months of inactivity (no plays, shares, edits, mixes created, or account access), and accounts may be removed after 6 months of complete inactivity (no login or app interaction). While we aim to provide email or in-app notifications before deletion, we cannot guarantee delivery.
  • Sponsored Account Protection: Sponsored MixThat accounts enjoy permanent data retention for all content and are exempt from automatic deletion due to inactivity, subject to the continuation of sponsorship.
  • Content Sharing: Publicly shared mixes and content may remain accessible to other users who have saved or interacted with your content, even after account deletion, unless you specifically request removal.
  • Server Logs and Technical Data: Server logs, error logs, and technical data (including IP addresses) are retained only for the limited period necessary to ensure security, prevent fraud, troubleshoot technical issues, and protect the integrity of MixThat. These logs are automatically deleted after this retention period expires.
  • Legal and Safety Requirements: We reserve the right to retain or delete data as required for legal compliance, security, platform integrity, or to protect the rights and safety of other MixThat users.
  • User Control: Users may request deletion of their personal data and content at any time by contacting us at privacy@firstcoders.co.uk. Please note that deleted content may take time to be removed from backups and cached versions, and we may be legally obligated to retain certain information.
  • Backup Retention: Deleted data may remain in our backup systems for up to 90 days before being permanently removed.

7.Disclosing your information

  • We are allowed to disclose your information in the following cases:
    • 7.1.1 If we want to sell our business, or our company, we can disclose it to the potential buyer.
    • 7.1.2 We can disclose it to other businesses in our group.
    • 7.1.3 We can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.
    • 7.1.4 We can exchange information with others to protect against fraud or credit risks.
  • 7.2 We may contract with third parties to supply services to you on our behalf such as cloud hosting infrastructure providers (Amazon Web Services - AWS) for server hosting and content delivery, analytics providers, payment processors, and email service providers. These third parties are essential for MixThat’s operation. In addition, we use certain third parties to store personal data that we collect such as cloud storage services and backup systems.
  • 7.3 Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under UK GDPR and the law. Any third party that we share data with will not be permitted to use it for any other purpose than fulfilling their contract with us.
  • 7.4 Third-Party Social Media Sharing: MixThat may allow you to share your content to third-party social media platforms (such as Instagram, TikTok, X/Twitter, Facebook, or other services). When you choose to share content to these platforms, you are subject to their respective privacy policies and data practices. We are not responsible for the privacy practices of these third-party platforms, and we encourage you to review their privacy policies before sharing your content.

8.Your rights

  • 8.1 Under the UK GDPR, you have the right to:
    • request access to, deletion of or correction of, your personal data and content held by us at no cost to you;
    • request that your personal data be transferred to another person (data portability). As MixThat is currently in an MVP phase, automated export functionality is not yet available. If you require a copy of your account data (including metadata such as playlists, likes, and account history), please contact privacy@firstcoders.co.uk and we will fulfill your request manually within 30 days;
    • request deletion of your user-generated content from MixThat;
    • be informed of what data processing is taking place;
    • restrict processing;
    • to object to processing of your personal data; and
    • complain to a supervisory authority.
  • 8.2 You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data or when you create your MixThat account) if we intend to use your data for such purposes.
  • 8.3 To enforce any of the foregoing rights or if you have any other questions about this Privacy Policy, please contact us at .

9.Children’s Privacy

  • 9.1 MixThat is not intended for use by individuals under the age of 18, or the age of majority in your jurisdiction, whichever is higher. We do not knowingly collect, store, or process personal data from individuals under this age.
  • 9.2 If you are a parent or guardian and believe that your child under the age of 18 (or the age of majority in your jurisdiction) has provided us with personal data, please contact us immediately at privacy@firstcoders.co.uk so that we can take appropriate action to remove such information from our systems.
  • 9.3 We comply with the UK Age Appropriate Design Code and other applicable child protection laws and take appropriate measures to ensure that data from individuals under the age of majority, if inadvertently collected, is handled in accordance with their best interests and legal requirements.

10.Dispute Resolution

  • 10.1 We will use our best efforts to negotiate in good faith and settle any dispute that may arise out of or relate to this Privacy Policy or any breach of it.
  • 10.2 Any dispute shall not affect our ongoing obligations under this Privacy Policy.
  • 10.3 This Privacy Policy and any dispute or claim relating to or connected with it (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales and the courts of England and Wales are the only place where disputes or claims relating to or connected with this Privacy Policy (including non-contractual disputes or claims) may be decided.