Privacy Policy

MixAudit is an independent software product operated by Brook Stefanou, an individual based in Australia. For the purposes of applicable privacy law, Brook Stefanou is the data controller for personal data collected through this website and the desktop application.

Contact: support@mixaudit.com

Audio files are the most sensitive data MixAudit handles. Here is the exact lifecycle of a file you upload:

1. 01You upload the file directly to an isolated cloud storage location via a signed URL. The file bypasses our web servers entirely.
2. 02An analysis worker downloads the file to an isolated temporary directory, runs the signal analysis, and writes the result to our database.
3. 03The worker deletes the file from cloud storage immediately after analysis completes — whether the analysis succeeded or failed. This happens within 60 seconds of upload in normal operation.
4. 04The temporary directory on the analysis worker is wiped at the end of every job.
5. 05A background expiry rule permanently removes any file that was not deleted by the worker within 24 hours. This covers edge cases such as a worker being terminated mid-job.

Your audio is never written to a database. It is never used as training data for machine learning models — MixAudit uses deterministic signal analysis and does not require training data. It is never shared with third parties beyond the storage and compute infrastructure described above.

If you create an account, we store your email address and an analysis count. We do not store passwords — authentication is handled via Google OAuth or a one-time email code.

If you purchase a Pro licence, your payment is processed by Stripe. MixAudit never sees or stores your card number. Stripe retains payment records as required by financial regulations. Your email address is shared with Stripe to generate a receipt and manage your licence.

Analysis results (the structured observation report, not the audio) are stored in our database linked to your account so you can access them in your history. You can delete your account and all associated analysis records at any time.

We collect anonymous usage events (for example, “analysis started” or “upgrade clicked”) to understand how the product is used and where it breaks. These events do not contain audio content or personally identifying information beyond a session identifier.

Product analytics are opt-in. They are disabled until you explicitly consent via the preference toggle below. You can change this at any time.

Error monitoring is provided by Sentry. When the application encounters an unexpected error, a report is sent to Sentry containing the error message, stack trace, and basic request metadata (URL, browser version). Audio content is never included in error reports. Error logs are retained for 30 days.

The following third-party services receive limited data as described:

• Supabase — Authentication, database, and row-level security. Stores your email, analysis count, Pro status, and analysis results. Data is hosted in the US.
• Stripe — Payment processing and licence management. Receives your email and payment details when you purchase Pro. Governed by Stripe's own privacy policy.
• AWS (Amazon Web Services) — Isolated cloud storage for audio files during analysis (US region). Files are deleted within 60 seconds as described in section 02. AWS does not access or process your audio content.
• Sentry — Error monitoring. Receives error reports containing stack traces and request metadata. No audio content. Logs retained 30 days.
• Analytics provider — Anonymous usage events. Opt-in only — disabled by default until you consent.

We do not sell your data to any third party.

We retain different categories of data for different periods:

• Audio files — Deleted within 60 seconds of analysis. Guaranteed purged within 24 hours.
• Analysis results — Retained until you delete your account or request erasure.
• Account data — Retained until you delete your account. Deletion removes email, analysis history, and Pro status.
• Payment records — Retained by Stripe for up to 7 years as required by financial regulations. MixAudit retains only your Pro licence status.
• Error logs — Retained for 30 days, then automatically deleted.
• Analytics events — Retained for 12 months if you have opted in.

Audio files are transferred directly to isolated cloud storage over HTTPS using a short-lived signed URL. They are never routed through our web servers. The analysis worker runs in an isolated execution environment and has no network access beyond what is required to retrieve the file and write the result.

Database access is protected by row-level security — your analysis records are only accessible to your authenticated session. Service credentials are stored as environment variables and are never exposed to the browser.

Under the Australian Privacy Act 1988, and equivalent privacy legislation in other jurisdictions (including GDPR for EEA/UK residents and CCPA for California residents), you have the following rights:

• Access — Request a copy of the personal data we hold about you.
• Erasure — Request deletion of your account and all associated data. Processed within 30 days.
• Portability — Request your analysis history in a machine-readable format.
• Correction — Request correction of inaccurate personal data.
• Objection — Object to processing based on legitimate interest. We will stop unless we have compelling grounds.
• Opt-out of analytics — Withdraw analytics consent at any time using the toggle in section 04 above.

To exercise any of these rights, email support@mixaudit.com with the subject line “Data Request”. We will respond within 30 days.

If we make material changes to this policy — particularly to how audio files are handled — we will update the “Last updated” date at the top and notify registered users by email. Continued use of MixAudit after the change constitutes acceptance.

For privacy questions or data requests, contact us at support@mixaudit.com.