Privacy Policy

Last updated: May 27, 2026

Last updated: May 31, 2026

1. Introduction

Mixmi is a multi-vendor print-on-demand marketplace operated in the Philippines under the registered trade name MIXMI ONLINE SHOP (a sole proprietorship, DTI Certificate No. 7497503), with a business address at P73-A 9th 2nd St., Villamor, Pasay City, Philippines. We enable customers to mix and match artwork from multiple vendors onto physical products. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform.

Data Protection Officer: Dave P. Tabi
Contact: legal@mixmi.co

2. Who Can Use Mixmi

Access to Mixmi depends on your role and age:

RoleMinimum AgeNotes
Vendor18+Must be a legal adult to sell artwork
Buyer (with account)13+Additional protections apply for users under 18 (see Section 9)
Guest checkoutNo restrictionNo account required; minimal data collected

3. Data We Collect

  • Account information: Name, email address, username, date of birth
  • Shipping address: Region, province, city, barangay, street address, postal code
  • Payment information: Processed securely by PayMongo. We do not store card numbers or payment credentials.
  • Composition data: Artwork selections, design layouts, product choices, and saved drafts
  • Usage and analytics: Pages visited, features used, device type, browser, IP address (for region detection)
  • Vendor information: Shop name, payout method (bank account, GCash, or Maya details via PayMongo)

Publicly visible information: Your username, display name, profile photo, bio, and any artwork or compositions you publish are visible to other users and to the public, and may be indexed by search engines. Do not include information in these fields that you do not want to be public.

4. How We Use Your Data

  • Order processing: Fulfilling your print orders, coordinating with suppliers, and arranging shipping
  • Account management: Authenticating your identity, managing your profile, and securing your account
  • Platform analytics: Understanding how the marketplace is used to improve the experience
  • Transactional emails: Order confirmations, shipping updates, and account notifications
  • Vendor payouts: Processing earnings withdrawals to verified payout methods

5. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication, session management, and cart functionality. These cannot be disabled.
  • Functional cookies: Set by our live chat support widget (Tawk.to) so that conversations and support preferences persist as you move between pages. These load when chat is available and are necessary for the support feature to work.
  • Analytics cookies: Help us understand platform usage. They are off by default and only load if you opt in via the cookie banner.
  • Preference cookies: Remember your settings such as theme and display preferences.

Minors (13-17): The cookie consent banner is shown the same way as for adult users. Marketing emails are off by default for accounts flagged as minors and require explicit opt-in once the user reaches age 18.

6. Third-Party Processors

We share data with the following service providers who process it on our behalf:

  • PayMongo: Payment processing (GCash, Maya, QR Ph, cards) and vendor payout disbursements (GCash, Maya). See PayMongo Privacy Policy.
  • Print Fulfillment Partner: Order production and shipping coordination. Partner details available upon request at support@mixmi.co.
  • Supabase: Database hosting and authentication
  • Vercel: Application hosting and edge deployment
  • Resend: Transactional email delivery
  • Sentry: Error monitoring and session replay for debugging. May incidentally capture user-entered text and screen contents at the moment an error occurs. See Sentry Privacy Policy.
  • Tawk.to: Live chat support widget. Captures chat transcripts, IP address, and basic device information. See Tawk.to Privacy Policy.

7. Data Retention

  • Financial records: Retained for 10 years as required by the Philippine Bureau of Internal Revenue (BIR)
  • Account and profile data: When you request account deletion, your profile, artworks, and compositions are permanently deleted within 30 days. Deletion includes a short grace period during which you can cancel the request by signing back in.
  • Personal identifiers in financial records: Where your name or address appears in order and financial records that we are legally required to keep, those identifiers are anonymized once they are no longer needed for the legal purpose, in compliance with the Philippine Data Privacy Act of 2012 (DPA)
  • Wallet transactions: Immutable ledger entries are never deleted (append-only for audit integrity)

8. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format

To exercise any of these rights, contact us at legal@mixmi.co. Requests will be processed within 30 days.

9. Children and Minors

We collect date of birth at signup and assign a protection profile based on age and signup region. The protection profile determines what an account can do on the platform:

  • Under 13: Account creation is blocked. We do not knowingly collect personal information from users under 13.
  • 13-17 (non-EU/EEA): Account is flagged as a minor. Vendor onboarding is unavailable. Marketing emails are off by default.
  • 13-17 (EU/EEA): Same restrictions as above, plus additional GDPR-K protections. Vendor onboarding is unavailable. Marketing emails are off by default.
  • 18+: Full platform access, including vendor onboarding and marketing opt-in.

Date of birth is captured at signup and cannot be changed afterward without contacting support. If you turn 18 and need your protection profile reviewed, contact us at legal@mixmi.co.

10. International Users

Mixmi is operated from the Philippines but may be accessed globally. We comply with applicable data protection laws:

  • European Union (GDPR): EU/EEA users have additional rights under the General Data Protection Regulation, including the right to object to processing, restriction of processing, and lodging complaints with a supervisory authority.
  • California (CCPA): California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. Mixmi does not sell personal information.

Where your data is stored and processed: Mixmi is operated from the Philippines, but some of our service providers (listed in Section 6) store and process data on servers located outside the Philippines, including in Singapore, the European Union, and the United States. By using Mixmi, you consent to the transfer of your personal information to these locations. We take reasonable steps to ensure that any such provider offers a comparable level of data protection, consistent with the Philippine Data Privacy Act of 2012 (DPA).

11. PayMongo Disclosure

All payment transactions on Mixmi are processed by PayMongo, a BSP-licensed payment processor in the Philippines. When you make a payment, your financial information (card numbers, e-wallet credentials) is handled directly by PayMongo and is never stored on Mixmi servers. PayMongo's processing of your data is governed by their own Privacy Policy.

12. Vendor Payout Disclosure

Mixmi acts as Merchant of Record: customer payments are collected by Mixmi (via PayMongo), and vendor earnings accrue to an internal ledger. Payouts to vendors are then disbursed through PayMongo's Money Movement service. When you register a payout method (GCash or Maya), the account details you provide are transmitted to PayMongo for disbursement. Mixmi stores only the payout method type and a masked account identifier for display purposes. PayMongo's processing of your data is governed by their own Privacy Policy.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Mixmi will:

  • Notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, in accordance with NPC Circular 16-03
  • Notify affected users via email within 72 hours of becoming aware of the breach, describing the nature of the breach, the data involved, and the steps being taken to address it
  • Document all breaches in an internal breach register, including those that do not meet the notification threshold, for audit and compliance purposes

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email (using the address associated with your account) at least 14 days before the changes take effect. Non-material changes (such as formatting or clarification) may be made without notice.

15. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

You may also file a complaint with the National Privacy Commission of the Philippines.

We use cookies to make Mixmi work and to understand how it's used. Essential cookies are always on. You can choose what else we use. See our Privacy Policy.