Privacy Policy

Last updated: May 7, 2026

1. Introduction

Mixmi is a multi-vendor print-on-demand marketplace operated in the Philippines. We enable customers to mix and match artwork from multiple vendors onto physical products. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform.

Data Protection Officer: Dave P. Tabi
Contact: privacy@mixmi.co

2. Who Can Use Mixmi

Access to Mixmi depends on your role and age:

RoleMinimum AgeNotes
Vendor18+Must be a legal adult to sell artwork
Buyer (with account)13+Parental consent required under 18
Guest checkoutNo restrictionNo account required; minimal data collected

3. Data We Collect

  • Account information: Name, email address, username, date of birth
  • Shipping address: Region, province, city, barangay, street address, postal code
  • Payment information: Processed securely by PayMongo. We do not store card numbers or payment credentials.
  • Composition data: Artwork selections, design layouts, product choices, and saved drafts
  • Usage and analytics: Pages visited, features used, device type, browser, IP address (for region detection)
  • Vendor information: Shop name, payout method (bank account, GCash, or Maya details via PayMongo)

4. How We Use Your Data

  • Order processing: Fulfilling your print orders, coordinating with suppliers, and arranging shipping
  • Account management: Authenticating your identity, managing your profile, and securing your account
  • Platform analytics: Understanding how the marketplace is used to improve the experience
  • Transactional emails: Order confirmations, shipping updates, and account notifications
  • Vendor payouts: Processing earnings withdrawals to verified payout methods

5. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication, session management, and cart functionality. These cannot be disabled.
  • Analytics cookies: Help us understand platform usage. You may opt out via the cookie banner.
  • Preference cookies: Remember your settings such as theme and display preferences.

Minors: Users under 16 in the EU/EEA or under 13 globally are served essential cookies only. No analytics or marketing cookies are loaded for these users.

6. Third-Party Processors

We share data with the following service providers who process it on our behalf:

  • PayMongo: Payment processing (GCash, Maya, QR Ph, cards). See PayMongo Privacy Policy.
  • Xendit: Vendor payout disbursements (bank transfer, GCash, Maya). See Xendit Privacy Policy.
  • Print Fulfillment Partner: Order production and shipping coordination. Partner details available upon request at support@mixmi.co.
  • Supabase: Database hosting and authentication
  • Vercel: Application hosting and edge deployment
  • Resend: Transactional email delivery
  • Sentry: Error monitoring and session replay for debugging. May incidentally capture user-entered text and screen contents at the moment an error occurs. See Sentry Privacy Policy.
  • Tawk.to: Live chat support widget. Captures chat transcripts, IP address, and basic device information. See Tawk.to Privacy Policy.

7. Data Retention

  • Financial records: Retained for 10 years as required by the Philippine Bureau of Internal Revenue (BIR)
  • Personal information: Retained for 3 years after account deletion, then anonymized, in compliance with the Philippine Data Privacy Act of 2012 (DPA)
  • Wallet transactions: Immutable ledger entries are never deleted (append-only for audit integrity)

8. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format

To exercise any of these rights, contact us at privacy@mixmi.co. Requests will be processed within 30 days.

9. Children and Minors

Mixmi assigns a protection profile to each user based on their date of birth and signup region. This determines the level of data protection applied:

  • Under 13 (global) / Under 16 (EU/EEA): Essential cookies only. No analytics or marketing. No cookie consent banner shown.
  • 13-17 (non-EU) / 16-17 (EU/EEA): Standard cookies with consent. No marketing emails. Parental consent required for purchases.
  • 18+: Full platform access. Standard cookie and marketing consent flows.

Protection profiles are automatically upgraded when a user turns 18. No action is required from the user.

10. International Users

Mixmi is operated from the Philippines but may be accessed globally. We comply with applicable data protection laws:

  • European Union (GDPR): EU/EEA users have additional rights under the General Data Protection Regulation, including the right to object to processing, restriction of processing, and lodging complaints with a supervisory authority.
  • California (CCPA): California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. Mixmi does not sell personal information.

11. PayMongo Disclosure

All payment transactions on Mixmi are processed by PayMongo, a BSP-licensed payment processor in the Philippines. When you make a payment, your financial information (card numbers, e-wallet credentials) is handled directly by PayMongo and is never stored on Mixmi servers. PayMongo's processing of your data is governed by their own Privacy Policy.

12. Vendor Payout Disclosure

Mixmi acts as Merchant of Record: customer payments are collected by Mixmi (via PayMongo), and vendor earnings accrue to an internal ledger. Payouts to vendors are then disbursed through Xendit, a BSP-licensed payment infrastructure provider in the Philippines. When you register a payout method (bank account, GCash, or Maya), the account details you provide are transmitted to Xendit for disbursement. Mixmi stores only the payout method type and a masked account identifier for display purposes. Xendit's processing of your data is governed by their own Privacy Policy.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Mixmi will:

  • Notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, in accordance with NPC Circular 16-03
  • Notify affected users via email within 72 hours of becoming aware of the breach, describing the nature of the breach, the data involved, and the steps being taken to address it
  • Document all breaches in an internal breach register, including those that do not meet the notification threshold, for audit and compliance purposes

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email (using the address associated with your account) at least 14 days before the changes take effect. Non-material changes (such as formatting or clarification) may be made without notice.

15. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

You may also file a complaint with the National Privacy Commission of the Philippines.