Privacy Policy

This Privacy Policy (“Policy”) is a legally binding agreement between you (“User,” “you,” or “your”) and mixedbread ai inc. (“Company,” “we,” “us,” or “our”). This Policy describes how we collect, use, retain, and disclose information in connection with your access to and use of our products and services (collectively, the “Services”). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. If you do not agree with any part of this Policy, you must cease using our Services immediately.

1. Definitions

1.1 “Personal Information” means any information relating to an identified or identifiable individual, including but not limited to your name, email address, payment information, and any other information that you voluntarily provide.

1.2 “Usage Data” includes information that is automatically collected when you access or use the Services, such as API usage data, query logs, model logs, IP addresses, device identifiers, browser type, and other technical data.

1.3 “Free Tier” refers to the version of our Services offered at no charge, subject to the data collection and retention practices described herein.

1.4 “Paid Tier” refers to subscription-based services wherein only data necessary for the operation of the Service is collected.

2. Information Collection

2.1 Personal Information

We may collect Personal Information when you register for, access, or use our Services. Such information may include, without limitation, your name, email address, payment details, and other data you voluntarily provide.

2.2 Usage and Log Data

In connection with your use of our Services, we may collect various types of Usage Data, including but not limited to:

API usage data, query logs, and model logs;
Device identifiers, IP addresses, browser type, and other technical information; and
Log files maintained for performance, security, and operational purposes.

2.3 Tier-Specific Data Collection

Free Tier:
For Users accessing the Services under the Free Tier, we collect all Usage Data—including model logs, queries, and related information—in its native form. Such data is used for service improvement, model training, analytics, and research. Data collected under the Free Tier is retained indefinitely.
Paid Tier:
For Users subscribing to the Paid Tier, we collect only the data strictly necessary to provide the Services (e.g., data for document storage, vector stores, or document parsing). No usage data from Paid Tier users is used for model training or similar purposes. Retention of such data is limited to what is necessary for the operation of the Services.

3. Use of Information

We use the information collected for purposes including, but not limited to, the following:

Provision and Maintenance: To provide, maintain, and enhance the functionality and performance of our Services.
Account Management: To process transactions, manage your account, and communicate with you regarding your use of the Services.
Security and Analytics: To monitor, analyze, and improve our Services, and to safeguard against unauthorized access or security breaches.
Legal Compliance: To comply with legal obligations and to respond to lawful requests from governmental or regulatory authorities.

4. Disclosure of Information

4.1 Third-Party Service Providers

We may disclose aggregated or anonymized data to third-party service providers solely for the purpose of improving our Services. For example, we use Posthog for product analytics. Such third parties are not provided with Personal Information.

4.2 Legal and Regulatory Requirements

We may disclose your Personal Information if required to do so by law, regulation, or a valid legal process (e.g., subpoena, court order), or if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation;
Protect and defend the rights or property of mixedbread ai inc.;
Prevent or investigate possible wrongdoing in connection with the Services; or
Protect the personal safety of users of the Services or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your Personal Information may be transferred to the succeeding entity. We will provide notice if such a transfer occurs in accordance with applicable law.

5. Data Retention

Free Tier Users: Information collected from Free Tier users is retained indefinitely.
Paid Tier Users: Data retention for Paid Tier users is governed by the operational requirements of the Services.
Users may contact us regarding data retention practices; however, we do not guarantee the deletion of historical data upon request.

6. Data Security

We implement reasonable and appropriate technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, and destruction. Such measures include, but are not limited to:

Encryption of data in transit and at rest;
Access controls and authentication mechanisms; and
Regular monitoring and testing of our systems.

While we are actively working towards obtaining certifications such as SOC 2 and compliance with relevant standards (e.g., HIPAA), please note that we are not yet certified. We continually review and update our security measures as part of our commitment to protecting your data.

7. International Data Transfers

All data processed in connection with the Services is stored on servers located in the United States. We are planning to expand our infrastructure to include servers in the European Union in the near future. In the event that your data is transferred to or stored in a jurisdiction outside of your country, we will take all necessary steps to ensure that your information is afforded an adequate level of protection in accordance with applicable laws.

8. Compliance with Privacy Laws

Currently, our Services are primarily offered to users in the United States. As we expand our operations internationally, including into Europe, we will review and, if necessary, update this Policy to comply with applicable data protection laws and regulations. Until such time, this Policy is governed by U.S. data protection principles.

9. Children’s Privacy

Our Services are intended for use by developers and other adult users. We do not knowingly collect Personal Information from children under the age of 13. If it is brought to our attention that we have inadvertently collected Personal Information from a child under the age of 13, we will take prompt steps to delete such information from our records.

10. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Any changes will become effective immediately upon posting of the updated Policy on our website. Your continued use of our Services after any such modifications constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically to stay informed about our data practices.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@mixedbread.ai

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the terms set forth in this Privacy Policy. If you do not agree to this Policy, you must immediately discontinue your use of the Services.