Privacy Policy
Last updated: 3 April 2026
1. Overview
This privacy policy explains how AJBERRI PTY LTD (“Mixxi”, “we”, “us”, “our”) collects, uses, stores, and protects your personal information when you use our savings intelligence platform at mixxi.com and app.mixxi.com.
We’re committed to transparency. This policy is written in plain English because we believe you shouldn’t need a lawyer to understand how your data is handled.
2. Information We Collect
Account Information
- Name, email address, password (hashed, never stored in plain text)
- Authentication data (Google OAuth tokens if you use Google sign-in)
Financial Data (you provide)
- Bank statement data: When you upload a bank statement, we parse transactions (merchant, amount, date, category). We delete the raw statement file after parsing — we only keep structured transaction data.
- Email data: When you connect Gmail or Outlook, we scan for billing-related emails only (filtered by keywords like “invoice”, “bill”, “receipt”, “payment”). We extract: provider name, bill amount, plan name, billing dates, and price changes. We never store raw email content — only structured extracts.
Usage Data
- How you interact with the app (pages visited, features used)
- Error reports via Sentry (with personal information redacted)
- Device and browser information
3. How We Use Your Information
We use your information to:
- Generate savings reports and recommendations
- Match your spending against live market alternatives
- Send you price change alerts and savings notifications (Pro users)
- Improve our service and fix bugs
We NEVER use your data for advertising. We NEVER sell, rent, or share your personal or financial data with third parties for their marketing purposes.
4. Email Access
When you connect your email, we request read-only access (Gmail: gmail.readonly scope; Outlook: Mail.Read permission). This means:
5. How We Protect Your Information
- AES-256 encryption at rest for all stored data
- TLS 1.3 encryption in transit
- OAuth tokens encrypted with AES-256-GCM
- Raw bank statements deleted after parsing
- Raw email content never stored
- Personal information redacted from error reports
- Regular security reviews
- Access controls and audit logging
6. Data Storage and Location
All data is stored in Australia. We use Australian-region cloud infrastructure. Your data does not leave Australia.
7. Data Retention
- Account data: retained while your account is active
- Financial data: retained while your account is active, or until you delete it
- Extracted documents: retained while your account is active, or until you disconnect your email
- Usage data: anonymised and aggregated after 12 months
- Deleted data: permanently removed within 30 days of deletion request
8. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access your personal information
- Correct inaccurate information
- Delete your data (one-click deletion available in Settings)
- Withdraw consent for email access
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
To exercise any of these rights, visit your Settings page or email privacy@mixxi.com.
10. Third-Party Services
We use the following third-party services:
- Google OAuth — for sign-in and Gmail access
- Microsoft OAuth — for Outlook access
- Sentry — error tracking (personal information redacted)
- Stripe — payment processing (they have their own privacy policy)
- Neon — database hosting (Australian region)
11. Children’s Privacy
Mixxi is not intended for users under 18. We do not knowingly collect information from minors.
12. Changes to This Policy
We’ll notify you of material changes via email or in-app notification at least 30 days before they take effect.
13. Contact
For privacy inquiries: privacy@mixxi.com
General: hello@mixxi.com
AJBERRI PTY LTD
50 Miller St, North Sydney NSW 2060, Australia
For complaints, you may also contact the Office of the Australian Information Commissioner at www.oaic.gov.au.