Waitlist privacy notice

Who controls the data

Mix Tools LLC, 4030 Wake Forest Rd Ste 349, Raleigh, NC 27609, United States controls waitlist and account data collected through this site. Contact hello@box.mix.tools for access, correction, deletion, or consent-withdrawal requests.

What we collect

The public waitlist collects your email address, required waitlist-processing consent, optional product-update consent, submission source details such as UTM/referrer, and technical metadata needed to operate and protect the service. After email verification, an optional profile may collect name, organization, role, domain, blocker category, project stage, participation preferences, and a short non-confidential project summary.

Authenticated tester-only IDE access may create account, session, role, project, source, claim, proof-plan, cost, result, decision, agent-run, trace-summary, and audit metadata needed to operate the internal IDE. The public waitlist does not request confidential project documents.

Why we collect it

We use waitlist data to verify addresses, manage access to the design-partner program, prevent abuse, respond to requests, and contact selected teams. Optional product updates are separate from required waitlist processing and can be withdrawn.

Tester-only IDE data is used to provide the authenticated pilot workflow, preserve evidence trails, maintain auditability, troubleshoot service issues, enforce permissions, and protect the service from misuse.

Legal basis and choices

The waitlist is designed around your consent for required waitlist processing and separate consent for optional product updates. Account, security, audit, abuse-prevention, and service operations may also rely on legitimate business purposes or legal obligations where applicable. Final legal basis, regional rights language, and international transfer details must be approved before launch.

What not to submit

Do not submit confidential technical documents, detailed intellectual property, regulated data, export-controlled data, payment-card data, protected health information, or sensitive project records through the waitlist form. Any pilot-data workflow will be designed and agreed separately.

Retention and processors

Unverified entries are expected to be retained briefly, initially seven days, and verified entries only for the documented waitlist and design-partner purpose. Production processors are expected to include Hetzner for hosting/backups and an SMTP provider for email delivery. Final retention periods, legal basis, transfer details, and processor list must be approved before launch.

Access, correction, deletion, and withdrawal requests can be sent to the contact address above. The local retention job is designed to delete stale unverified waitlist entries and expired authentication records without retaining email addresses in cleanup audit metadata. Verified waitlist entries, unsubscribe suppression records, and tester-only IDE records require an approved manual review path until final retention periods are set.

Security and analytics

The first release is designed for HTTPS transport, restricted administrative access, same-origin API requests, short-lived single-use magic links, HTTP-only session cookies, redacted logs, no third-party advertising cookies, no enrichment for unrelated purposes, and no model training on waitlist data.

We may use aggregate, redaction-safe operational metrics to understand service reliability, abuse patterns, waitlist funnel health, and early-access fit. For the first analytics rollout, we expect to use self-hosted Umami analytics on the same mix.tools origin for public pages only: landing, Privacy, Terms, landing-page message/CTA clicks, public navigation clicks, and waitlist funnel events such as request started, sent, or failed. These analytics events are designed not to include email addresses, magic-link tokens, free-text project details, authenticated admin activity, or tester-only IDE activity.

Umami dashboard access is intended for operators only. The analytics database has its own private PostgreSQL service and retention/backup coverage must be explicitly approved before we make recoverability claims for analytics records. You can send analytics questions or opt-out/deletion requests to the contact address above.

Terms and contact

Use of the site and early-access surfaces is also governed by the draft Terms of Use. Questions, privacy requests, and legal notices can be sent to Mix Tools LLC, 4030 Wake Forest Rd Ste 349, Raleigh, NC 27609, United States or hello@box.mix.tools.