개인정보 처리방침

This Privacy Policy explains how the operator of mixgateway.io ("we", "us", or "our") collects, uses, discloses, and otherwise processes personal data when you use our website, API gateway, account dashboard, documentation, and related offerings (collectively, the "Services"). Capitalized terms not defined here may be defined in our Terms of Service.

This Policy applies to personal data collected through the Services and related communications (for example support email or chat). By using the Services, you acknowledge the practices described here. If you do not agree, do not use the Services. Please also read our Terms of Service, which describe rules for API use, billing, and (where applicable) content you send through the gateway.

We may update this Policy from time to time. We will post the revised version and change the "Last updated" date. Where required by law, we will provide additional notice (for example by email to registered users for material changes). Continued use after the effective date may constitute acceptance.

1. Information we collect

We collect personal data in three broad ways: information you provide, information collected automatically, and information from third parties (such as authentication or payment partners).

Information you provide may include: name or display name; email address; account credentials or identifiers from social login (OAuth); billing and transaction details processed by payment processors (we typically do not store full payment card numbers when a partner tokenizes card data); messages you send to support; and survey or feedback responses if you choose to participate.

Information collected automatically may include: IP address; device and browser type; language and time zone; approximate location derived from IP; dates and times of access; pages viewed and features used; referring/exit URLs; diagnostic and performance logs; API request metadata (such as timestamps, routes, latency, error codes, token counts, and model or provider identifiers) needed to operate billing and reliability; and data from cookies or similar technologies as described below.

API payloads. When you route requests through our gateway, the body of those requests and responses may include text or other data you or your end users submit ("Request Content"). Request Content may contain personal data if you or your users include it. We process Request Content to provide the Services (for example forwarding to upstream model providers and returning responses). We do not control how independent model or infrastructure providers handle Request Content for their own purposes (including possible training or logging); their terms and privacy notices apply to their processing.

2. Cookies and similar technologies

We and our service providers may use cookies, local storage, pixels, and similar technologies to operate the site (for example session and security), remember preferences, measure traffic and product usage, and improve the Services. Where required, we will obtain consent before non-essential cookies. You can control cookies through your browser settings; disabling some cookies may limit certain features.

We may use analytics or product-analytics tools to understand how the Services are used. If we use third-party analytics, we choose vendors and configurations intended to limit unnecessary personal data where feasible. Check this Policy periodically for named vendors once you adopt specific tools.

3. How we use personal data

We use personal data to: provide, maintain, and secure the Services; authenticate users and manage accounts; process payments and credits; detect, prevent, and investigate fraud, abuse, and security incidents; troubleshoot and improve performance; analyze usage in aggregate or de-identified form; communicate about the Services, including transactional messages and (where permitted) marketing; comply with legal obligations; enforce our Terms and policies; and fulfill other purposes described at collection or with your consent.

Aggregated and de-identified information. We may derive aggregate or de-identified statistics from personal data (for example usage trends) that do not reasonably identify you, and use or share such information for analytics, security, and business operations.

4. How we share personal data

We may share personal data with: service providers and subprocessors who assist us (hosting, email, analytics, fraud prevention, customer support tools, payment processing) subject to confidentiality and processing terms; professional advisers where necessary; affiliates, if any, as disclosed; law enforcement or others when we believe in good faith that disclosure is required by law or necessary to protect rights, safety, or security; and a successor in interest in a merger, acquisition, financing, or sale of assets, as permitted by law.

We do not sell personal data for money as a primary business. Some laws define "sale" or "sharing" broadly (for example for targeted advertising); to the extent those laws apply, we will describe opt-out rights below and honor applicable requests.

5. Legal bases (EEA / UK / similar)

Where GDPR or similar laws apply, we rely on: performance of a contract (providing the Services you request); legitimate interests (for example securing the platform, improving reliability, and limited marketing to business contacts where allowed), balanced against your rights; consent where required (for example certain cookies or marketing); and legal obligations.

6. Your rights and choices

Depending on your location, you may have rights to access, rectify, delete, restrict, or object to certain processing, to data portability, to withdraw consent, and to lodge a complaint with a supervisory authority. You may opt out of promotional emails by using the unsubscribe link or contacting us. To exercise privacy rights, contact us via the support channels listed on our website. We may need to verify your identity before responding. You may also be able to update some profile information in your account settings.

Account deletion. You may request deletion of your account and associated personal data by contacting us, subject to legal retention requirements. We may confirm the request using your registered email. Some records may be retained where law, fraud prevention, or dispute resolution requires.

7. Security

We implement reasonable technical and organizational measures designed to protect personal data. No online service is completely secure. You are responsible for safeguarding passwords and API keys.

8. Third-party services

The Services may integrate with or link to third-party sites, model providers, and tools. Their privacy practices are governed by their own policies. We are not responsible for third-party services we do not control.

9. Retention

We retain personal data for as long as needed to provide the Services, comply with law, resolve disputes, and enforce agreements. Retention periods vary by data category. When retention is no longer required, we delete or anonymize data where feasible.

10. Children

The Services are not directed to children under the age required for lawful consent in your jurisdiction (often 13 or higher, or higher where local law requires). If you believe we have collected data from a child without proper authority, contact us and we will take appropriate steps.

11. International transfers

We may process and store personal data in countries other than where you live, including countries that may not provide the same level of data protection. Where required, we use appropriate safeguards such as standard contractual clauses or other mechanisms recognized by applicable law.

12. Governing law for this Policy

Disputes relating to this Policy or our privacy practices may be governed by the laws of the jurisdiction we designate for the Services (for example in our Terms or a regional addendum), excluding conflict-of-law rules that would apply another jurisdiction's laws, unless mandatory consumer protections in your country require otherwise.

13. Regional supplements (summary)

Certain U.S. state laws and the GDPR require additional transparency. In general: we collect identifiers, commercial information (such as purchase history), internet or network activity (such as logs and analytics), and communications you send us. We use and disclose this information for the purposes described in sections 3–4. We do not use or disclose sensitive categories of data as defined by some state laws except as needed to provide the Services or as permitted by law. For details about categories, purposes, and rights, you may rely on the sections above; we will update this Policy if our practices change materially.

14. Contact

For privacy questions or requests, contact us through the support channels published on our website (for example Telegram or a designated privacy email if we provide one).