Docs
Privacy

Privacy

Overview

Mixpanel believes in respecting and protecting people’s fundamental online privacy and data rights. This is why we've built Mixpanel's analysis tools in compliance with industry best practices and global data regulations like the GDPR and the CCPA.

Visit our Privacy Hub (opens in a new tab) to see how we comply with various privacy guidelines.

Storing Your Data in the European Union

By default, Mixpanel stores user data on its US Servers via the Google Cloud Platform. However, Mixpanel also provides you with the option to process and store your customers' personal data in Europe via our EU Data Residency Program (opens in a new tab). You can enable this by selecting the "EU Data Residency" option when creating a new project and using our EU subdomain during all API calls.

APIStandard ServerEU Residency Server
Ingestion API (opens in a new tab)api.mixpanel.comapi-eu.mixpanel.com
Query API (opens in a new tab)mixpanel.com/apieu.mixpanel.com/api
Raw Data Export API (opens in a new tab)data.mixpanel.com/api/2.0/exportdata-eu.mixpanel.com/api/2.0/export
Data Pipelines API (opens in a new tab)data.mixpanel.com/api/2.0/exportdata-eu.mixpanel.com/api/2.0/export
Lexicon Schemas API (opens in a new tab)mixpanel.com/api/app/projectseu.mixpanel.com/api/app/projects
Connectors API (opens in a new tab)mixpanel.com/api/app/projectseu.mixpanel.com/api/app/projects

Using Our SDKs

Next, you'll need to set the server location to EU when initializing the Mixpanel library. You can find instructions for the required config settings for each SDK below:

Log in via SSO

If you want the IdP initiated flow to direct to eu.mixpanel.com (opens in a new tab), prepend "eu." to your postback URL. For example, mixpanel.com/security/login/1 (opens in a new tab) would need to be changed to eu.mixpanel.com/security/login/1 (opens in a new tab).

Manage Personal Data

Mixpanel deletion and retrieval APIs are in place to help Mixpanel implementations meet the requirements outlined by the General Data Protection Regulation (GDPR) legislation.

📘GDPR Request Rate Limits You can batch up to 2000 distinct IDs per deletion request and up to 2000 for a retrieval request. Request rates are limited for GDPR API requests.

User Opt-Out

While the following API can be used to delete or retrieve personal data as outlined by the GPDR, it is important to also opt users out of subsequent tracking. If tracking using a client-side Mixpanel library, you can opt users out of tracking using Mixpanel's opt-out methods. These are available in the following client-side libraries:

See Mixpanel’s Managing Personal Information guide for more information on best practices when handling personal information in Mixpanel.

Authentication

Authentication occurs via a user-specific OAuth token with a scope that only includes the following deletion and retrieval APIs. Users can retrieve this token from their Account Settings (opens in a new tab) by selecting their initials in the top right of Mixpanel and selecting Profile & Preferences, and then the Data & Privacy tab. The OAuth token has a one-year expiry. It should be passed in the Authentication header. Users are eligible to generate an OAuth token if they are the project owner, or if they are a project owner or admin of a project that supports team member roles.

Was this page useful?