← Back to MixMemora

Privacy Policy

Last updated: 16 July 2026

1. Who we are

This Privacy Policy explains how Design Mania Limited( “we”, “us”, “our”), trading as Moth Mode Software, collects and uses personal data when you use MixMemora - including our website at https://mixmemora.com, the free VST3 plugin, and MixMemora Cloud (the “Services”).

We are the data controller for personal data described in this policy. Our registered office is 7 Oak Industrial Park, Chelmsford Road, Great Dunmow, Essex, CM6 1XN, United Kingdom. Company number 03616535 (registered in England & Wales).

Privacy questions and data rights requests: hello@mixmemora.com

2. What we collect

The data we collect depends on how you use the Services:

Website visitors

  • Technical data - IP address, browser type, device information, and pages visited, collected in standard server and hosting logs for security and reliability.
  • Preferences- if you change the site theme, we store that choice in your browser's local storage. We do not use advertising or third-party analytics cookies on the marketing site at the time of this policy.
  • Installer email requests - if you ask us to email a download link, we collect the email address you provide, send the message through our email provider, and may rate-limit requests by IP address to prevent abuse. We use that address only to deliver the requested download link and related technical notices unless you later create an account or ask us to keep in touch for another purpose.

Free plugin users (no account)

  • Local data - notes, tasks, and project metadata are stored on your device and inside your DAW project. We do not receive this content unless you choose to use cloud features or submit a bug or feature report.
  • Update checks - the plugin may contact our servers to check for software updates. This may include your plugin version, build identifier, and a generic request log.
  • Bug and feature reports - if you submit a report, we may receive your description, report type, plugin version and build, operating system, DAW or host information, page or screen context, user agent, IP address, an anonymous local identifier stored in your plugin, optional debug log text you choose to include, and abuse-prevention signals (including CAPTCHA verification). Signed-in users may have the report linked to their account; otherwise it may be stored as anonymous.
  • WebView2 runtime- on first install, Windows may download the Microsoft WebView2 runtime. That process is governed by Microsoft's privacy policy.

MixMemora Cloud account holders

  • Account data - email address, display name, password (held by our identity provider), authentication provider details, and optional profile information such as an avatar.
  • User content - production notes, tasks, comments, chat or messaging content where available, project metadata, audio files, attachments, view links, blocks, collaboration permissions, and activity needed to operate cloud sync and sharing.
  • Security data - multi-factor authentication status, and hashed MFA recovery codes if you enable MFA. We do not store recovery codes in plain text.
  • Usage and technical data - storage used, feature usage, sync events, notification preference settings, and security or admin audit logs related to your account.
  • Social sign-in - if you sign in with Google or Apple (or another provider we enable), we receive basic profile information from that provider as permitted by your settings with them.
  • Service emails - we may send transactional and product emails such as collaboration invites, view-link notices, comments, task reminders, trial reminders, and billing notices. You can adjust many notification preferences in your account settings. Account, security, and billing messages may still be sent when necessary.

Paid subscribers and trials

  • Payment data - subscriptions and card-on-file trials are processed by Stripe. We receive billing status, plan, interval, limited payment metadata, and related customer or subscription identifiers. We do not store full card numbers.
  • Trial status - if we grant a complimentary or promotional trial without a card on file, we store the plan and trial status on your account so we can deliver the trial features.

3. How we use your data

We use personal data to:

  • provide, maintain, secure, and improve the Services;
  • authenticate users, protect accounts, and support MFA;
  • sync and store your cloud projects and collaborate with people you invite;
  • process subscriptions, trials, and billing;
  • send transactional, collaboration, and important service notices;
  • respond to support requests and investigate bug reports;
  • detect abuse, fraud, spam, and technical problems;
  • comply with legal obligations and enforce our terms.

Our lawful bases under UK GDPR include: contract (providing the Services you request), legitimate interests (security, abuse prevention, product reliability, and communicating about your account), legal obligation (for example tax and accounting records), and consent where required (for example optional marketing if we offer it, or certain non-essential cookies/technologies if we introduce them). You may withdraw consent at any time where it applies.

4. Who we share data with

We do not sell your personal data. We share data only where necessary with service providers and other parties listed below. A current summary of key subprocessors is also published at our Subprocessors page.

  • Application hosting - Vercel hosts the MixMemora web application and related edge or serverless infrastructure.
  • Database - MongoDB Atlas stores application data such as accounts, projects, notes, tasks, shares, and related metadata. Our production cluster is hosted in the EU (eu-west-1, Ireland).
  • Object storage - Cloudflare R2 stores media and file objects such as audio uploads, attachments, and avatars.
  • Authentication - Amazon Cognito (AWS, principally eu-west-2, London) for secure sign-in and identity.
  • Payments - Stripe for subscription billing, trials with payment method, and customer portal access.
  • Email delivery - Resend for transactional and service emails (including installer download emails when requested).
  • Abuse prevention - Cloudflare Turnstile may be used to verify that bug report or similar submissions are made by a human.
  • Identity providers you choose - Google, Apple, or other social login providers we enable.
  • Collaborators and recipients you choose - people you invite to projects, or who open view links you create, can see content according to the permissions or link settings you configure.
  • Professional advisers and authorities - where required by law or to protect rights, safety, and security.

Each provider acts as a processor under contract, or as an independent controller where applicable (for example, Stripe's own compliance obligations, or an identity provider's handling of your social login account).

Authorised staff may access account or content data only as needed for support, security, abuse review, billing operations, or legal compliance. Admin actions may be logged.

5. International transfers

Authentication is principally based in the UK (AWS Cognito, eu-west-2). Other providers may process data in the UK, EEA, United States, or other countries, including global edge networks (for example Cloudflare and Vercel).

Where personal data is transferred outside the UK, we use appropriate safeguards such as the UK Extension to the EU-US Data Privacy Framework where applicable, UK International Data Transfer Agreements / Addenda, Standard Contractual Clauses, or equivalent mechanisms required by UK data protection law.

6. How long we keep data

  • Account and cloud content - kept while your account is active. If you schedule account deletion in MixMemora Cloud (Security settings), your account enters a 60-day recovery window. During that window you can cancel deletion and restore access. After the window ends, we permanently delete your account data (projects, files, profile, and related cloud content), except where we must retain limited information longer for security, dispute resolution, backups that rotate on a shorter cycle, or legal compliance.
  • Deletion notices - we email you when deletion is scheduled, again about 3 days before permanent deletion, and when permanent deletion is complete.
  • Billing records - kept as long as needed for tax, accounting, and legal compliance (typically up to 6 years in the UK for certain records).
  • Server, security, and abuse logs - typically retained for up to 90 days, unless needed longer to investigate an incident.
  • Bug and feature reports - retained as long as reasonably needed to investigate, fix, and improve the product, then deleted or anonymised.
  • Installer email requests - used to send the requested message; we do not maintain a marketing list from these requests alone.

You can delete projects and files in MixMemora Cloud, and schedule full account deletion from Security settings. To request a copy of your personal data, or if you need help with deletion, email hello@mixmemora.com. We may need to verify your identity before acting on the request.

7. Your rights (UK / EEA)

If you are in the UK or EEA, you have rights under UK GDPR / EU GDPR including to access, rectify, erase, restrict processing, object, and data portability (where applicable). You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority in the EEA.

To exercise your rights, contact hello@mixmemora.com. We aim to respond within one month, as required by law.

8. United States and global privacy notices

We offer MixMemora worldwide, with primary markets in the United Kingdom, European Economic Area, and United States. If you are a resident of California or another US state with a comprehensive privacy law (such as the CCPA/CPRA), this section applies in addition to the rest of this policy.

We collect the categories of personal information described in Section 2, including identifiers, commercial information (subscription status), internet or electronic network activity (logs and usage), and audio or electronic content you upload. We use that information for the business purposes described in Section 3.

We do not sell personal information and we do not share personal information for cross-context behavioural advertising as those terms are commonly defined under California law. We do not use sensitive personal information to infer characteristics about you.

Subject to legal limits, you may request access, correction, or deletion by emailing hello@mixmemora.com. You will not receive discriminatory treatment for exercising these rights. If we decline a request, you may appeal by replying to our decision email and asking for a review.

9. Cookies and similar technologies

We use strictly necessary technologies to operate sign-in and the Services (for example authentication tokens stored in local storage). Theme preference may also be stored locally. Cloudflare Turnstile may set cookies or similar technologies when CAPTCHA verification is shown. See our Cookie Policy for details.

10. Security

We use technical and organisational measures appropriate to the nature of the data, including encryption in transit, access controls, optional MFA, and monitoring. No online service can guarantee absolute security; please use a strong, unique password and keep your devices secure.

11. Children

The Services are not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it. Where local law sets a different digital consent age, we follow that higher standard.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. For material changes affecting cloud account holders, we will provide additional notice where appropriate.

MixMemora Logo© 2026

MixMemora by Moth Mode Software (Design Mania Limited)

Privacy PolicyTerms of ServiceCookie PolicySubprocessorshello@mixmemora.com

Registered in England & Wales. Company No: 03616535

7 Oak Industrial Park, Chelmsford Road, Great Dunmow, Essex, CM6 1XN, United Kingdom