Privacy Policy

Last updated: April 5, 2026

1. Introduction

2CME UI Inc. (“Company,” “we,” “us,” or “our”) operates Mixscan.me (“the Service”). This Privacy Policy explains how we collect, use, and disclose your information when you use the Service. Effective Date: April 5, 2026.

We use your personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. Some parts of our system connect to the YouTube API Services. When using these features, you are also subject to the YouTube Terms of Service and the Google Privacy Policy.

Interpretation and Definitions

Interpretation

Words with capitalized initial letters have meanings defined below. These definitions apply whether they appear in singular or plural.

Definitions

• Account: A unique account created for you to access our Service or parts of it.
• Affiliate: An entity that controls, is controlled by, or is under common control with a party.
• Company (“the Company”, “We”, “Us” or “Our”): Refers to 2CME UI Inc., operator of Mixscan.me.
• Cookies: Small files placed on your device containing browsing history and related data.
• Country: New York, United States.
• Device: Any device that can access the Service, such as a computer, phone, or tablet.
• Personal Data: Information that relates to an identified or identifiable individual.
• Service: The website and features provided by Mixscan.me.
• Service Provider: A third party that processes data on behalf of the Company.
• Usage Data: Data collected automatically from using the Service.
• Website: Mixscan, accessible from https://mixscan.me
• You: The individual accessing or using the Service.

2. Information We Collect

Personal Data

May include:

• Email address
• First name and last name
• Phone number
• SMS opt-in consent status and timestamp
• AI conversation content (messages sent to and received from AI characters)
• Claim codes redeemed through the Service
• Session IDs and authentication tokens
• Song selections and playlist data
• Google OAuth authentication data (when you log in via Google)
• Any other information you voluntarily provide

Usage Data

Collected automatically and may include:

• IP address
• Browser type and version
• Device type and identifiers
• Pages visited, time spent, and related analytics
• Session recordings via Microsoft Clarity
• Analytics events via Umami

YouTube API Services Usage

IMPORTANT: This Service uses YouTube API Services.

By using Mixscan.me features that connect to YouTube, you acknowledge and agree to the following:

• YouTube Terms of Service – Your use of YouTube through our Service is subject to the YouTube Terms of Service.
• Google Privacy Policy – Your privacy when using YouTube features is governed by the Google Privacy Policy.
• Data Access – When you connect your YouTube account, we may access:
  • Your YouTube channel information
  • Playlist data (if you choose to sync playlists)
  • Basic account info necessary to operate the Service
• Token Storage – We do not collect or store your YouTube login credentials. If you grant access, we store an access token so you can stay connected. You can revoke this at any time via your Google account permissions (https://myaccount.google.com).
• Data Deletion – You can revoke Mixscan.me's access to your YouTube data anytime at your Google security settings.

3. How We Use Your Personal Data

We may use your data to:

• Provide and maintain the Service
• Manage your account
• Contact you with updates or offers (with your consent)
• Send SMS communications (only with your explicit opt-in consent)
• Analyze usage to improve features
• Comply with legal obligations
• Generate AI-powered character responses for your interactions

AI Training: We do NOT use your personal conversation data to train AI models without your separate, explicit consent. Our AI providers (Anthropic, OpenAI, Google) process conversations solely to generate responses per their respective privacy policies.

4. AI-Powered Service Disclosure

Mixscan's characters (including DJ Scanalog and DJ ScratchTracks) are powered by artificial intelligence. These are not real people. We use the following AI providers:

• Anthropic, PBC – PRIMARY AI provider. Conversation data is processed per Anthropic's privacy policy: https://www.anthropic.com/privacy
• OpenAI – FALLBACK AI provider. Privacy policy: https://openai.com/privacy
• Google (Gemini) – FALLBACK AI provider. Privacy policy: https://policies.google.com/privacy

In compliance with California SB 243 and similar laws: all characters on this platform are automated artificial intelligence systems. They are not human beings, licensed therapists, counselors, or mental health professionals. Interactions are for entertainment purposes only and do not constitute professional advice of any kind.

5. Third-Party Services

Our Service integrates with the following third-party services. Each is governed by its own privacy policy.

• Anthropic, PBC – PRIMARY AI processing for character conversations — anthropic.com/privacy
• OpenAI – FALLBACK AI processing — openai.com/privacy
• Google (Gemini) – FALLBACK AI processing — policies.google.com/privacy
• Klaviyo – Email and SMS marketing — klaviyo.com/legal/privacy-notice
• Microsoft Clarity – Session recording and user behavior analytics — privacy.microsoft.com/privacystatement
• Umami – Privacy-first web analytics — umami.is/privacy
• Google OAuth – Authentication — policies.google.com/privacy
• YouTube Data API – Music and video content integration (see YouTube API Services section above)
• PostHog – Product analytics — posthog.com/privacy
• Vercel – Hosting and infrastructure — vercel.com/legal/privacy-policy
• Supabase – Database and authentication — supabase.com/privacy
• Social Media Login – You may create an account or log in using Google or similar platforms. If you do, we may collect information already linked to that account, such as your name, email address, profile picture, and activity data.

Tracking Technologies and Cookies

We use Cookies and similar technologies to operate and improve the Service. You can disable Cookies in your browser settings, but some features may not function properly. Local storage data (such as session preferences) is retained for up to 24 hours.

Data Protection for Sensitive Information

We implement industry-standard security measures to protect sensitive data, including any information accessed via YouTube API Services. This includes:

• Encryption in transit using HTTPS/TLS for all data transfers.
• Secure storage with encryption at rest for applicable data.
• Access controls ensuring that only authorized personnel can access sensitive data.
• Audit and monitoring to detect unauthorized access or data misuse.

We do not sell, rent, or share sensitive information with third parties except as required by law or with your explicit consent.

6. Data Retention

• Conversation logs: Retained for a maximum of 90 days, then deleted
• Analytics data: Retained for 12 months, then deleted
• Account data: Retained until account deletion is requested, plus 30 days for processing
• Email addresses: Retained until you unsubscribe or request deletion
• Local storage data: Automatically cleared after 24 hours

We keep your Personal Data only as long as necessary for the purposes in this Privacy Policy or as required by law.

Transfer of Your Personal Data

Your data may be stored or processed outside your country. We take reasonable steps to ensure it remains secure.

7. Your Rights and Data Deletion

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your personal data
• Withdraw consent at any time

Parents and guardians may exercise these rights on behalf of minor users. To submit a request, contact privacy@2-c.me. We will respond within 30 days.

Vendor Deletion Cascade: Upon a verified deletion request, we will also request deletion of your data from applicable third-party service providers (Anthropic, OpenAI, Google, Klaviyo, PostHog, Supabase, and others) to the extent permitted by those providers' policies.

Disclosure of Your Personal Data

We may disclose personal data:

• To comply with the law
• To protect rights or property
• As part of a business transaction (e.g., sale, merger)

8. Data Security

We use commercially reasonable measures to protect your data, including encryption in transit and at rest. However, no online method is 100% secure.

9. Children's Privacy (COPPA)

This service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@2-c.me and we will delete that information within 30 days.

Parents and guardians may request access to, correction of, or deletion of their child's information by contacting our COPPA Compliance Officer at privacy@2-c.me.

10. Crisis and Safety Resources

This platform is not a crisis service and our AI characters are not crisis professionals. If you or someone you know is in crisis, please contact:

• 988 Suicide & Crisis Lifeline: Call or text 988
• Crisis Text Line: Text HOME to 741741

Links to Other Websites

We may link to third-party sites. We are not responsible for their privacy practices or content.

11. Changes to This Privacy Policy

We may update this Privacy Policy at any time. The new version will be posted here with an updated “Last updated” date. We will provide notice of material changes via email or in-app notification where feasible.

Effective Date: April 5, 2026

12. Contact Us

If you have any questions or requests regarding this Privacy Policy, contact us:
2CME UI Inc.
63 Flushing Ave
Brooklyn, NY 11205
Email: privacy@2-c.me
COPPA Compliance Officer: jAson Entner — privacy@2-c.me