Mixpanel is a product analytics platform that tracks user behavior at the event level. Because Mixpanel's identify() call links behavioral data to a specific user account, disclosing it accurately requires describing both the anonymous tracking phase and the identified user tracking phase as distinct processing activities.
Last reviewed by Lokker Privacy Engineering
Not legal advice
The example language on this page is provided for educational purposes only. It is not legal advice and does not create an attorney-client relationship. Privacy laws vary by jurisdiction, sector, and the specific technologies you deploy. Always have a qualified privacy counsel or attorney review your privacy policy language to ensure it accurately reflects your actual data practices and complies with applicable law. Policy text alone does not make you compliant: your technical controls must match what the policy describes.
Data collection
This is what your privacy policy needs to describe. Be specific: vague references to "usage data" or "technical information" are not sufficient in most jurisdictions.
Distinct ID (anonymous identifier stored in browser storage or a cookie)
User identity when identify() is called: user ID, email, and custom profile properties
Track events with custom properties: named events and their attributes
Page views and session data when page tracking is enabled
Browser and device metadata
Geographic location derived from IP address
UTM campaign parameters and referral source
Processing purposes
Privacy laws require you to specify the purpose for each category of data processing. These are the purposes typically associated with Mixpanel.
Product analytics: understanding how users engage with features
Funnel analysis and conversion optimization
User retention and cohort analysis
A/B testing and experiment measurement
Customer success and churn risk monitoring
Jurisdiction notes
These are representative notes, not exhaustive legal guidance. Laws continue to evolve and your counsel should review the current requirements for each jurisdiction where your visitors reside.
United States
Mixpanel event and identity data constitutes personal information under the CCPA when linked to a user account. User profiles in Mixpanel may contain email addresses, names, and behavioral history, making this explicitly identifiable personal data. Opt-out rights apply if Mixpanel data is shared with third parties for advertising.
EU and UK (GDPR)
Mixpanel requires consent under the GDPR as a non-essential analytics tool. Mixpanel offers EU data residency (EU servers) for customers who need in-EU processing. Your policy must describe Mixpanel as a data processor, identify the legal basis for processing, and cover data transfers to Mixpanel Inc. in the United States under Standard Contractual Clauses if EU residency is not selected. The identify() call marks a transition from pseudonymous to personally identifiable processing and should be described accurately.
Example language
The examples below are starting points for discussion with legal counsel. They are not approved or jurisdiction-complete language. Your policy must accurately reflect your actual technical configuration and comply with the laws of the jurisdictions where your visitors reside.
Product analytics table row
Mixpanel (Mixpanel, Inc.): Tracks user interactions and events for product analytics, funnel analysis, and retention measurement. Stores an anonymous visitor identifier; when you are identified by logging in, behavioral data may be linked to your user account. Category: Analytics and product intelligence.
Full product analytics disclosure paragraph
We use Mixpanel, a product analytics platform provided by Mixpanel, Inc., to understand how users interact with our website and product. Mixpanel tracks user interactions at the event level, including page views, feature usage, conversions, and custom events. For anonymous visitors, Mixpanel assigns a pseudonymous identifier stored in browser storage. When you log in or create an account, we may use Mixpanel's identity features to link your behavioral data to your user account. Mixpanel processes this data under a data processing agreement as a data processor acting on our behalf. Where consent is required by applicable law, Mixpanel will only activate after you have provided consent through our consent management platform.
Configuration checklist
An accurate policy is only useful if the technical controls behind it work correctly. These are the configuration points to verify for Mixpanel.
Assign Mixpanel to the "Analytics" or "Product Intelligence" category. Do not mark it as Strictly Necessary.
Implement a consent check before Mixpanel's init() call. In opt-in markets, the library must not load before consent is received.
If Mixpanel's identify() is called for authenticated users, ensure that the consent decision made during the anonymous phase carries through to the identified phase. Re-confirming consent may be required if the user's prior decision was a rejection.
Review Mixpanel's data retention settings to ensure they match your policy statements. Mixpanel profiles can persist indefinitely unless expiration is explicitly configured.
Use Consent Validator to confirm that Mixpanel does not contact its ingestion endpoint (api.mixpanel.com) in the reject or no-interaction states.
Policy vs practice
These are common gaps between Mixpanel privacy policy language and what actually happens in the browser. Checking only inside each SaaS admin (CMP, tag manager, or vendor console) rarely answers whether the full stack works together. Lokker tests from the outside: consent state, tag firing, and network requests viewed as one system.
What the policy says
Policies describe Mixpanel as collecting anonymous user behavior for product analytics without disclosing that identify() links behavioral data to named accounts.
Policies state that Mixpanel is consent-gated and loads only after the visitor accepts analytics cookies.
Policies describe EU data residency as sufficient to make Mixpanel GDPR-compliant without further measures.
What Lokker validates
When Mixpanel's identify() is called, pseudonymous session data is merged into a user profile that may include email, name, and account history. Lokker flags whether Mixpanel initialization and identity calls occur before consent is recorded.
Lokker confirms whether Mixpanel's analytics.js initializes and contacts api.mixpanel.com before the CMP has recorded a consent decision. Pre-consent initialization is common even when the policy describes Mixpanel as consent-gated.
EU data residency reduces transfer risk but does not replace consent, a DPA, or accurate policy disclosure. Lokker validates whether Mixpanel fires before a GDPR-required opt-in regardless of where data is stored.
Consent Validator tests your site from the outside, not inside each vendor admin. It runs automated flows across accept, reject, no-interaction, and GPC states and checks whether Mixpanel loads through your CMP and tag manager, whether consent signals are honored, and whether any call to that vendor still occurs when the visitor has opted out.
Questions
References
Regulatory guidance, enforcement decisions, and legal cases referenced on this page.
Regulatory guidance
European Data Protection Board
Explore further
Same category
Validate technical compliance
Verify that Mixpanel event tracking and identify calls stop in the reject state and do not transmit user identity or behavioral data before consent is given.