‍Effective Date: April 1, 2026
Last Updated: April 23, 2026

Effective Date: April 1, 2026. This Privacy Policy ("Policy") is entered into and is effective from April 1, 2026 between CELERITY STUDIOS INDIA PRIVATE LIMITED (the “Company”) having its registered office at 3rd floor, CASP Bhavan, Baner Pashan Link Road, Pune 411021, State: Maharashtra, Country: INDIA together with its affiliates and subsidiaries, (collectively "MIXXI", "we", "us" or "our"), which expression shall unless repugnant to the context or meaning thereof be deemed to mean and include its successors and assigns, and you, the user of our Service ("User", "you" or "your").

NOW, THEREFORE, the terms of this Policy are as follows:

1. Purpose and Scope

1.1 MIXXI is engaged in the business of providing an AI-native short-form music video remix platform that allows users to create personalized music videos through an artificial intelligence-powered platform accessible via website (mixxi.ai), mobile applications, and related services (collectively, the "Service").

1.2 This Policy describes how MIXXI processes User Information that we collect through our Service, including our website (mixxi.ai), mobile applications, social media pages, WhatsApp sharing features, MIXXI RISING live competition series, and other activities described in this Policy. This Policy applies to all Users of the Service, whether registered or unregistered, free tier or paid subscription holders.

1.3 MIXXI may provide additional or supplemental privacy policies to Users for specific products, services, or features at the time we collect User Information (as defined below). Any such supplemental policies shall be read in conjunction with this Policy.

1.4 Special Notice Regarding Biometric Data Processing

The service's core functionality requires processing facial biometric data from photographs you upload to create ai-generated avatars ("Stars"). By uploading photographs and creating avatars, you provide explicit consent to the collection and processing of facial biometric information as described in this policy. If you do not consent to biometric data processing, you may not use avatar creation and AI video generation features of the service. Detailed information about biometric data processing is provided in section 3.1(m) and section 3.6 below.

2. Definitions

2.1 "Biometric Data" means facial biometric identifiers and information derived from photographs you upload, including facial geometry, facial landmarks, facial feature measurements, facial expressions collected from User photographs for the purpose of AI avatar creation and video generation.

2.2 “Culture Graph” means MIXXI’s system for analyzing user interactions and content trends to improve the Service and personalize user experience.

2.3 "Personal Information" means information that relates to an identified or identifiable natural person, including but not limited to name, email address, telephone number, billing address, payment information, and any other information that can be used to identify a User.

2.4 "Service Providers" means third parties that are engaged by MIXXI to provide services on behalf of MIXXI or help MIXXI operate the Service or our business, including hosting, information technology, customer support, email delivery, marketing, payment processing, analytics, and other similar services.

2.5 "User Information" means any and all information collected by MIXXI from or about Users, whether provided directly by the User or collected automatically, and shall include, without limitation, personal information, technical information, usage information, user-generated content, payment information, and any other information described in Clause 3 of this Policy, in any form, whether written, oral, electronic, or otherwise.

Unless otherwise defined herein, capitalized terms used in this Privacy Policy shall have the meanings ascribed to them in the MIXXI Terms of Service.

3. Scope of User Information Collected

3.1 Information you provide to us
‍
MIXXI may collect the following categories of User Information that you provide directly through the Service:

a. Contact data, including your first and last name, email address, mailing address, billing address, and phone number;

b. Profile data, including username and password for your MIXXI account, profile information, biographical details, preferences, interests, links to social media profiles, subscription tier selection (Free, Pro A, Studio A), and any other information you add to your account profile;

c. Demographic data, including age, date of birth, gender, geographic location, and language preferences;

d. User-generated content, including photographs and images uploaded by you for avatar creation under the Star layer, videos created through the Service (MIXXIs), layer selections (Song, Star, Look, Move, World), remixes, votes, likes, shares, comments, messages, and other content you create, transmit, or make available through the Service, along with associated metadata;

e. Communications data, including the contents of your messages when you contact us through the Service, email, social media, customer support channels, or otherwise;

f. Transactional data, including information relating to or needed to complete your transactions on the Service, including subscription purchases, Power Ups, Premium Asset purchases, SMS voting, order numbers, transaction history, and purchase preferences;

g. Payment data, including payment card information, UPI wallet details (such as Paytm wallet information), bank account information, and billing details. Payment data is collected and stored by our payment processors and not by MIXXI directly, to the extent required for transaction processing and record-keeping;

h. Competition and voting data, including your participation in MIXXI RISING competition series, voting history, engagement with live episodes, and prize-related information;

i. Creator monetization data, for Users who create Premium Assets or participate in the creator economy, including asset creation details, NNA (Naming, Numbering, Addressing) identifiers, revenue attribution data, earnings information, and payout details;

j. Feedback data, including information regarding your experiences with the Service, survey responses, and product feedback;

k. Marketing data, including your preferences for receiving marketing communications and details about your engagement with such communications;

l. Other data not specifically listed here, which we will use as described in this Policy or as otherwise disclosed at the time of collection in accordance with this Policy.

m. Biometric data, including:
‍
i. Facial Biometric Information:
When you upload photographs to create avatars under the Star layer, our AI technology analyzes and extracts facial biometric data, including facial landmarks (eye positions, nose tip, mouth corners, jawline contours), facial geometry (distances between facial features, facial proportions), facial expressions, and other biometric identifiers necessary for avatar creation and video generation;

ii. Purpose-Limited Collection:
Biometric data is collected solely for the purpose of generating personalized AI avatars that resemble your appearance and enabling AI-powered music video creation featuring your avatar;

iii.Explicit Consent Requirement:
Collection of biometric data occurs only after you affirmatively upload a photograph and initiate avatar creation, constituting your explicit consent to biometric processing;

iv. No Third-Party Sharing:
We do not sell, rent, share, or disclose your facial biometric data to any third parties, including advertisers, data brokers, brand partners, or other commercial entities except as required for provision of the Service or under applicable law.

3.2 Automatic Data Collection

We and our Service Providers, may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications, and other online services, including through cookies and similar tracking technologies as described below:

a. Device data, including your computer or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state, or geographic area;

b. Online activity data, including pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you have opened our marketing emails or clicked links within them;

c. Usage and engagement data, including information tracked by our algorhythm recommendation engine such as views, likes, shares, remixes, and votes; layer selections and preferences; content creation patterns; engagement with MIXXI RISING episodes; interaction with branded content and advertisements; and behavioral patterns captured by our Culture Graph;

d. Communication interaction data, including details of your interactions with WhatsApp deep links, social media sharing, in-app messaging, and referral activities.

3.3 Cookies and Similar Technologies
‍
Some of our automatic data collection is facilitated by cookies and similar tracking technologies. For more details on how we use these technologies and your choices, please refer to Section [9.5] below.

3.4 Data About Others
‍
We may offer features that help Users invite their friends or contacts to use the Service, and we may collect their limited contact details (such as name and email address or phone number) so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so. If you share your, or others', details via third-party platforms (e.g., WhatsApp, other messaging applications), those third-party platforms process such information in accordance with their privacy policies, and we are not responsible for such processing.
‍
3.5 Third-Party Sources

We may obtain User Information from third parties, including:

a. Service Providers who help us operate the Service;

b. Payment processors such as Paytm and other UPI wallet providers, and telecommunications providers for SMS voting;

c. Social media platforms when you interact with our Service through such platforms;

d. Advertising and analytics providers;

e. Business partners, including brand sponsors, content partners;

f. Publicly available sources and data aggregators.

3.6 Detailed Biometric Data Processing Practices

Given the sensitive nature of biometric data, we provide the following detailed disclosures about our biometric processing practices:
‍
a. Collection Method and Technology

i Facial biometric data is extracted using AI-powered facial recognition and analysis algorithms when you upload photographs for avatar creation;

ii. The technology identifies key facial landmarks, measures facial geometry, and creates a mathematical representation (biometric template) of your facial features;

iii. Where technically feasible, initial facial analysis occurs on your device (client-side processing) before any data transmission to our servers.

b.  On-Device Processing Priority

i. We prioritize on-device biometric processing where technically possible to minimize data transmission;

ii. When on-device processing is utilized, raw facial biometric templates remain on your device and are not transmitted to or stored on our servers;

iii. Only the processed avatar model (output) is uploaded to our servers for video generation purposes ;

iv. For certain advanced features or older devices where on-device processing is not feasible, biometric processing may occur on our secure servers with encrypted data transmission.

c. Use Limitations

Your facial biometric data is used exclusively for:
‍
i. Creating AI-generated avatars that resemble your facial features;

ii. Generating personalized music videos featuring your avatar;

iii. Enabling facial expression mapping, lip synchronization, and motion transfer in MIXXIs;

iv. Improving avatar quality, realism, and animation accuracy through technical optimization.

Biometric data is NOT used for:

i. Surveillance, tracking, or monitoring;

ii. Targeted advertising or user profiling;

iii. Facial recognition across the Platform to identify you in other users' content;

iv. Commercial purposes unrelated to avatar creation and video generation;

v. AI model training or machine learning purposes.

d. Retention and Deletion

i. Transient Processing: Raw facial biometric data and biometric templates are processed transiently during avatar creation and are not permanently stored on our servers;

ii. Avatar Retention: The processed avatar (output product) is retained as long as your account remains active or until you delete it;

iii. User-Initiated Deletion: You may delete your avatar at any time through Settings > My Avatars > Delete Avatar. Deletion permanently removes the avatar and all associated facial mapping data from our active systems within seventy-two (72) hours;

iv. Account Closure: Upon account closure, all avatars and associated facial data are deleted within ninety (90) days in accordance with Section 5.3;

v. No Long-Term Biometric Storage: We do not maintain long-term databases of facial biometric templates or raw facial recognition data.
‍
e. Security Safeguards for Biometric Data

We implement enhanced security measures specifically for biometric data protection:

i. End-to-end encryption (TLS 1.3 or higher) during any data transmission;

ii. Encryption at rest using AES-256 or equivalent standards for any temporary biometric data storage;

iii. Strict access controls limiting biometric data access to authorized personnel and systems only;

iv. Automated deletion protocols to prevent unauthorized retention;

v. Regular security audits and penetration testing focused on biometric data protection;

vi.  Segregation of biometric data from other user data in separate secure environments;

vii.  Multi-factor authentication requirements for any system access to biometric processing infrastructure.

f. Legal Basis for Processing

i. Processing of biometric data is based on your explicit, informed, and freely-given consent provided when you upload photographs and create avatars;

ii. Consent is specific to biometric processing for avatar creation purposes;

iii. You may withdraw consent and delete your avatar at any time, though this will prevent use of avatar-based features going forward.

g. Use of Photographs and User Responsibility

Users may only upload photographs of themselves. Uploading photographs of any other individual (including celebrities, public figures, or third parties) is strictly prohibited. Users are solely responsible for any content uploaded and any violation of this requirement.‍‍‍

4. Purpose of Data Collection and Usage

MIXXI may use User Information for the following purposes or as otherwise described at the time of collection:

4.1 Service Delivery and Operations

We use User Information to:

a. Provide, operate, maintain, and improve the Service, including all features and functionalities;

b. Generate personalized AI-powered music videos based on your layer selections and preferences;

c. Create and manage your user account and subscription tier (Free, Pro A, Studio A);

d. Process your transactions, including subscription payments, Power Ups, Premium Asset purchases, SMS votes;

e. Administer MIXXI RISING live competition series, including tracking votes, determining winners, and distributing prizes;

f. Implement the NNA Framework for creator attribution and revenue distribution;

g. Enable sharing of MIXXIs via WhatsApp deep links and other social platforms;

h. Communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;

i. Understand your needs and interests and personalize your experience with the Service and our communications;

j. Provide customer support and respond to your questions, comments, feedback, and requests;

k. Enable security features of the Service, such as by sending you security codes and remembering devices from which you have previously logged in.

4.2 Research and Development

We use User Information to analyze and improve the Service and to develop new products, services, and features, including by:

a. Analyzing usage patterns and trends through our Culture Graph and algorhythm systems;

b. Testing, research, analysis, and product development to improve the Service and develop new features;

c. Training and improving our AI models for video generation, avatar creation, motion transfer, lip sync, and other AI-powered features;

d. Understanding which songs, creators, visual aesthetics, and cultural moments resonate with Users for better content curation;

e. Measuring engagement signals (views, likes, shares, remixes, votes) to surface genuine intent and improve recommendation systems.

f. AI Model Training and Improvement - Transparency Disclosure
We use certain User Information to train, improve, and develop our artificial intelligence models and machine learning algorithms. This section provides complete transparency about what data is and is not used for AI training:
‍
i. Data Used for AI Training (With Your Consent)

- Aggregated and Anonymized User Content: Anonymized and aggregated patterns from avatar usage (not raw photographs or biometric data) may be used to improve avatar generation quality and animation realism;

- Generated MIXXIs: AI-generated videos you create may be analyzed (in anonymized form) to improve video generation algorithms, visual quality, and motion transfer accuracy;

- User Engagement Data: Your interaction patterns (likes, shares, views, layer selections, remix behaviors) are used to train and improve algorhythm recommendation system;

- Layer Combination Patterns: Aggregated data about which song, look, move, and world combinations are selected together to enhance content curation and recommendation accuracy;

- Cultural Graph Data: Engagement signals and content relationships used to train systems that understand cultural trends and music-visual aesthetic connections.

ii.  Data NEVER Used for AI Training

- Facial Biometric Data: Raw facial biometric information, biometric templates, and facial recognition data extracted from your photographs are NEVER used to train AI models or for any machine learning purposes;

- Original Uploaded Photographs: Your original uploaded photographs are not used for AI training purposes;

- Personal Identifiable Information: Your name, email, contact information, payment data, and other PII are never used for AI training;

- Private Communications: Messages, support inquiries, and private communications are never used for AI training;

- Content Marked Private: Any content you designate as private or unpublished is excluded from AI training datasets.

iii. Your Opt-Out Rights
‍
You have granular control over AI training data usage:

- Opt-Out Mechanism: Navigate to Settings > Privacy & Data Control > AI Training Preferences to enable "Do Not Use My Data for AI Training";

- Scope of Opt-Out: Opting out prevents your future User Content (generated MIXXIs) and engagement patterns from being included in AI training datasets;

- No Service Degradation: Opting out does not affect your ability to use core Platform features, though personalized recommendations may be less tailored to your specific preferences;

- Retroactive Removal: If you opt-out, we will make commercially reasonable efforts to remove your previously collected data from active AI training datasets, though data already incorporated into trained models cannot be extracted;

- Consent Withdrawal: You may withdraw the consent provided by you at any time;

- Timeline: Opt-out preferences take effect within fourteen (14) days of your selection.

4.3 Marketing and Advertising
‍
We and our Service Providers may use User Information to:

a. Send you direct marketing communications about MIXXI products, services, offers, promotions, and events, and personalize these messages based on your needs and interests;

b. Display advertisements to you, including targeted advertising based on your interests and behavior;

c. Administer promotional activities, including contests, sweepstakes, surveys, and MIXXI RISING competitions;

d. Conduct brand partnership activities, including Branded Worlds, Sponsored Episodes, and Branded Asset Catalogs;

e. Deliver programmatic advertising utilizing MIXXI's first-party behavioral data;

f. Analyze advertising effectiveness and User engagement with sponsored content.

4.4 Compliance and Protection
‍
We use User Information to:

a. Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations, or requests from government authorities;

b. Protect our, your, or others' rights, privacy, safety, or property (including by making and defending legal claims);

c. Audit our internal processes for compliance with legal and contractual requirements or our internal policies;

d. Enforce the terms and conditions that govern the Service;

e. Prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks, identity theft, intellectual property infringement, and unauthorized use of copyrighted materials;

f. Monitor and ensure compliance with our content policies and creator guidelines;

g. Verify creator identity and prevent fraud in the creator economy and monetization systems.

4.5 Creation of Aggregated, De-identified and/or Anonymized Data

We may create aggregated, de-identified and/or anonymized data from User Information and other individuals whose information we collect. We make information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service, promote our business, understand cultural trends, and provide insights to business partners.

4.6 Further Uses
‍
In some cases, we may use User Information for further uses, in which case we will ask for your consent to use your information for those further purposes if they are not compatible with the initial purpose for which information was collected.‍

5. Data Retention and Security

5.1 Retention Period

We generally retain User Information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. The length of time for which we retain information depends on the purposes for which we collected and use it and your choices.

a. Inactive User Automated Erasure (DPDP Compliance)

In accordance with Digital Personal Data Protection Rules, 2025, we implement automated data erasure for inactive user accounts:

i. Dormancy Definition: An account is considered dormant or inactive if there has been no login, content creation, engagement activity, or Platform interaction for a continuous period of three (3) years;

ii. Automated Erasure Timeline: Personal data of dormant accounts will be automatically erased after three (3) years of continuous inactivity, except where retention is required by law or necessary for pending legal claims;

iii. Pre-Erasure Notifications: We will send automated email notifications to the email address associated with your account at:

- One hundred eighty (180) days before scheduled erasure;
- Ninety (90) days before scheduled erasure;
- Thirty (30) days before scheduled erasure;
‍
Seven (7) days before scheduled erasure (final notice).

iv. Reactivation to Prevent Erasure: You may prevent automated erasure by logging into your account at any time before the erasure date. Account reactivation resets the dormancy period;

v. Scope of Erasure: Automated erasure includes all personal data, User-generated content, avatars, MIXXIs, profile information, engagement history, and account credentials;

iv. Exceptions to Automated Erasure: Data will not be automatically erased if:

- Retention is mandated by law (e.g., financial records for tax compliance, transaction records for audit requirements);

- Data is subject to legal hold, ongoing litigation, or regulatory investigation;

- Retention is necessary for establishment, exercise, or defense of legal claims;

- You have explicitly requested extended retention for legitimate purposes.

b. Category-Specific Retention Periods
‍
i. Financial and Transaction Data: Seven (7) years from transaction date for tax and audit compliance;

ii. Creator Economy Data (NNA Framework): Seven (7) years for revenue attribution, royalty calculations, and financial record-keeping;

iii. Legal Compliance Records: As required by applicable law (typically 7-10 years for financial records);

iv. Biometric Data: Processed transiently only; no long-term retention (see Section 3.6.4);

v. Marketing Consent Records: Three (3) years after consent withdrawal or account closure;

vi. Grievance and Support Records: Three (3) years after case resolution for accountability and quality assurance.

c. Factors Determining Retention: To determine the appropriate retention period for User Information, we consider factors such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements.

d. Content Retention: User-generated content, including created MIXXIs, may remain on our active servers for thirty (30) days after you remove such content from your account. Copies of the content may be held in backups of our application databases. If you choose to cancel your account, your content will immediately become inaccessible and should be purged from our systems in full within ninety (90) days. These retention periods may be extended if required for legal purposes such as litigation holds, law enforcement requests, or specific tax/financial audits.

5.2 Creator Economy Data

Information related to the NNA Framework, creator attribution, revenue distribution, and transaction history may be retained for longer periods as necessary for financial record-keeping, audit requirements, and creator payment obligations.

5.3 Deletion of Information

When we no longer require the User Information we have collected about you, we may either delete it, anonymize or aggregate it, or isolate it from further processing.

5.4 Security Measures

We employ technical, organizational, and physical safeguards designed to protect the User Information we collect, including:

a. Encryption of data in transit and at rest;

b. Access controls and authentication mechanisms;

c. Regular security assessments and audits;

d. Secure payment processing through certified payment processors;

e. Employee training on data protection and confidentiality;

f. Incident response procedures for data breaches.

5.5 Limitation of Security

However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your User Information. You acknowledge that you provide your information at your own risk.‍

6. Data Sharing and Disclosure

‍MIXXI may share User Information with the following categories of parties and as otherwise described in this Policy, in other applicable notices, or at the time of collection:
‍
6.1 Service Providers and Third-Party Processors

We engage third-party Service Providers to perform functions and provide services on our behalf. These Service Providers have access to User Information only to perform specific tasks and are contractually obligated to protect your information in accordance with this Policy and applicable law.

a. Categories and Examples of Service Providers

‍i. Cloud Hosting and Infrastructure: Amazon Web Services (AWS), Google Cloud Platform, or similar providers for data storage, computing infrastructure, and content delivery;

ii. AI Model Providers and Technology Partners: Third party technology providers and other AI technology partners for avatar generation, video synthesis, motion transfer, and AI-powered features;

iii. Payment Processing: Paytm, PhonePe, Google Pay, Stripe, Razorpay, and other payment gateways and UPI wallet providers for subscription payments, transactions, and creator payouts;

iv. Analytics and Performance Monitoring: Google Analytics, Mixpanel, Amplitude, or similar analytics platforms for usage tracking, performance monitoring, and service improvement;

v. Customer Support and Communications: Zendesk, Freshdesk, Intercom, or similar platforms for customer support ticket management and user communications;

vi. Email and Marketing Automation: SendGrid, Mailchimp, Amazon SES, or similar services for transactional emails, marketing communications, and notification delivery;

vii. SMS and Telecommunications: Telecommunications carriers, and SMS gateway providers for SMS voting in MIXXI RISING and account verification;

viii. Content Delivery Network (CDN): Cloudflare, Akamai, or similar CDN providers for fast content delivery and DDoS protection;

ix. Security and Fraud Prevention: reCAPTCHA, fraud detection services, and cybersecurity tools for Platform security and abuse prevention;

x. Professional Advisors: Legal counsel, accountants, auditors, and consultants who assist with business operations and compliance.
‍
b. Data Processing Agreements and Safeguards

‍i. All Service Providers are bound by written data processing agreements requiring them to implement appropriate technical and organizational security measures;

ii. Service Providers are contractually prohibited from using your data for their own purposes or disclosing it to third parties without authorization;

iii. We conduct vendor due diligence and periodic audits to ensure Service Provider compliance with data protection obligations;

iv. Service Providers processing data outside India are subject to cross-border transfer safeguards described in Section 8.

c. No Biometric Data Sharing

Facial biometric data is NEVER shared with third-party Service Providers, advertising networks, or any other external parties.

6.2 Payment Processors

Payment card information, UPI wallet information, and other payment data you use to purchase the Service is collected and processed directly by our payment processors, including Paytm and other UPI wallet providers, telecommunications providers for SMS voting, or similar payment gateways. These payment processors may use your payment data in accordance with their respective privacy policies.

6.3 Business Partners

Third parties with whom we partner to offer products, services, or features, including:

a. Music labels and rights holders for licensed song catalog;

b. Brand sponsors for Branded Worlds, Sponsored Episodes, and Branded Asset Catalogs;

d. Celebrity partners and content creators for MIXXI RISING;

e. Advertising networks and programmatic advertising platforms;

f. Social media platforms for sharing and distribution features.
‍
6.4 Creators and Other Users

When you participate in the creator economy or create content on the Service:

a. Your username, profile information, and created MIXXIs may be visible to other Users;

b. Your engagement activities (views, likes, shares, remixes, votes) may be visible to content creators;

c. If you create Premium Assets, your creator profile and asset attribution information will be visible to Users who utilize your assets;

d. Aggregated attribution and revenue data may be shared with IP creators and remixers revenue-sharing model;

e. Competition participants in MIXXI RISING may have their participation, ranking, and performance publicly disclosed.
‍
6.5 Authorities and Legal Parties

Law enforcement, government authorities, regulatory bodies, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described in Clause 4.4 above, including to comply with legal obligations, protect rights and safety, and respond to lawful requests.

6.6 Business Transferees

We may disclose User Information in the context of actual or prospective business transactions, including:

a. Investments in MIXXI, financing transactions, or public offerings;

b. Sale, transfer, or merger of all or part of our business, assets, or shares;

c. We may need to share certain User Information with prospective counterparties and their advisers;

d. We may disclose your information to an acquirer, successor, or assignee as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
‍
6.7 With Your Consent

In other cases, not covered by this Policy, we will ask for your consent before sharing your User Information with third parties.
‍
6.8 Publicly Available Information

Certain information you provide may be publicly accessible, including your username, profile information, created MIXXIs that you choose to publish, and your participation in public competitions and events.‍

7. User Rights and Choices

7.1 Access or Update Your Information

If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account through the Service.

7.2 Opt-Out of Communications

You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at the email address provided in Clause 13. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails, including account notifications, transaction confirmations, and security alerts.

7.3 Cookies and Browser Controls

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the Service.
‍
7.4 Advertising Choices

You may limit the use of your information for targeted advertising by:

a. Adjusting your mobile device settings to limit ad tracking;

b. Using browser privacy settings and extensions;

c. Opting out of interest-based advertising through industry opt-out mechanisms;

d. Contacting us to request exclusion from targeted advertising programs.

7.5 Do Not Track Signals

Some browsers may transmit "do-not-track" signals. Web browsers may incorporate or activate these features differently, making it unclear if users have consciously activated them. As a result, at this time, we do not take steps to respond to such signals.

7.6 Manage Subscription Tier

You may change your subscription tier (Free, Pro A, Studio A) at any time through your account settings. Changes to paid subscriptions will be effective according to the terms of your subscription agreement.

7.7 Control Content Visibility

You may control the visibility of your created MIXXIs and choose whether to publish content publicly or keep it private through your account settings.

7.8 Manage Creator Profile

If you participate in the creator economy, you may update your creator profile information and manage your Premium Asset catalogue through the creator dashboard.

7.9 Delete Your Content or Close Your Account

You may delete certain content through your account. Content removed from your account may remain on our active servers for thirty (30) days, and copies may be held in backups thereafter. If you wish to request that your account be closed, please contact us at the email address provided in Clause 13. Upon account closure, your content will become immediately inaccessible and should be purged from our systems within ninety (90) days, subject to the retention requirements described in Clause 5.

7.10 Rights Under Indian Law

Subject to applicable law, you may have certain rights regarding your User Information, including:

a. The right to access and obtain a copy of your User Information;

b. The right to correct inaccuracies in your User Information;

c. The right to request deletion of your User Information in certain circumstances;

d. The right to object to or restrict certain processing of your User Information;

e. The right to withdraw consent where processing is based on your consent.

To exercise these rights, please contact us using the contact information provided in Clause 13.
‍
7.11 Granular Consent Management and Preferences

We implement a layered consent framework that provides you with granular control over different data processing purposes. You may manage your consent preferences at any time through Settings > Privacy & Data Control.

a. Essential Service Consent

‍The following processing activities are essential for Service operation and cannot be disabled while maintaining an active account:

i. Account creation, authentication, and management;

ii. Provision of core Platform functionality (AI video generation, content creation);

iii. Biometric data processing for avatar creation (if you choose to use avatar features);

iv. Security, fraud prevention, and Platform integrity;

v. Compliance with legal obligations and law enforcement requests;

vi. Enforcement of Terms of Service and community guidelines.

b. Optional Feature Consent
‍
You have individual control over the following optional processing purposes:

i. Personalized Recommendations:
‍
- Purpose: Processing your viewing history, engagement patterns, layer selections, and preferences to provide personalized content recommendations and layer combination suggestions;

- Opt-Out Effect: Disabling results in generic, non-personalized content curation based on popularity and trending metrics;

- Current Status: [Enabled by default - toggle in Settings]

ii. Marketing Communications:

- Purpose: Sending promotional emails, notifications, and offers about new features, Premium Assets, MIXXI RISING competitions, subscription upgrades, and special events;

- Opt-Out Effect: You will continue to receive essential service-related communications (account notifications, security alerts, transaction confirmations) but no marketing content;

- Opt-Out Methods: (i) Settings > Notifications > Marketing Emails, or (ii) "Unsubscribe" link in any marketing email;

- Current Status: [Opt-in during registration - modifiable anytime]

iii. Behavioral Data Sharing with Brand Partners:

- Purpose: Sharing aggregated (non-identifiable) behavioral data and engagement patterns with brand sponsors for campaign performance measurement;

- Opt-Out Effect: Your data will not be included in aggregated datasets shared with brand partners; you may still see branded content but it will not be personalized based on your behavior;

- Current Status: [Enabled by default - toggle in Settings]

iv. AI Training Data Usage:

- Purpose: Using your generated MIXXIs and engagement data (in anonymized form) to train and improve AI models;

- Opt-Out Effect: Your future data will not be included in AI training datasets; personalized recommendations may be slightly less accurate;

- Current Status: [Enabled by default - toggle in Settings > AI Training Preferences]

v. MIXXI RISING Competition Participation:

- Purpose: Processing additional data including video submissions, voting activity, public display of your content, rankings, and payment information for prize distribution;

- Opt-In Method: Explicit consent required when you first participate in MIXXI RISING;

- Withdrawal Effect: You will be unable to participate in current or future MIXXI RISING competitions;

- Current Status: [Opt-in only - requires separate consent]

c. Managing Your Consent Preferences

‍i. Consent Dashboard: Access Settings > Privacy & Data Control to view all consent preferences in one centralized location;

ii. Toggle Controls: Use simple toggle switches to enable or disable each optional processing purpose;

iii. Consent History: View a record of your consent decisions and modifications;

iv. Withdrawal Process: Changes to consent preferences take effect within fourteen (14) days;

v. Re-Consent Option: You may re-enable any previously withdrawn consent at any time.

8. Third-Party Services and Links
‍
8.1 Third-Party Platforms

The Service may contain links to websites, mobile applications, social media platforms, and online services operated by third parties, including WhatsApp, social media sharing platforms, payment processors, and commerce partners. These third-party services are not under our control, and we are not responsible for their privacy policies or practices.

8.2 Limitation of Responsibility

If you choose to use third-party services in connection with the Service, including sharing MIXXIs via WhatsApp or making payments through Paytm or other processors, you do so at your own risk. We encourage you to review the privacy policies of these third-party services before providing them with your information.

8.3 Third-Party Content

The Service may display content, including branded content, advertisements, and Premium Assets created by third parties. Our inclusion of such content does not imply endorsement of those third parties or their practices.

9. Compliance with Indian Law
‍
9.1 Applicable Laws

MIXXI is committed to compliance with applicable laws.

9.2 Consent

By using the Service and providing User Information, you consent to the collection, use, storage, sharing, and disclosure of your information as described in this Policy and in accordance with applicable law. Where requied by law, we will obtain your explicit consent for specific processing activities.

9.3 Right to Withdraw Consent

You may withdraw your consent to the processing of your User Information at any time by contacting us as specified in Clause 13. Please note that withdrawal of consent may affect your ability to use certain features of the Service or may require us to terminate your account.

9.4 Grievance Redressal

In accordance with the Information Technology Act, 2000 and applicable rules, MIXXI has appointed a Grievance Officer to address your concerns regarding User Information. The Grievance Officer's contact details are provided in Clause 13.

9.5 Cookies and Tracking Technologies - Detailed Disclosure

The Service uses cookies, web beacons, pixels, local storage, and similar tracking technologies. This section provides detailed information about our use of these technologies

Types of Cookies We Use

i. Strictly Necessary Cookies (Cannot Be Disabled)

- Purpose: Essential for Service operation, including session management, authentication, security, load balancing, and fraud prevention;

- Examples: Session cookies, authentication tokens, CSRF protection tokens, load balancer cookies;

- Duration: Session cookies (deleted when browser closes) or up to 90 days for persistent authentication;

- Opt-Out: Cannot be disabled as they are essential for Service functionality;

ii. Performance and Analytics Cookies (Opt-In Required)

- Purpose: Collect information about how users interact with the Service to improve performance, identify errors, and understand usage patterns;

- Examples: Google Analytics cookies (_ga, _gid), Mixpanel cookies, error tracking cookies;

- Data Collected: Pages visited, time on page, navigation paths, device type, browser type, geographic region (city-level);

- Duration: Up to 2 years;

- Third Parties: Google LLC, Mixpanel Inc.;

- Opt-Out: Settings > Privacy > Cookie Preferences > Performance Cookies [Disabled by default - requires opt-in]

iii. Functionality Cookies (Opt-In Required)

- Purpose: Remember your preferences and choices to provide personalized experience;

- Examples: Language preference, subscription tier display, layer selection history, volume settings, tutorial completion status;

- Duration: Up to 1 year;

- Opt-Out: Settings > Privacy > Cookie Preferences > Functionality Cookies [Enabled by default - can be disabled]

iv. Advertising and Targeting Cookies (Opt-In Required)

- Purpose: Deliver targeted advertising based on your interests and behavior, measure ad effectiveness, and limit ad frequency;

- Examples: Ad network cookies from Google Ads, Facebook Pixel, programmatic advertising platform cookies;

- Data Collected: Ad views, ad clicks, content engagement, inferred interests, remarketing lists;

- Duration: Up to 13 months;

- Third Parties: Google Ads, Meta Platforms, programmatic advertising networks;

- Opt-Out: Settings > Privacy > Cookie Preferences > Advertising Cookies [Disabled by default - requires explicit opt-in]

v. Cookie Consent Banner

‍Upon first accessing the Service, you will be presented with a cookie consent banner providing the following options:

- "Accept All": Consent to all cookie categories;

- "Reject Non-Essential": Allow only Strictly Necessary Cookies;

- "Customize": Granular selection of cookie categories;

- Your cookie preferences are stored for 12 months and can be modified anytime in Settings.

vi. Managing Cookie Preferences

‍-In-App Controls: Settings > Privacy > Cookie Preferences provides toggle controls for each cookie category;

- Browser Controls: Most browsers allow you to refuse cookies or delete existing cookies through browser settings. Note that disabling cookies may affect Service functionality;

- Do Not Track Signals: We honor browser "Do Not Track" (DNT) signals for non-essential cookies where technically feasible. When DNT is enabled, we disable Performance, Functionality, and Advertising cookies;

- Third-Party Opt-Out Tools
‍
a. Google Ads Settings: adssettings.google.com

b. Facebook Ad Preferences: facebook.com/ads/preferences

c. Network Advertising Initiative: optout.networkadvertising.org

d. Digital Advertising Alliance: optout.aboutads.info

vii. Third-Party Cookies and Privacy Policies

‍We are not responsible for third-party cookie practices. We encourage you to review their privacy policies.

viii. No Biometric Data in Cookies

‍Cookies never contain facial biometric data, photographs, or biometric templates. Biometric processing is handled separately through secure API calls, not cookie-based technologies.

10. Changes to This Privacy Policy

10.1 Right to Modify

We reserve the right to modify this Policy at any time in our sole discretion. If we make material changes to this Policy, we will notify you by:

a. Updating the Effective Date of this Policy;

b. Posting the modified Policy on the Service;

c. Sending you an email notification to the email address associated with your account;

d. Displaying a prominent notice on the Service; or

e. Other appropriate means as required by applicable law.

10.2 Effective Date of Modigications

Any modifications to this Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the effective date of any modified Policy indicates you are acknowledging and agreeing that the modified Policy applies to your interactions with the Service and our business.

10.3 Review of Policy

We encourage you to review this Policy periodically to stay informed about our information practices and the choices available to you.

11. Contact Information

11.1 General Inquiries

If you have any questions, comments, or concerns about this Policy or our privacy practices, please contact us at:

- Email: grievance@mixxi.ai

- Postal Address: MIXXI (CELERITY STUDIOS INDIA PRIVATE LIMITED) Pune, Maharashtra, India

11.2 Grievance Officer

For complaints or grievances regarding User Information under Indian law, please contact our Grievance Officer:

- Name: Yashanshu Bhardwaj

- Email: grievance@mixxi.ai

- Postal Address: 3rd floor, CASP Bhavan, Baner Pashan Link Road, Pune 411021, Maharashtra, India

The Grievance Officer will acknowledge receipt of your complaint within forty-eight (48) hours and endeavor to resolve the complaint within one (1) month from the date of receipt, or such other period as may be prescribed by applicable law.

11.3 Data Protection Officer (DPO)

For matters specifically related to data protection, privacy rights under the Digital Personal Data Protection Act, and data processing practices, you may contact our Data Protection Officer:

- Name: Yashanshu Bhardwaj

- Email: dpo@mixxi.ai

- Postal Address: Data Protection Officer, MIXXI (CELERITY STUDIOS INDIA PRIVATE LIMITED), 3rd floor, CASP Bhavan, Baner Pashan Link Road, Pune 411021, Maharashtra, India

The DPO is responsible for:

a. Monitoring compliance with Digital Personal Data Protection Act, 2023 (“DPDP Act”) and this Privacy Policy;

b. Advising on data protection impact assessments;

c. Cooperating with the Data Protection Board of India;

d. Serving as point of contact for data protection authorities;

e. Overseeing data breach response and notification processes.

12. Governing Law and Jurisdiction

12.1 Governing Law
‍
This Policy shall be governed and construed in accordance with the laws of India, without regard to its conflict of law provisions.

12.2 Jurisdiction

Any disputes arising out of or relating to this Policy or the processing of User Information shall be subject to the exclusive jurisdiction of the courts in Mumbai, Maharashtra, India.

12.3 Dispute Resolution

In the event of any dispute, controversy, or claim arising out of or relating to this Policy, the Parties shall first attempt to resolve the matter through good faith negotiations. If the dispute cannot be resolved through negotiation within thirty (30) days, either Party may pursue resolution through the courts having jurisdiction as specified in Clause 13.2.

13. Miscellaneous Provisions
‍
13.1 Entire Agreement

This Policy, together with our Terms of Service and any other agreements or policies referenced herein, constitutes the entire agreement between MIXXI and you with respect to the subject matter hereof and supersedes all prior commitments, understandings, and communications in this regard.

13.2 Severability

If any term or provision of this Policy shall be declared by a final adjudication by a court of competent jurisdiction to be illegal, invalid, or unenforceable for any reason, such adjudication shall not alter the validity or enforceability of any other term or provision of this Policy. The invalid or unenforceable term or provision shall be deemed replaced by a term or provision that is valid and enforceable and that comes closest to expressing the intention of the original term or provision.

13.3 No Waiver

The failure of MIXXI to exercise or enforce any right or provision of this Policy shall not constitute a waiver of such right or provision. Any waiver of any provision of this Policy will be effective only if in writing and signed by MIXXI.

13.4 Assignment

You may not assign or transfer your rights or obligations under this Policy without MIXXI's prior written consent. MIXXI may assign or transfer its rights and obligations under this Policy without restriction, including in connection with a merger, acquisition, sale of assets, or other business transaction.

13.5 Language

This Policy is executed in the English language. In the event of any conflict between the English version and any translation, the English version shall prevail.

13.6 Survival

All provisions of this Policy which by their nature should survive termination shall survive termination, including but not limited to provisions relating to data retention, security, dispute resolution, governing law.

13.7 Counterparts

This Policy may be executed in several counterparts (physical or electronic form), each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.

Acknowledgement and Acceptance
‍
IN WITNESS WHEREOF, by using the Service, you acknowledge that you have read and understood this Privacy Policy and voluntarily accept the terms and obligations set forth herein as of the Effective Date.