Miximizer Privacy Policy
Preamble
This Privacy Policy describes how Vertex Optimization UG (haftungsbeschränkt) processes personal data in connection with the Miximizer Service.
The Miximizer Service includes:
- the Miximizer cloud platform,
- the Miximizer Microsoft Excel Office Add-in,
- the Miximizer web application,
- related APIs,
- customer support,
- subscription and licensing services.
This Privacy Policy also applies to interactions with the Miximizer website where those interactions relate to the Miximizer Service, including registration, documentation, support, account management, and subscription activities.
It explains:
- which personal data we process,
- why we process it,
- the legal bases for processing,
- and the rights available to users under applicable data protection laws, including the General Data Protection Regulation (GDPR).
Microsoft Excel Office Add-in
The Miximizer Microsoft Excel Office Add-in is a client application that enables users to access the Miximizer cloud service directly from Microsoft Excel.
The Office Add-in stores only the information necessary to authenticate users, maintain secure sessions, and communicate with the Miximizer Service. Optimization requests are processed by the Miximizer cloud platform.
The corporate website is hosted by STRATO, while Miximizer is hosted on Amazon Web Services (AWS). Additional information about hosting and infrastructure providers is provided below.
Last Update: 2026-07-06
Controller
Vertex Optimization UG (haftungsbeschränkt)
Alsterufer 20B
20354 Hamburg
Germany
Authorized representative:
Pablo Garcia-Herreros (Managing Director)
Email: support@miximizer.app
Legal Notice: www.vertexopt.com/impressum
Overview of Processing Operations
Categories of Processed Data
- Inventory data (e.g., name, organization)
- Contact data (e.g., email)
- Contract data (subscription details)
- Usage data (e.g., login times, frequency of use)
- Meta, communication and process data (e.g., IP address, device data)
- Content data uploaded by users (see Miximizer-specific rule below)
Miximizer-specific rule:
Users may upload proprietary production data to execute optimization models.
Miximizer is designed so that uploaded production, optimization input, and optimization output data are processed transiently for calculation purposes and are not persistently stored as part of normal platform operation.
Optimization datasets and optimization results are discarded after processing unless explicit user action or consent requires retention (e.g., user-requested persistence, exports, audit features, or support requests).
Miximizer may retain limited operational and analytical metadata that does not contain proprietary optimization datasets or optimization results, including:
- number of materials
- number of properties
- number of time periods
- system performance metrics
- security or audit logs
Such metadata is used exclusively for:
- platform operation
- security
- troubleshooting
- capacity planning
- service improvement
Operational analytics are designed to avoid inclusion of proprietary production formulas, recipes, optimization coefficients, or optimization results.
Legal Basis:
- Legitimate interests (platform security, reliability, capacity planning, and service improvement)
Categories of Data Subjects
- Users of the Miximizer platform
- Prospective customers
- Website visitors
- Subscribers and account holders
Purposes of Processing
- Provision and operation of Miximizer
- Hosting and content delivery
- User authentication and security
- Account and subscription management
- Billing and subscription management
- Responding to inquiries
- Web analytics
- Online marketing and analytics (where consented)
Legal Bases for Processing
-
Consent (Art. 6(1)(a) GDPR)
e.g., cookies, analytics, marketing, LinkedIn tracking, Google Ads -
Contract performance (Art. 6(1)(b) GDPR)
Operating Miximizer, user accounts, API security, support handling -
Legal obligation (Art. 6(1)(c) GDPR)
Tax and invoicing obligations -
Legitimate Interests (Art. 6(1)(f) GDPR)
Security, fraud prevention, service optimization, hosting infrastructure
National regulations (e.g., the German BDSG) may also apply.
Security Precautions
We implement appropriate technical and organizational measures including:
- TLS encryption (https)
- Access control and authentication
- Secure hosting environments
- Regular audits and security procedures
- Privacy-by-design & privacy-by-default
Transmission of Personal Data
We may transmit data to:
- AWS (Miximizer hosting)
- STRATO (corporate website hosting)
- Analytics providers (Google Analytics, LinkedIn)
- Resend (resend.com) — transactional email delivery (registration confirmations, password resets, and account notifications). Resend processes name and email address on our behalf under a Data Processing Agreement. Resend Privacy Policy: https://resend.com/legal/privacy-policy
We use GDPR-compliant agreements with third-party providers where required.
Miximizer does not sell customer personal data or proprietary optimization datasets to third parties.
Microsoft Authentication and Marketplace Services
Miximizer may integrate with Microsoft services, including Microsoft AppSource, Microsoft Marketplace, Microsoft Entra ID authentication, Microsoft 365 integrations, Office Add-ins, and Microsoft Marketplace SaaS fulfillment services.
When users authenticate using Microsoft accounts, Miximizer may receive:
- user identifiers
- email address
- tenant information
- authentication metadata required to provide access to the service
Authentication tokens are processed securely and only for access control, subscription validation, and service operation purposes.
Microsoft authentication is optional. Users may authenticate either using Microsoft accounts or using Miximizer credentials, depending on their preference and the functionality they choose to use.
Miximizer may process Microsoft Marketplace purchase, subscription, activation, entitlement, and related fulfillment metadata to validate SaaS subscriptions and enable access to Marketplace-related services.
Legal Basis:
- Contract performance (Art. 6(1)(b) GDPR)
- Legitimate interests (secure authentication and fraud prevention)
Data Processing in Third Countries
Where third-country transfers occur (for example through Google, LinkedIn, Microsoft, Resend, or other infrastructure and service providers), processing is supported by:
- EU adequacy decisions
- Standard Contractual Clauses (SCCs)
- Additional technical and organizational safeguards
Erasure of Data
Data is erased when:
- The purpose no longer applies
- Consent is withdrawn
- No legal obligation requires further retention
- Retention is required for legal, tax, fraud prevention, or dispute resolution purposes
Users may request deletion of their account and associated personal data, subject to applicable legal, contractual, security, and retention obligations.
Certain records, including accounting, invoicing, security, and audit logs, may be retained for periods required under applicable commercial, tax, legal, or security obligations.
Miximizer operational rule:
Optimization input and output data is processed transiently for calculation purposes and is generally not retained after processing, except where technically necessary for security, troubleshooting, service integrity, legal compliance, or where explicit user action or consent requires retention.
Transient optimization datasets are not intended to be included in persistent application backups as part of normal platform operation.
Customers retain ownership of their uploaded production and optimization data.
Use of Cookies
We use cookies for:
- Essential platform functionality
- Analytics (with consent)
Cookies may be persistent or session-based.
Users can revoke consent and disable cookies via browser settings.
Certain cookies and similar technologies are required for:
- authentication
- session management
- security
- operation of the Miximizer platform and related integrations
Analytics technologies are only activated after obtaining user consent where required by applicable law.
Business Services (Simplified for Miximizer)
Miximizer is primarily provided as a SaaS platform. This Privacy Policy addresses the operation of the Miximizer platform and related online services.
We process contractual and billing data to:
- Provide access to Miximizer
- Maintain user accounts
- Issue invoices and manage billing operations
- Ensure secure operation
Subscription and licensing information may be processed to:
- Validate active subscriptions
- Enforce licensing terms
- Manage account access
- Support Microsoft Marketplace fulfillment workflows
Retention periods follow commercial and tax laws.
Miximizer provides decision-support and optimization capabilities. Customers remain responsible for validating operational decisions, business assumptions, and implementation outcomes derived from optimization results.
Provision of Online Services and Web Hosting
Miximizer Hosting — AWS
Miximizer is hosted entirely on Amazon Web Services (AWS), including:
- Amazon CloudFront (Content Delivery Network)
- Amazon S3 (static asset storage)
- AWS App Runner (application hosting)
- AWS RDS PostgreSQL (database)
- Miximizer infrastructure is primarily deployed in the EU region (eu-central-1, Frankfurt)
AWS processes:
- IP addresses
- Device and browser info
- Access logs
- Request data needed to deliver and secure the service
Legal Basis: Legitimate Interests (secure, efficient hosting)
Access to production infrastructure and administrative systems is restricted to authorized personnel only.
AWS Privacy Notice: https://aws.amazon.com/privacy
AWS GDPR Center: https://aws.amazon.com/compliance/gdpr-center/
Corporate Website Hosting — STRATO
Our corporate website www.vertexopt.com is hosted by:
STRATO AG, Pascalstraße 10, 10587 Berlin, Germany
STRATO processes:
- IP address
- Access logs
- Technical metadata for server operation
Legal Basis: Legitimate Interests
STRATO Privacy Policy: https://www.strato.de/datenschutz/
Contact & Inquiry Management
If you contact us via email, contact forms, or other channels, we process the submitted data to respond to your inquiry.
Contact form submissions may include name, email address, organization, message content, and technical metadata needed to deliver and secure the request.
Legal Basis: Legitimate Interests or Contract Performance.
Requests concerning:
- access
- deletion
- rectification
- restriction of processing
- or data portability
may be submitted via: support@miximizer.app
We may request identity verification before fulfilling privacy-related requests.
Web Analysis, Monitoring, and Optimization
We may use these tools with user consent:
Google Analytics 4
- IP anonymization enabled
- Pseudonymous identifiers
- Usage statistics, engagement metrics
Google Tag Manager
Used only to load other services; does not store personal data.
We do not use Google Optimize.
Online Marketing
We do not currently load online marketing or retargeting tags through the website cookie banner. If we enable online marketing technologies, we will only activate them after separate disclosure and consent where required, including for:
- Google Ads & Conversion Tracking
- LinkedIn Insight Tag
- Retargeting
- Advertising performance measurement and audience analytics (where consented)
Data involved:
- Cookie identifiers
- Page views
- Browser/device data
- Interactions with ads
Users may opt out via:
- Browser settings
- Google Ads preference center
- LinkedIn settings
- YourOnlineChoices.eu
Social Media Profiles
We operate presences on social networks (e.g., LinkedIn).
Processing of user data on these platforms is governed primarily by the
provider's privacy policy.
We may receive aggregated analytics (e.g., impressions, demographics).
Plugins and Embedded Content
We may use:
Google Fonts (from Google servers)
The use of Google Fonts may result in transmission of technical request information, including IP address and browser-related data, to Google servers.
We do not integrate Google Maps.
Changes to the Privacy Policy
We update this policy when necessary.
We notify users when consent or explicit acknowledgment is required.
Rights of Data Subjects
You have the following rights under GDPR:
- Object to processing (Art. 21 GDPR)
- Withdraw consent
- Access your data
- Rectification
- Erasure
- Restriction of processing
- Data portability
- Complaint to a supervisory authority
Enterprise Data Processing
A Data Processing Agreement (DPA) may be made available to enterprise customers upon request.
Contact Information
For privacy-related inquiries:
Vertex Optimization UG (haftungsbeschränkt)
Alsterufer 20B
20354 Hamburg
Germany
Email: support@miximizer.app