Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsent
Free plan · 10-min setup
Mixpanel is a leading product analytics platform that tracks individual user events across web and mobile applications. It enables teams to build funnels, measure retention, analyse user journeys, and run A/B experiments. Consent is required for Mixpanel tracking cookies and localStorage under the ePrivacy Directive. An EU data residency option (Amsterdam) is available. Mixpanel provides a GDPR-compliant DPA and SCCs for US-hosted deployments. The EU region eliminates transfer complexity for European organisations.
Mixpanel is a product analytics platform that tracks how users interact with web and mobile applications at the individual event level. Product and growth teams use Mixpanel to analyse feature adoption, build conversion funnels, measure user retention, create behavioural cohorts, and run A/B experiments. Unlike traditional page-view analytics, Mixpanel focuses on granular user actions: button clicks, form submissions, feature usage, and custom business events. It processes data at individual user level, creating detailed longitudinal profiles of user behaviour.
Mixpanel''s JavaScript SDK stores a distinct_id in the browser via localStorage (primary) or cookies (fallback) to maintain a persistent identity across sessions. Storing identifiers on user devices for analytics purposes requires consent under the ePrivacy Directive. Block the Mixpanel SDK via your CMP until analytics consent is obtained. Mixpanel provides an opt-out API call (mixpanel.opt_out_tracking()) that can be invoked when users decline consent.
Mixpanel launched EU data residency in 2023, allowing organisations to store and process all Mixpanel data within the EU (Amsterdam). When EU residency is configured, data never leaves the EU and no SCCs are needed. To enable EU residency, set api_host to api-eu.mixpanel.com in your Mixpanel initialisation. EU residency is available across Mixpanel plans — verify availability with your account.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Mixpanel does not require sending personally identifiable information. Use anonymous or pseudonymous user IDs instead of email addresses as the distinct_id. Avoid adding names, emails, or sensitive attributes as user properties or event properties. Server-side ID resolution (linking anonymous IDs to identified users after consent) is the recommended pattern for privacy-conscious implementations.
Enable EU data residency. Integrate with CMP for consent-conditional loading. Sign the Mixpanel DPA. Avoid PII in event and user properties. Implement user deletion via the Mixpanel Deletion API for erasure requests. Add Mixpanel to your privacy policy and cookie notice. Configure IP anonymisation to prevent storing raw IPs.
Websites using Mixpanel must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended for large-scale Mixpanel deployments processing individual-level user behaviour data at scale. The EU data residency option can significantly simplify the transfer assessment component of the DPIA.
Sample consent text
We use Mixpanel to understand how you use our product. Mixpanel tracks your interactions and usage patterns using cookies and local storage. You can opt out of analytics tracking in your account settings or via our cookie preferences.
Third-party domains contacted
mixpanel.comapi.mixpanel.comapi-eu.mixpanel.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| mp_distinct_id | persistent | 1 year | Mixpanel unique user identifier stored in localStorage for individual-level product analytics and event tracking |
Mixpanel collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Yes. Mixpanel stores a persistent distinct_id in localStorage or cookies to track individual users. This requires consent under the ePrivacy Directive before the Mixpanel SDK loads. Block Mixpanel via your CMP and call mixpanel.opt_out_tracking() when users decline.
Yes. Mixpanel launched EU data residency (Amsterdam) in 2023. Set api_host to api-eu.mixpanel.com in your Mixpanel SDK initialisation. EU residency ensures data never leaves the EU and eliminates the need for SCCs.
Consent (Art. 6(1)(a)) for client-side tracking via localStorage and cookies. Server-side event tracking without client-side storage may rely on legitimate interest for aggregate analytics, but the default Mixpanel client SDK requires consent.
Yes. Sign the Mixpanel Data Processing Agreement before using Mixpanel on EU-facing products. For US-hosted deployments, the DPA includes SCCs. For EU region deployments, the DPA covers EU-resident processing.
Use the Mixpanel Deletion API (POST /engage#delete-profile endpoint) to delete user profiles by distinct_id. Submit deletion requests within 30 days of receiving the erasure request. Mixpanel processes deletions and removes data from systems and backups.
Yes. Use anonymous distinct_ids (random UUIDs) rather than email addresses. Avoid user properties containing names, emails, or other PII. Implement server-side ID stitching if you need to link anonymous events to identified users after consent.
Recommended for large-scale deployments. Mixpanel processes individual-level behavioural data which can create detailed user profiles. Use EU data residency to simplify the transfer component of the DPIA.
EU-based product analytics alternatives include PostHog (self-hostable, EU cloud), Piwik PRO (EU-based), and Amplitude (EU region available). Mixpanel itself with EU residency enabled is a strong GDPR-compliant option.