ConsentMark
Free Scan
Mixpanel logo
AnalyticsHigh complexity

Mixpanel

by mixpanel

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.

Sets cookies
Yes
Sends PII
No
Cross-site tracking
No
Consent required
Analytics
Transfer mechanism
EU-US Data Privacy Framework
Cookies
mp_XXXXX_mixpanel

Overview

Event-based product analytics tag that builds detailed behavioural profiles by tying granular user interactions (button clicks, feature usage, custom events) to persistent user identifiers. The user-centric data model supports enrichment with custom properties, meaning the depth of profiling is limited only by what the implementer chooses to send. Organisations should verify that EU data residency is enabled and that the scope of tracked events has been reviewed against data minimisation requirements.

Detection capabilities

Signature count
1
Detection methods
network
Property types
hostnamepathname

Performance impact

Performance Impact

Script size
40 KB
Requests per page
1

Common mistakes

  • 1Sending personally identifiable information (email, name, phone) as user properties without hashing or pseudonymisation, creating a rich profile that increases breach impact
  • 2Not configuring Mixpanel's EU data residency option when processing data of EU users, resulting in unnecessary transatlantic data transfers
  • 3Treating Mixpanel as a purely anonymous analytics tool when its user-centric model explicitly links events to persistent identifiers and supports identified user profiles
  • 4Failing to implement data retention policies in Mixpanel, allowing detailed behavioural profiles to accumulate indefinitely beyond the stated processing purpose
  • 5Using Mixpanel's group analytics and account-level features without assessing whether aggregating individual user data into company-level profiles introduces additional processing purposes requiring separate justification

Compliance considerations

Mixpanel sets first-party cookies (mp_* cookies) and transmits event data to Mixpanel servers. Mixpanel offers EU data residency (hosted in Germany via GCP), which should be enabled for organisations processing EU user data to avoid unnecessary transatlantic transfers. Under GDPR, Mixpanel's event tracking constitutes personal data processing requiring consent, particularly when events are associated with user profiles. Mixpanel has implemented features to support GDPR compliance including data deletion APIs, export capabilities, and opt-out mechanisms. Organisations should configure EU data residency, implement appropriate data retention, ensure the CMP blocks Mixpanel until analytics consent is granted, and document Mixpanel in the Record of Processing Activities with specific attention to the user profile data model.

Related services

Amplitude

amplitude

AnalyticsLow risk

1 detection signature

Azure Application Insights

azure-application-insights

AnalyticsMedium risk

3 detection signatures

Cloudflare Analytics

cloudflare-analytics

AnalyticsLow risk

2 detection signatures

Contentsquare

contentsquare

AnalyticsLow risk

1 detection signature

Scan your site for mixpanel

Run a free Consentmark scan to see how mixpanel is loading on your site, whether it respects consent, and where governance gaps exist across your wider tag estate.

Start a free scan