Mixpanel

Mixpanel

Product analytics platform used by product and growth teams to understand user behavior in web and mobile applications. Mixpanel tracks custom events, user funnels, and retention cohorts using a client-side SDK. Sets a persistent cookie to identify users across sessions.

Back to Vendor Library

Overview

Mixpanel is a product analytics platform used by product, growth, and data teams to understand user behavior within web and mobile applications. Unlike page-view-centric analytics tools, Mixpanel is built around event-based tracking: every user action (button click, feature use, form submission, purchase, etc.) is captured as a discrete event with attached properties. This powers funnel analysis, retention cohort tracking, A/B experiment measurement, and user-level behavioral timelines.

What This Script Does

The Mixpanel JavaScript SDK (mixpanel.min.js) is loaded from cdn.mxpnl.com or bundled directly into the site's JavaScript. It initializes an in-memory queue and begins capturing events immediately on load.

Cookies Set by Mixpanel:

  • mp_[token]_mixpanel — the primary Mixpanel super-property cookie; first-party, persistent, typically expires after 365 days; stores the Mixpanel distinct ID (a UUID assigned to the browser), super properties (persistent key-value attributes set by the site, such as plan type or user segment), and the last event timestamp. This is the cookie that creates a persistent cross-session user identity
  • mp_[token]_mixpanel_session — session-scoped companion cookie used to detect new sessions for session-start events
  • mp_optout — opt-out marker cookie if the site implements Mixpanel's opt-out API; persists indefinitely

Data Collected Per Event:

  • Custom event name and properties defined by the site (can include any key-value pairs)
  • Automatic properties: browser name and version, OS, screen dimensions, referrer URL, current URL, UTM campaign parameters, and device type
  • IP address (used for geographic enrichment — city, region, country — then typically discarded or hashed depending on configuration)
  • Mixpanel distinct ID (the persistent UUID from the mp_* cookie)
  • If mixpanel.identify(userId) is called: the anonymous ID is aliased to a known user ID, merging the anonymous event history with the authenticated user profile

Network Requests:

  • Events are batched and sent via POST to api.mixpanel.com/track or api.mixpanel.com/engage (for people profile updates)
  • Profile update calls ($set, $increment, $append) to api.mixpanel.com/engage can attach PII such as email addresses and names directly to user profiles if the site passes them

Mixpanel Inc. is a US company participating in the EU-US Data Privacy Framework, providing an adequacy mechanism for EU-to-US data transfers. Mixpanel offers a DPA and supports EU data residency (EU data stored in EU servers) as a paid option.

Consent & Compliance

Mixpanel falls under the analytics consent category. It processes personal data — persistent UUIDs, full behavioral event streams, IP-derived location data, and potentially PII (email, name, user ID) if passed by the site. Under GDPR Article 6(1)(a) and Article 5(3) of the ePrivacy Directive, Mixpanel requires explicit opt-in consent because it sets a 365-day persistent tracking cookie for non-essential product analytics. Data protection authorities in the EU have consistently ruled that analytics tools using persistent identifiers cannot rely on legitimate interest as a lawful basis. Under CCPA/CPRA, the persistent behavioral profiling constitutes collection of personal information requiring disclosure; if event data is shared with third parties for advertising or profiling, it may trigger opt-out obligations.

Should You Block This Without Consent?

Yes. Mixpanel sets a persistent 365-day tracking cookie and builds detailed behavioral profiles of individual users across sessions. Block until the user explicitly consents to analytics.

Visit website

Consent Categories

Analytics

Also Known As

Mixpanel SDKMixpanel analyticsproduct analytics toolevent tracking platformmixpanel.com cookies

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (4)

mxpnl.comAnalytics
mixpanel.comAnalytics
cdn.mxpnl.comAnalytics
api-js.mixpanel.comAnalytics

Frequently Asked Questions

Does Mixpanel require explicit consent before loading?

Yes. Mixpanel sets mp_[token]_mixpanel, a 365-day persistent first-party cookie containing a UUID for cross-session user identity. EU authorities have ruled that persistent analytics identifiers cannot rely on legitimate interest. Explicit opt-in consent is required under GDPR Article 6(1)(a) and ePrivacy Article 5(3).

What does the Mixpanel SDK collect and send?

Mixpanel captures custom events plus automatic properties: browser, OS, screen size, referrer, current URL, and UTM parameters. Events batch-POST to api.mixpanel.com/track. If mixpanel.identify() is called, PII such as email and name may be attached to user profiles, merging anonymous event history with the authenticated user account.

How does ConsentStack block and enable Mixpanel?

ConsentStack places Mixpanel in the analytics consent category and blocks it fully until the visitor consents — no events fire, no UUID is assigned, and no cookie is set. Once consent is granted, ConsentStack releases the script. Consent revocation triggers Mixpanel's opt-out API, resetting the persistent identifier.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for Mixpanel

ConsentStack automatically detects and manages Mixpanel trackers so your site stays compliant with global privacy regulations.

Get started