PRIVACY POLICY
Effective as of July 9, 2026
PREAMBLE
The purpose of this policy is to inform users about how MAVEN, a simplified joint-stock company (société par actions simplifiée) and publisher of the "Mix with the Masters" service, collects, uses, stores, and protects personal data processed within the framework of the mixwiththemasters.com website, the associated domains mwtm.com and mwtm.org, the "Mix with the Masters" mobile application, and the Services offered by MAVEN.
It also incorporates the policy regarding cookies, trackers, and similar technologies used on the Site and, where applicable, in the Application. It does not constitute contractual terms of use: contractual rights and obligations are governed by the applicable General Terms of Service (GTS), to which this policy refers as necessary.
ARTICLE 1. SCOPE OF APPLICATION
This policy applies to any person who visits the Site, uses the Application, creates a free account, subscribes to a Subscription, accesses Content and digital services, or participates in Webinars, Seminars, training courses, events, community spaces, AI Tools, and associated services offered by MAVEN.
In particular, it covers the following Services, when offered: Free, Access, Pro, Pro Flex, and Expert accounts; video catalog, magazine, Webinars and replays; Seminars and masterclasses; ReBalance Grant; Consulting Master; community forum; downloads; partner licenses and benefits; Plugin Outlet; mobile Application; Explorer assistant, and the ROCS tool.
When a user is a minor, the processing of their data requires, where necessary, the authorization of their legal representative, in accordance with applicable provisions.
ARTICLE 2. IDENTITY OF THE DATA CONTROLLER AND CONTACT
The data controller is MAVEN, a simplified joint-stock company with a share capital of 100,000 euros, registered in the Paris Trade and Companies Register under number 523 834 075, with its registered office located at 30 rue Boyer, 75020 Paris, France.
For any questions regarding this policy or the exercise of your rights, you can contact MAVEN at the email address [email protected] or by postal mail at the registered office address indicated above.
MAVEN has appointed Mr. Etienne Deshoulières as Data Protection Officer (DPO) as of the publication date of this policy.
Maître Étienne Deshoulières — Deshoulières Avocats Associés, 121 boulevard de Sébastopol, 75002 Paris. Tel.: 01 77 62 82 03. Email: [email protected] - www.deshoulieres-avocats.com.
ARTICLE 3. USEFUL DEFINITIONS
The terms below, when capitalized in this policy, have the following meanings. They are interpreted consistently with the definitions in the General Terms of Service.
"Subscription": the User's temporary right of access to the Services, according to the level and plan selected (Free, Access, Pro, Pro Flex, or Expert).
"Application": the "Mix with the Masters" mobile application published by MAVEN and accessible on the Apple App Store and Google Play Store.
"Account": the personal space, free or paid, allowing the User to access the Services.
"User Content": any message, audio file, stem, multitrack, comment, contribution, application, data, or information voluntarily submitted or published by a User within the framework of the Services, notably within the forum, participatory Webinars, Consulting, or Seminar applications.
"Cookies": cookies, pixels, SDKs, advertising identifiers, or similar technologies allowing the reading or writing of information on a terminal (also referred to as "Trackers").
"Personal Data": any information relating to an identified or identifiable natural person, within the meaning of Article 4 of Regulation (EU) 2016/679 (GDPR).
"Sensitive Data": special categories of data within the meaning of Article 9 of the GDPR (notably origin, opinions, beliefs, health, sex life, or sexual orientation), as well as, more broadly, data whose processing requires enhanced safeguards.
"Explorer": the conversational assistant integrated into the Services and based on a technical artificial intelligence provider (OpenAI).
"Master": a recognized producer, sound engineer, or professional acting, depending on the Service concerned, as a speaker, trainer, or service provider for MAVEN, or as an independent service provider within the framework of Consulting.
"AI Tools": tools utilizing artificial intelligence offered within the Services, namely the Explorer assistant and the ROCS acoustic optimization tool.
"ROCS": the acoustic analysis and optimization tool developed by REDI Acoustics and integrated into the Services.
"Services": all the services offered by MAVEN within the Site and the Application, including the Subscription, access to Content, Webinars, Seminars, Consulting, the forum, downloads, partner licenses and benefits, AI Tools and, where applicable, the ReBalance Grant.
"Site": the website accessible at mixwiththemasters.com, as well as the associated domains mwtm.com and mwtm.org.
"User": any person who visits the Site, uses the Application, creates an Account, or accesses a Service.
ARTICLE 4. PERSONAL DATA COLLECTED
The categories of data actually collected vary depending on your use of the Services. Some data is mandatory to provide the requested Service; other data is optional or collected only with your consent.
4.1. Site Browsing and Application Use
connection data: IP address, date and time of connection, technical logs, session identifiers;
terminal data: device type, browser, operating system, language, technical information of the application;
usage data: pages and content viewed, paths taken, clicks, viewing statistics, session duration, offline downloads;
approximate location inferred from the IP address, notably to display the country, currency, or certain local settings;
data from cookies and trackers, under the conditions provided in Article 13.
4.2. Account Creation and Management
last name, first name, email address, hashed password, registration date;
country and, for certain free accounts, date of birth;
acceptance of the General Terms of Service, communication preferences, and email opt-in;
data transmitted by SSO connection providers when the User chooses to register or log in via Apple, Google, or Facebook: last name, first name, and email address, depending on the provider's settings.
4.3. Subscriptions, Payments, Billing, and Cancellation
identification and contact data: last name, first name, email;
Subscription data: plan subscribed to, status, dates, options, renewals, cancellations, terminations, refunds;
billing data: amount, currency, invoices, intra-community VAT number where applicable;
transaction identifiers and payment history;
payment data processed by Stripe: MAVEN does not have access to the Client's banking data and does not store card numbers itself, which are processed and stored by Stripe in tokenized form;
optional data collected in the feedback form during cancellation, when offered: email address, preferred music genres, reason for cancellation, answers to follow-up questions, opinions on prices and offers, desired features, and open comments.
The cancellation feedback form is optional and does not condition the cancellation or non-renewal of the Subscription. Users are requested not to enter sensitive data or data concerning third parties in it.
4.4. Marketing, Newsletter, Personalization, and Recommendations
email address, last name, first name, type of subscription;
musical preferences and communication preferences;
opening and click statistics for communications when these trackers are enabled;
viewing, engagement, and usage data of the Services in order to personalize the journey, recommend content, and measure campaign performance;
marketing segments and advertising audiences, subject to the consent required for advertising cookies and trackers.
4.5. Customer Support and Exchanges with MAVEN
last name, first name, email, and provided contact details;
content of requests, complaints, incidents, refunds, exchanges with support, and ticket history;
documents or information voluntarily transmitted by the User to allow the processing of their request.
4.6. Security, Anti-Fraud, Anti-Piracy, and Account Sharing
IP address, connection logs, session identifiers, and timestamps;
connected devices, device limits, offline downloads, suspicious behavior;
verification codes and information necessary to prevent account sharing, content piracy, and unauthorized use.
4.7. Seminars, Masterclasses, Summits, Events, and Webinars
applications and registrations: title or gender when requested, last name, first name, email, telephone, date of birth, country, photograph, profile, links to work or social networks, level, educational objectives, expectations, availability;
logistical data: dietary requirements, special constraints, emergency contact, attendance, and security information; where applicable, and with the participant's agreement, their phone number is used for a logistics coordination messaging group for the Seminar (e.g., WhatsApp, provided by Meta);
payment data, quotes, deposit, balance, invoice, or funding/coverage information;
Webinar data: subscription level, access logs, chat messages, questions asked, public pseudonym, image, voice, or profile picture when the environment is recorded;
data related to participatory formats, notably Community Track: audio files, stems, metadata, identity of the submitter, and associated authorizations.
Dietary requirements or health information that may be communicated for the organization of an event are processed solely for logistical needs, with reinforced retention and access restrictions (see Article 6).
4.8. ReBalance Grant and Selection Programs
When MAVEN offers the ReBalance Grant or a comparable program, applicants may be invited to submit information necessary to evaluate their eligibility and application file: identity, contact details, date of birth, country, telephone, profile, links to work, objectives, level, financial situation, income, supporting documents, and elements relating to their personal situation.
MAVEN limits this information to what is strictly necessary to evaluate the application file and, in application of the minimization principle, does not collect sensitive data within the meaning of Article 9 of the GDPR within the framework of this program.
4.9. Community Forum, Public Contributions, and Messaging
pseudonym or displayed name, messages, posts, comments, shared files, publication dates;
reports, moderation decisions, warnings, restrictions, sanctions, connection logs, and participation history;
if messaging between users is made available: account identifiers, participants, messages, shared files, sending and reading dates, reports, blocks, security logs, and notification preferences.
Community spaces may allow Users to freely publish or transmit information. Users must avoid communicating sensitive, confidential, or third-party data there. After deletion or deactivation of an Account, content necessary for the coherence of exchanges may be kept in a pseudonymized form, for example under the label "Deleted User".
4.10. Consulting Master
Expert status, Client identity, and Account data;
chosen Master, theme, song name, progress status, description of expected feedback, additional notes;
transmitted audio file, written feedback from the Master, session history;
last name and first name transmitted to the Master concerned when necessary for the performance of the service.
4.11. Downloads, Partner Licenses, Outlet, and Benefits
subscription level, eligibility, history of revealing or using a code, downloads, date and time;
Outlet purchases, cart, payment, billing, and support exchanges when MAVEN sells or bills the product;
data transmitted to certain partners, publishers, or platforms such as XCHANGE when necessary for the activation or delivery of a license.
4.12. Mobile Application
account identifiers, subscription status, technical data of the device, connection logs;
viewing data, offline downloading, local storage authorization, push notification token, notification preferences, support data, and crash logs;
data processed by the Apple App Store and Google Play Store within the framework of the distribution, download, and update of the Application.
In accordance with the information provided, the Application does not use advertising identifiers (IDFA or AAID).
4.13. Artificial Intelligence Tools: Explorer and ROCS
Explorer: questions asked, conversation history stored in the interface, exchange dates, and manual deletions;
ROCS: room and listening parameters, notably room dimensions, listener distance, speaker distance and angle, seated ear height, listening area, speaker height and model, construction type, and measurement units;
account data and subscription level necessary to access the tools.
Users must not enter sensitive, confidential, or third-party data into the AI Tools, unless otherwise informed and with an appropriate legal basis. In accordance with the information provided, content transmitted to Explorer via the API is not used by OpenAI to train its models. The processing carried out by ROCS and the potential storage of parameters by REDI Acoustics are specified in Articles 7 to 9.
4.14. Institutional Licenses and B2B Partnerships
When MAVEN provides licenses to schools, universities, or professional partners, MAVEN may process the contact details of professional interlocutors, billing information, license administration data, and data necessary for the activation of the associated user accounts. The allocation of roles (data controller, joint controller, or processor) is specified in the contract concluded with the institution.
ARTICLE 5. PURPOSES AND LEGAL BASES OF PROCESSING
Each processing operation is based on a specific legal basis within the meaning of Article 6 of the GDPR (and, for sensitive data, Article 9). The table below summarizes the main purposes and their legal bases.
| Processing | Purpose | Legal Basis |
|---|---|---|
| Account creation and management | Create the Account, authenticate the User, manage access and preferences. | Performance of the contract or pre-contractual measures. |
| Subscriptions and digital services | Provide Content, manage access rights, downloads, replays, tools, and features. | Performance of the contract. |
| Payments and billing | Collect payments, issue invoices, manage refunds, renewals, cancellations, and accounting obligations. | Performance of the contract and legal obligation. |
| Seminars, events, and Webinars | Manage applications, registrations, selection, logistics, attendance, security, recording, and replay. | Pre-contractual measures, performance of the contract, legitimate interest, legal obligation, and consent when required. |
| ReBalance Grant | Verify eligibility, evaluate application files, select beneficiaries, and manage proof. | Legitimate interest or performance of the program (pre-contractual measures); legal obligation for accounting elements. |
| Forum, contributions, and messaging | Publish contributions, ensure moderation, process reports, prevent abuse, and secure the community. | Performance of the contract, legitimate interest, and legal obligation when applicable. |
| Consulting Master | Transmit the file to the Master, deliver feedback, and manage service history. | Performance of the contract; consent when content sharing requires it. |
| AI Tools (Explorer, ROCS) | Provide the tools, generate answers, analyses or reports, manage access, support, and security. | Performance of the contract and legitimate interest; consent when required by the nature of the data. |
| Marketing and newsletter | Send communications, measure engagement, personalize the journey, and recommend content. | Consent or legitimate interest depending on the channel and applicable regulation. |
| Analytics and advertising cookies | Measure audience, analyze performance, perform retargeting, and measure conversions. | Consent, except for strictly necessary or exempted trackers. |
| Customer support | Respond to requests, incidents, complaints, and questions related to the Account. | Legitimate interest and performance of the contract depending on the request. |
| Security, anti-fraud, and defense of rights | Secure the Services, prevent piracy, fraud, and account sharing, manage disputes and proof. | Legitimate interest and legal obligation depending on the case. |
ARTICLE 6. SENSITIVE DATA AND FREE-FORM CONTENT
MAVEN does not seek to collect sensitive data, except when this data is necessary for a specific and regulated service, notably certain logistical constraints related to an event (for example, a dietary requirement that may reveal a belief or health status).
When the collection of sensitive data is necessary, MAVEN limits the requested data to what is strictly necessary, provides reinforced information, restricts internal access, sets a specific retention period, and collects, when required, the explicit consent of the data subject, in accordance with Article 9 of the GDPR.
Free fields, messages, files, and comments may contain personal or sensitive information that the User chooses to transmit. The User is responsible for not communicating unnecessary, excessive, confidential, or third-party information without authorization.
ARTICLE 7. RECIPIENTS, PROCESSORS, AND PARTNERS
Personal data is accessible only to authorized persons within MAVEN, within the limits of their assignments: technical, support, content, marketing, event management, training, moderation, accounting, security, and management teams where applicable.
MAVEN also transmits certain data to service providers, processors, partners, or independent recipients when necessary for the provision of the Services, payment management, security, legal compliance, or the activation of a benefit. The main ones are as follows:
| Provider / Recipient | Role | Location and Safeguards |
|---|---|---|
| Amazon Web Services EMEA SARL (Luxembourg) | Hosting, storage, infrastructure, and authentication. | us-east-1 servers (Northern Virginia, United States). SCCs + Data Privacy Framework (DPF). DPA signed (June 2015). |
| Stripe Payments Europe Ltd (Ireland) | Payments, subscriptions, billing, and anti-fraud. | European Union and United States. SCCs + DPF. DPA signed (Nov 18, 2025). Tokenized banking data, not stored by MAVEN. |
| HubSpot Ireland Ltd | CRM, newsletters, marketing automation, and support / tickets. | European Union servers (Germany). SCCs + DPF. DPA signed (Dec 2023). |
| Discourse — Civilized Discourse Construction Kit, Inc. (United States) | Community forum (SaaS), storage of contributions and files. | European Union. SCCs; DPA signed (July 2026). |
| OpenAI Ireland Ltd | Operation of the Explorer assistant (API). | Technical processing mainly in the United States (Azure). SCCs + DPF. No data usage for training via the API. DPA signed (Apr 2025). |
| Google Ireland Ltd | Google SSO, Google Analytics, Google Ads, YouTube, Google Play, reCAPTCHA, Tag Manager. | European Union and United States depending on the service. SCCs + DPF. DPAs signed (Ads August 2022; Analytics Nov 2023). |
| Apple Distribution International Ltd (Ireland) | Sign in with Apple and Application distribution via the App Store. | European Union and United States. SCCs (Apple Developer Program License Agreement). |
| Meta Platforms Ireland Ltd | Facebook SSO, Meta Ads, custom audiences, retargeting, conversions, and logistical coordination of certain Seminars via WhatsApp. | European Union and United States. SCCs + DPF. DPA signed (June 2018). |
| TikTok Technology Ltd (Ireland) | Targeted advertising, conversion pixel, and custom audiences. | United States and Singapore. DPA signed (August 2022). |
| Reddit Netherlands B.V. (Netherlands) | Targeted advertising, conversion pixel, and custom audiences. | United States. SCCs + DPF. DPA signed (March 2026). |
| CookieYes Limited (United Kingdom) | Cookie consent management (CMP) and proof of choices. | United Kingdom (adequacy decision) and United States depending on configuration. SCCs for servers outside adequacy. DPA signed (Apr 2023). |
| Cloudflare, Microsoft Clarity / Bing, LinkedIn, BugSnag / Juicer, and other tools listed in the CMP | Security, audience measurement, performance analysis, advertising, or third-party features. | According to the actual configuration of cookies and SDKs. |
| Masters, partner studios, XCHANGE, and plugin publishers | Consulting, events, activation of licenses or partner benefits. | Data limited to what is strictly necessary; contractual framework. |
| Google Workspace / Gmail / Drive, Dropbox, and internal tools | Messaging, document storage, internal collaboration, and request processing. | According to the configuration of professional spaces and applicable contracts. |
When certain providers act as independent data controllers for their own purposes, their own privacy policy applies in addition. This is notably the case for certain payment services, app stores, social networks, advertising networks, or video platforms (including YouTube, to which the User is redirected to view certain Webinars) when the User interacts directly with them.
ARTICLE 8. DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA
Some of MAVEN's service providers are established outside the European Economic Area or host all or part of the data outside it, notably in the United States, the United Kingdom, or Singapore depending on the services used.
When personal data is transferred outside the European Economic Area, MAVEN ensures that these transfers are based on a mechanism recognized by applicable regulations: adequacy decision (notably for the United Kingdom), standard contractual clauses of the European Commission (SCCs), adherence to the EU–US Data Privacy Framework (DPF) when applicable, or any other appropriate complementary measure, notably the conclusion of Data Processing Agreements (DPAs).
Transfers to REDI Acoustics, Discourse, certain advertising networks (notably TikTok, in the absence of DPF certification), and certain technical tools are subject to specific monitoring to confirm the actual location of processing, the qualification of roles, and available contractual safeguards, where appropriate by means of a Transfer Impact Assessment (TIA).
ARTICLE 9. RETENTION PERIODS
MAVEN retains personal data for a period proportionate to the purpose of the processing. The periods below constitute the consolidated retention policy; they are aligned with the actual technical configuration and the record of processing activities.
| Data Category | Retention Period |
|---|---|
| Account / authentication | Duration of the Account, then up to 2 years after cancellation or last activity, unless deletion is requested or there is a statutory retention obligation. |
| Payment and billing data | 10 years from the closing of the relevant financial year, in accordance with accounting and tax obligations. |
| Marketing and prospecting | Until withdrawal of consent or opposition; failing that, 3 years from the last active contact. |
| Cancellation data (optional feedback form) | Period necessary to analyze the cancellation and improve the service, in principle 2 years after cancellation, or 3 years after the last contact if used for prospecting. |
| Customer support | 2 years after the closing of the ticket, unless there is a dispute or longer legal obligation. |
| Security logs and anti-fraud | In principle 12 months; up to 5 years in the event of a proven incident, fraud, litigation, or evidentiary needs. |
| Streaming, downloads, and viewing history | Duration of the Subscription or Account, then limited archiving period necessary for proof, security, or personalization. |
| Seminars, masterclasses, and events | Applications: duration of the selection process then 1 year, unless consent is given or there is a dispute. Participants: duration of the event then period necessary for support and proof. Accounting documents: 10 years. |
| Dietary requirements and emergency contact | Period strictly necessary for the organization of the event, then deletion or very limited archiving if necessary for proof. |
| Webinars and Community Tracks | Access data: duration of the Account or Subscription. Contributions and files: period provided for by the authorization granted (in principle the duration of the Webinar and up to 6 months for contribution files), unless made available in replay or a longer authorization is granted. |
| ReBalance Grant | Duration of the selection process then a short period for unsuccessful applications; up to 3 years if necessary for proof or appeals. Accounting documents: 10 years. |
| Forum and community contributions | Duration of Account activity then up to 2 years; after Account deletion, pseudonymization of contributions necessary for the coherence of exchanges or for proof. |
| Consulting Master | Duration of service monitoring then 1 year after closing, unless there is a dispute, claim, or longer obligation. |
| Explorer | History retained as long as the Account is active or until manual deletion / User request; limited archiving if necessary for security or support. |
| ROCS | Period necessary to provide the report and for User access; when reports are stored with REDI Acoustics, the period applicable according to that provider's conditions. |
| Cookies and trackers | Maximum lifespan of 13 months for cookies subject to consent, unless a shorter period is indicated in the CMP; data from audience measurement trackers retained for a maximum of 25 months. |
| Proof of cookie consent | Period necessary to demonstrate compliance with choices, generally 13 months via CookieYes, subject to the actual configuration. |
ARTICLE 10. PROFILING, PERSONALIZATION, AND AUTOMATED DECISIONS
MAVEN may use certain usage, viewing, preference, and engagement data to personalize the experience, recommend content, segment communications, and measure interest in the Services.
In principle, these processing operations do not produce decisions based exclusively on automated processing that produce legal effects or significantly affect the User. When scoring, recommendation, or selection assistance tools are used for Seminars, grant programs, or marketing campaigns, MAVEN ensures appropriate human intervention is maintained, allows for contestation, and avoids any discrimination or disproportionate treatment.
ARTICLE 11. RIGHTS OF THE DATA SUBJECTS
Under the conditions provided for by applicable regulations, you have the following rights regarding your personal data:
right of access and information;
right to rectification;
right to erasure, within the limits of legal retention obligations and MAVEN's legitimate interests;
right to object, notably to prospecting;
right to restriction of processing;
right to data portability when processing is based on consent or a contract and is carried out using automated processes;
right to withdraw your consent at any time, without calling into question the lawfulness of processing already carried out;
right to define directives regarding the fate of your data after your death, when applicable law provides for it.
You can exercise your rights by writing to [email protected]. MAVEN responds in principle within one (1) month from receipt of the complete request. This period may be extended by two (2) months in the case of complex requests or a high volume of requests, in accordance with the GDPR.
MAVEN may ask you for additional information to verify your identity when necessary, notably in case of reasonable doubt regarding the identity of the applicant. A copy of an identity document is only requested when other means of verification are insufficient.
You can also delete your Account or modify certain marketing preferences from your personal space when these features are available. For requests that cannot be processed directly in the interface, you can contact MAVEN by email.
If you believe that your rights are not being respected, you can file a complaint with the National Commission for Information Technology and Civil Liberties (CNIL), 3 place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07.
ARTICLE 12. DATA SECURITY
MAVEN implements reasonable technical and organizational measures intended to protect personal data against unauthorized access, loss, alteration, disclosure, or destruction. These measures may notably include the encryption of communications in transit, authorized access management, logging, backups, monitoring of processors, and awareness raising of authorized persons.
However, no transmission or storage of data can be guaranteed to be completely secure. In the event of a data breach likely to result in a risk to the rights and freedoms of the data subjects, MAVEN takes the measures provided for by the GDPR, including, where applicable, notification to the competent authority and informing the data subjects.
ARTICLE 13. COOKIES AND TRACKERS POLICY
When consulting the Site or using the Application, cookies, SDKs, pixels, identifiers, or similar technologies may be placed or read on your terminal.
Some trackers are strictly necessary for the operation of the Site, the Application, or the Services: they do not require your consent. Other trackers, notably non-exempted audience measurement trackers, targeted advertising, social networks, retargeting, and conversion measurement trackers, are placed only after your consent via the CookieYes module or any other equivalent module implemented by MAVEN.
You can accept, refuse, or configure cookies that are not strictly necessary. Refusal must be as simple as acceptance. You can withdraw or modify your consent at any time from the consent management module accessible on the Site.
13.1. Categories of Cookies Used
| Category | Purpose | Examples of Providers / Cookies |
|---|---|---|
| Strictly necessary cookies | Payment, security, bot detection, session management, storage of consent choices, cart or account access. | Stripe, CookieYes, Google reCAPTCHA, Cloudflare, HubSpot (session), internal Maven cookies. |
| Functional cookies | Additional features, preferences, integration of third-party services, or sharing. | LinkedIn and other integrated services depending on configuration. |
| Audience measurement and analytics cookies | Measure traffic, understand user paths, improve performance, and correct errors. | Google Analytics, Google Tag Manager, HubSpot, Microsoft Clarity, BugSnag / Juicer, Amplitude where applicable. |
| Advertising and retargeting cookies | Deliver or measure advertisements, create audiences, measure conversions, and limit ad repetition. | Google Ads / DoubleClick, Meta / Facebook, TikTok Ads, Reddit Ads, Microsoft Advertising / Bing, LinkedIn depending on configuration. |
| Unclassified or to-be-qualified cookies | Internal or third-party cookies to be classified according to their actual purpose before publication. | m, FPGSID, _cfuvid, mwtm, mwtm_cart and any other uncategorized cookie in the CMP export. |
13.2. Indicative List of Main Identified Cookies
| Cookie | Publisher | Category | Purpose | Indicative Duration |
|---|---|---|---|---|
| __stripe_mid / __stripe_sid | Stripe | Necessary | Payment processing | 1 year / 1 hour |
| _GRECAPTCHA, rc::a, rc::b, rc::c, rc::f | Google reCAPTCHA | Necessary / security | Protection against bots, spam, and abuse | Session to 6 months; some persistent ones to be justified |
| cookieyes-consent | CookieYes | Necessary | Memorization of consent choices | 1 year |
| __cf_bm, _cfuvid | Cloudflare | Necessary / security | Anti-bot management, network security, and service continuity | Session to 1 hour depending on the cookie |
| __hssrc, __hssc, __hstc, hubspotutk | HubSpot | Necessary or analytics depending on configuration | Session, visitor tracking, contact deduplication, and forms | Session to 6 months |
| lidc, li_gc | Functional / third-party consent | Datacenter selection, storage of LinkedIn consent | 1 day to 6 months | |
| _ga, _gid, _ga_*, _gat_gtag_UA_* | Google Analytics | Analytics | Traffic statistics, sessions, campaigns, and page views | 1 minute to approximately 13 months |
| _gcl_au, FPID, FPLC, FPGSID | Google Tag Manager / server-side tagging | Analytics / advertising | Advertising performance measurement, cross-domain tracking, and server-side tagging | 1 hour to approximately 13 months |
| _fbp | Meta / Facebook | Advertising | Targeted advertising and post-visit measurement | 3 months |
| CLID, _clck, _clsk, SM, MR, MUID, ANONCHK, SRM_B | Microsoft Clarity / Bing / Advertising | Analytics / advertising / performance | Usage analysis, advertising measurement, and conversion | Session to approximately 13 months |
| IDE, test_cookie | Google DoubleClick | Advertising | Targeted advertising, verification of cookie support | 15 minutes to approximately 13 months |
| bcookie | Advertising / social network | Browser identification and LinkedIn advertising security | 1 year | |
| mwtm | MAVEN | Functional | Symfony session cookie, used to maintain the user's connection/session state (authentication, flash messages, etc.) | Session |
| mwtm_cart | MAVEN | Functional | Stores the cart identifier for an anonymous user, in order to recover their cart between two visits | Session to 6 months |
| mwtm_discount | MAVEN | Functional | Retains the reduction/discount code applied to the cart | 7 days |
| mwtm_monthly_variant | MAVEN | Functional | Remembers that the user selected the monthly offer without commitment, to present it to them again | 3 hours |
| mwtm_preferred_country | MAVEN | Functional | Saves the user's preferred country (used for currency and content localization) | 1 year |
| mwtm_preferred_language | MAVEN | Functional | Saves the preferred language selected by the user | 1 year |
13.3. Cookies and SDKs in the Mobile Application
The mobile Application may use "software development kits" (SDKs) necessary for its operation, distribution via stores, push notifications, crash analysis, and usage measurement. Push notifications are sent only with your consent. When SDKs that are not strictly necessary are used, MAVEN collects your consent before their activation, under the same conditions as for the Site.
13.4. Lifespan of Cookies
Cookies subject to consent are configured for a maximum lifespan of thirteen (13) months, unless a shorter duration is indicated in the consent management module. Data collected by audience measurement trackers is retained for a limited and proportionate duration, in principle at most twenty-five (25) months.
ARTICLE 14. POLICY UPDATES
MAVEN may modify this policy to take into account changes in the Services, tools used, processing operations, regulations, or recommendations of competent authorities. In the event of a substantial modification, MAVEN will inform Users by any appropriate means.