PRIVACY POLICY

Effective as of July 9, 2026

PREAMBLE

The purpose of this policy is to inform users about how MAVEN, a simplified joint-stock company (société par actions simplifiée) and publisher of the "Mix with the Masters" service, collects, uses, stores, and protects personal data processed within the framework of the mixwiththemasters.com website, the associated domains mwtm.com and mwtm.org, the "Mix with the Masters" mobile application, and the Services offered by MAVEN.

It also incorporates the policy regarding cookies, trackers, and similar technologies used on the Site and, where applicable, in the Application. It does not constitute contractual terms of use: contractual rights and obligations are governed by the applicable General Terms of Service (GTS), to which this policy refers as necessary.

ARTICLE 1. SCOPE OF APPLICATION

This policy applies to any person who visits the Site, uses the Application, creates a free account, subscribes to a Subscription, accesses Content and digital services, or participates in Webinars, Seminars, training courses, events, community spaces, AI Tools, and associated services offered by MAVEN.

In particular, it covers the following Services, when offered: Free, Access, Pro, Pro Flex, and Expert accounts; video catalog, magazine, Webinars and replays; Seminars and masterclasses; ReBalance Grant; Consulting Master; community forum; downloads; partner licenses and benefits; Plugin Outlet; mobile Application; Explorer assistant, and the ROCS tool.

When a user is a minor, the processing of their data requires, where necessary, the authorization of their legal representative, in accordance with applicable provisions.

ARTICLE 2. IDENTITY OF THE DATA CONTROLLER AND CONTACT

The data controller is MAVEN, a simplified joint-stock company with a share capital of 100,000 euros, registered in the Paris Trade and Companies Register under number 523 834 075, with its registered office located at 30 rue Boyer, 75020 Paris, France.

For any questions regarding this policy or the exercise of your rights, you can contact MAVEN at the email address [email protected] or by postal mail at the registered office address indicated above.

MAVEN has appointed Mr. Etienne Deshoulières as Data Protection Officer (DPO) as of the publication date of this policy.

Maître Étienne Deshoulières — Deshoulières Avocats Associés, 121 boulevard de Sébastopol, 75002 Paris. Tel.: 01 77 62 82 03. Email: [email protected] - www.deshoulieres-avocats.com.

ARTICLE 3. USEFUL DEFINITIONS

The terms below, when capitalized in this policy, have the following meanings. They are interpreted consistently with the definitions in the General Terms of Service.

"Subscription": the User's temporary right of access to the Services, according to the level and plan selected (Free, Access, Pro, Pro Flex, or Expert).

"Application": the "Mix with the Masters" mobile application published by MAVEN and accessible on the Apple App Store and Google Play Store.

"Account": the personal space, free or paid, allowing the User to access the Services.

"User Content": any message, audio file, stem, multitrack, comment, contribution, application, data, or information voluntarily submitted or published by a User within the framework of the Services, notably within the forum, participatory Webinars, Consulting, or Seminar applications.

"Cookies": cookies, pixels, SDKs, advertising identifiers, or similar technologies allowing the reading or writing of information on a terminal (also referred to as "Trackers").

"Personal Data": any information relating to an identified or identifiable natural person, within the meaning of Article 4 of Regulation (EU) 2016/679 (GDPR).

"Sensitive Data": special categories of data within the meaning of Article 9 of the GDPR (notably origin, opinions, beliefs, health, sex life, or sexual orientation), as well as, more broadly, data whose processing requires enhanced safeguards.

"Explorer": the conversational assistant integrated into the Services and based on a technical artificial intelligence provider (OpenAI).

"Master": a recognized producer, sound engineer, or professional acting, depending on the Service concerned, as a speaker, trainer, or service provider for MAVEN, or as an independent service provider within the framework of Consulting.

"AI Tools": tools utilizing artificial intelligence offered within the Services, namely the Explorer assistant and the ROCS acoustic optimization tool.

"ROCS": the acoustic analysis and optimization tool developed by REDI Acoustics and integrated into the Services.

"Services": all the services offered by MAVEN within the Site and the Application, including the Subscription, access to Content, Webinars, Seminars, Consulting, the forum, downloads, partner licenses and benefits, AI Tools and, where applicable, the ReBalance Grant.

"Site": the website accessible at mixwiththemasters.com, as well as the associated domains mwtm.com and mwtm.org.

"User": any person who visits the Site, uses the Application, creates an Account, or accesses a Service.

ARTICLE 4. PERSONAL DATA COLLECTED

The categories of data actually collected vary depending on your use of the Services. Some data is mandatory to provide the requested Service; other data is optional or collected only with your consent.

4.1. Site Browsing and Application Use

connection data: IP address, date and time of connection, technical logs, session identifiers;

terminal data: device type, browser, operating system, language, technical information of the application;

usage data: pages and content viewed, paths taken, clicks, viewing statistics, session duration, offline downloads;

approximate location inferred from the IP address, notably to display the country, currency, or certain local settings;

data from cookies and trackers, under the conditions provided in Article 13.

4.2. Account Creation and Management

last name, first name, email address, hashed password, registration date;

country and, for certain free accounts, date of birth;

acceptance of the General Terms of Service, communication preferences, and email opt-in;

data transmitted by SSO connection providers when the User chooses to register or log in via Apple, Google, or Facebook: last name, first name, and email address, depending on the provider's settings.

4.3. Subscriptions, Payments, Billing, and Cancellation

identification and contact data: last name, first name, email;

Subscription data: plan subscribed to, status, dates, options, renewals, cancellations, terminations, refunds;

billing data: amount, currency, invoices, intra-community VAT number where applicable;

transaction identifiers and payment history;

payment data processed by Stripe: MAVEN does not have access to the Client's banking data and does not store card numbers itself, which are processed and stored by Stripe in tokenized form;

optional data collected in the feedback form during cancellation, when offered: email address, preferred music genres, reason for cancellation, answers to follow-up questions, opinions on prices and offers, desired features, and open comments.

The cancellation feedback form is optional and does not condition the cancellation or non-renewal of the Subscription. Users are requested not to enter sensitive data or data concerning third parties in it.

4.4. Marketing, Newsletter, Personalization, and Recommendations

email address, last name, first name, type of subscription;

musical preferences and communication preferences;

opening and click statistics for communications when these trackers are enabled;

viewing, engagement, and usage data of the Services in order to personalize the journey, recommend content, and measure campaign performance;

marketing segments and advertising audiences, subject to the consent required for advertising cookies and trackers.

4.5. Customer Support and Exchanges with MAVEN

last name, first name, email, and provided contact details;

content of requests, complaints, incidents, refunds, exchanges with support, and ticket history;

documents or information voluntarily transmitted by the User to allow the processing of their request.

4.6. Security, Anti-Fraud, Anti-Piracy, and Account Sharing

IP address, connection logs, session identifiers, and timestamps;

connected devices, device limits, offline downloads, suspicious behavior;

verification codes and information necessary to prevent account sharing, content piracy, and unauthorized use.

4.7. Seminars, Masterclasses, Summits, Events, and Webinars

applications and registrations: title or gender when requested, last name, first name, email, telephone, date of birth, country, photograph, profile, links to work or social networks, level, educational objectives, expectations, availability;

logistical data: dietary requirements, special constraints, emergency contact, attendance, and security information; where applicable, and with the participant's agreement, their phone number is used for a logistics coordination messaging group for the Seminar (e.g., WhatsApp, provided by Meta);

payment data, quotes, deposit, balance, invoice, or funding/coverage information;

Webinar data: subscription level, access logs, chat messages, questions asked, public pseudonym, image, voice, or profile picture when the environment is recorded;

data related to participatory formats, notably Community Track: audio files, stems, metadata, identity of the submitter, and associated authorizations.

Dietary requirements or health information that may be communicated for the organization of an event are processed solely for logistical needs, with reinforced retention and access restrictions (see Article 6).

4.8. ReBalance Grant and Selection Programs

When MAVEN offers the ReBalance Grant or a comparable program, applicants may be invited to submit information necessary to evaluate their eligibility and application file: identity, contact details, date of birth, country, telephone, profile, links to work, objectives, level, financial situation, income, supporting documents, and elements relating to their personal situation.

MAVEN limits this information to what is strictly necessary to evaluate the application file and, in application of the minimization principle, does not collect sensitive data within the meaning of Article 9 of the GDPR within the framework of this program.

4.9. Community Forum, Public Contributions, and Messaging

pseudonym or displayed name, messages, posts, comments, shared files, publication dates;

reports, moderation decisions, warnings, restrictions, sanctions, connection logs, and participation history;

if messaging between users is made available: account identifiers, participants, messages, shared files, sending and reading dates, reports, blocks, security logs, and notification preferences.

Community spaces may allow Users to freely publish or transmit information. Users must avoid communicating sensitive, confidential, or third-party data there. After deletion or deactivation of an Account, content necessary for the coherence of exchanges may be kept in a pseudonymized form, for example under the label "Deleted User".

4.10. Consulting Master

Expert status, Client identity, and Account data;

chosen Master, theme, song name, progress status, description of expected feedback, additional notes;

transmitted audio file, written feedback from the Master, session history;

last name and first name transmitted to the Master concerned when necessary for the performance of the service.

4.11. Downloads, Partner Licenses, Outlet, and Benefits

subscription level, eligibility, history of revealing or using a code, downloads, date and time;

Outlet purchases, cart, payment, billing, and support exchanges when MAVEN sells or bills the product;

data transmitted to certain partners, publishers, or platforms such as XCHANGE when necessary for the activation or delivery of a license.

4.12. Mobile Application

account identifiers, subscription status, technical data of the device, connection logs;

viewing data, offline downloading, local storage authorization, push notification token, notification preferences, support data, and crash logs;

data processed by the Apple App Store and Google Play Store within the framework of the distribution, download, and update of the Application.

In accordance with the information provided, the Application does not use advertising identifiers (IDFA or AAID).

4.13. Artificial Intelligence Tools: Explorer and ROCS

Explorer: questions asked, conversation history stored in the interface, exchange dates, and manual deletions;

ROCS: room and listening parameters, notably room dimensions, listener distance, speaker distance and angle, seated ear height, listening area, speaker height and model, construction type, and measurement units;

account data and subscription level necessary to access the tools.

Users must not enter sensitive, confidential, or third-party data into the AI Tools, unless otherwise informed and with an appropriate legal basis. In accordance with the information provided, content transmitted to Explorer via the API is not used by OpenAI to train its models. The processing carried out by ROCS and the potential storage of parameters by REDI Acoustics are specified in Articles 7 to 9.

4.14. Institutional Licenses and B2B Partnerships

When MAVEN provides licenses to schools, universities, or professional partners, MAVEN may process the contact details of professional interlocutors, billing information, license administration data, and data necessary for the activation of the associated user accounts. The allocation of roles (data controller, joint controller, or processor) is specified in the contract concluded with the institution.

ARTICLE 5. PURPOSES AND LEGAL BASES OF PROCESSING

Each processing operation is based on a specific legal basis within the meaning of Article 6 of the GDPR (and, for sensitive data, Article 9). The table below summarizes the main purposes and their legal bases.

Processing Purpose Legal Basis
Account creation and management Create the Account, authenticate the User, manage access and preferences. Performance of the contract or pre-contractual measures.
Subscriptions and digital services Provide Content, manage access rights, downloads, replays, tools, and features. Performance of the contract.
Payments and billing Collect payments, issue invoices, manage refunds, renewals, cancellations, and accounting obligations. Performance of the contract and legal obligation.
Seminars, events, and Webinars Manage applications, registrations, selection, logistics, attendance, security, recording, and replay. Pre-contractual measures, performance of the contract, legitimate interest, legal obligation, and consent when required.
ReBalance Grant Verify eligibility, evaluate application files, select beneficiaries, and manage proof. Legitimate interest or performance of the program (pre-contractual measures); legal obligation for accounting elements.
Forum, contributions, and messaging Publish contributions, ensure moderation, process reports, prevent abuse, and secure the community. Performance of the contract, legitimate interest, and legal obligation when applicable.
Consulting Master Transmit the file to the Master, deliver feedback, and manage service history. Performance of the contract; consent when content sharing requires it.
AI Tools (Explorer, ROCS) Provide the tools, generate answers, analyses or reports, manage access, support, and security. Performance of the contract and legitimate interest; consent when required by the nature of the data.
Marketing and newsletter Send communications, measure engagement, personalize the journey, and recommend content. Consent or legitimate interest depending on the channel and applicable regulation.
Analytics and advertising cookies Measure audience, analyze performance, perform retargeting, and measure conversions. Consent, except for strictly necessary or exempted trackers.
Customer support Respond to requests, incidents, complaints, and questions related to the Account. Legitimate interest and performance of the contract depending on the request.
Security, anti-fraud, and defense of rights Secure the Services, prevent piracy, fraud, and account sharing, manage disputes and proof. Legitimate interest and legal obligation depending on the case.

ARTICLE 6. SENSITIVE DATA AND FREE-FORM CONTENT

MAVEN does not seek to collect sensitive data, except when this data is necessary for a specific and regulated service, notably certain logistical constraints related to an event (for example, a dietary requirement that may reveal a belief or health status).

When the collection of sensitive data is necessary, MAVEN limits the requested data to what is strictly necessary, provides reinforced information, restricts internal access, sets a specific retention period, and collects, when required, the explicit consent of the data subject, in accordance with Article 9 of the GDPR.

Free fields, messages, files, and comments may contain personal or sensitive information that the User chooses to transmit. The User is responsible for not communicating unnecessary, excessive, confidential, or third-party information without authorization.

ARTICLE 7. RECIPIENTS, PROCESSORS, AND PARTNERS

Personal data is accessible only to authorized persons within MAVEN, within the limits of their assignments: technical, support, content, marketing, event management, training, moderation, accounting, security, and management teams where applicable.

MAVEN also transmits certain data to service providers, processors, partners, or independent recipients when necessary for the provision of the Services, payment management, security, legal compliance, or the activation of a benefit. The main ones are as follows:

Provider / Recipient Role Location and Safeguards
Amazon Web Services EMEA SARL (Luxembourg) Hosting, storage, infrastructure, and authentication. us-east-1 servers (Northern Virginia, United States). SCCs + Data Privacy Framework (DPF). DPA signed (June 2015).
Stripe Payments Europe Ltd (Ireland) Payments, subscriptions, billing, and anti-fraud. European Union and United States. SCCs + DPF. DPA signed (Nov 18, 2025). Tokenized banking data, not stored by MAVEN.
HubSpot Ireland Ltd CRM, newsletters, marketing automation, and support / tickets. European Union servers (Germany). SCCs + DPF. DPA signed (Dec 2023).
Discourse — Civilized Discourse Construction Kit, Inc. (United States) Community forum (SaaS), storage of contributions and files. European Union. SCCs; DPA signed (July 2026).
OpenAI Ireland Ltd Operation of the Explorer assistant (API). Technical processing mainly in the United States (Azure). SCCs + DPF. No data usage for training via the API. DPA signed (Apr 2025).
Google Ireland Ltd Google SSO, Google Analytics, Google Ads, YouTube, Google Play, reCAPTCHA, Tag Manager. European Union and United States depending on the service. SCCs + DPF. DPAs signed (Ads August 2022; Analytics Nov 2023).
Apple Distribution International Ltd (Ireland) Sign in with Apple and Application distribution via the App Store. European Union and United States. SCCs (Apple Developer Program License Agreement).
Meta Platforms Ireland Ltd Facebook SSO, Meta Ads, custom audiences, retargeting, conversions, and logistical coordination of certain Seminars via WhatsApp. European Union and United States. SCCs + DPF. DPA signed (June 2018).
TikTok Technology Ltd (Ireland) Targeted advertising, conversion pixel, and custom audiences. United States and Singapore. DPA signed (August 2022).
Reddit Netherlands B.V. (Netherlands) Targeted advertising, conversion pixel, and custom audiences. United States. SCCs + DPF. DPA signed (March 2026).
CookieYes Limited (United Kingdom) Cookie consent management (CMP) and proof of choices. United Kingdom (adequacy decision) and United States depending on configuration. SCCs for servers outside adequacy. DPA signed (Apr 2023).
Cloudflare, Microsoft Clarity / Bing, LinkedIn, BugSnag / Juicer, and other tools listed in the CMP Security, audience measurement, performance analysis, advertising, or third-party features. According to the actual configuration of cookies and SDKs.
Masters, partner studios, XCHANGE, and plugin publishers Consulting, events, activation of licenses or partner benefits. Data limited to what is strictly necessary; contractual framework.
Google Workspace / Gmail / Drive, Dropbox, and internal tools Messaging, document storage, internal collaboration, and request processing. According to the configuration of professional spaces and applicable contracts.

When certain providers act as independent data controllers for their own purposes, their own privacy policy applies in addition. This is notably the case for certain payment services, app stores, social networks, advertising networks, or video platforms (including YouTube, to which the User is redirected to view certain Webinars) when the User interacts directly with them.

ARTICLE 8. DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA

Some of MAVEN's service providers are established outside the European Economic Area or host all or part of the data outside it, notably in the United States, the United Kingdom, or Singapore depending on the services used.

When personal data is transferred outside the European Economic Area, MAVEN ensures that these transfers are based on a mechanism recognized by applicable regulations: adequacy decision (notably for the United Kingdom), standard contractual clauses of the European Commission (SCCs), adherence to the EU–US Data Privacy Framework (DPF) when applicable, or any other appropriate complementary measure, notably the conclusion of Data Processing Agreements (DPAs).

Transfers to REDI Acoustics, Discourse, certain advertising networks (notably TikTok, in the absence of DPF certification), and certain technical tools are subject to specific monitoring to confirm the actual location of processing, the qualification of roles, and available contractual safeguards, where appropriate by means of a Transfer Impact Assessment (TIA).

ARTICLE 9. RETENTION PERIODS

MAVEN retains personal data for a period proportionate to the purpose of the processing. The periods below constitute the consolidated retention policy; they are aligned with the actual technical configuration and the record of processing activities.

Data Category Retention Period
Account / authentication Duration of the Account, then up to 2 years after cancellation or last activity, unless deletion is requested or there is a statutory retention obligation.
Payment and billing data 10 years from the closing of the relevant financial year, in accordance with accounting and tax obligations.
Marketing and prospecting Until withdrawal of consent or opposition; failing that, 3 years from the last active contact.
Cancellation data (optional feedback form) Period necessary to analyze the cancellation and improve the service, in principle 2 years after cancellation, or 3 years after the last contact if used for prospecting.
Customer support 2 years after the closing of the ticket, unless there is a dispute or longer legal obligation.
Security logs and anti-fraud In principle 12 months; up to 5 years in the event of a proven incident, fraud, litigation, or evidentiary needs.
Streaming, downloads, and viewing history Duration of the Subscription or Account, then limited archiving period necessary for proof, security, or personalization.
Seminars, masterclasses, and events Applications: duration of the selection process then 1 year, unless consent is given or there is a dispute. Participants: duration of the event then period necessary for support and proof. Accounting documents: 10 years.
Dietary requirements and emergency contact Period strictly necessary for the organization of the event, then deletion or very limited archiving if necessary for proof.
Webinars and Community Tracks Access data: duration of the Account or Subscription. Contributions and files: period provided for by the authorization granted (in principle the duration of the Webinar and up to 6 months for contribution files), unless made available in replay or a longer authorization is granted.
ReBalance Grant Duration of the selection process then a short period for unsuccessful applications; up to 3 years if necessary for proof or appeals. Accounting documents: 10 years.
Forum and community contributions Duration of Account activity then up to 2 years; after Account deletion, pseudonymization of contributions necessary for the coherence of exchanges or for proof.
Consulting Master Duration of service monitoring then 1 year after closing, unless there is a dispute, claim, or longer obligation.
Explorer History retained as long as the Account is active or until manual deletion / User request; limited archiving if necessary for security or support.
ROCS Period necessary to provide the report and for User access; when reports are stored with REDI Acoustics, the period applicable according to that provider's conditions.
Cookies and trackers Maximum lifespan of 13 months for cookies subject to consent, unless a shorter period is indicated in the CMP; data from audience measurement trackers retained for a maximum of 25 months.
Proof of cookie consent Period necessary to demonstrate compliance with choices, generally 13 months via CookieYes, subject to the actual configuration.

ARTICLE 10. PROFILING, PERSONALIZATION, AND AUTOMATED DECISIONS

MAVEN may use certain usage, viewing, preference, and engagement data to personalize the experience, recommend content, segment communications, and measure interest in the Services.

In principle, these processing operations do not produce decisions based exclusively on automated processing that produce legal effects or significantly affect the User. When scoring, recommendation, or selection assistance tools are used for Seminars, grant programs, or marketing campaigns, MAVEN ensures appropriate human intervention is maintained, allows for contestation, and avoids any discrimination or disproportionate treatment.

ARTICLE 11. RIGHTS OF THE DATA SUBJECTS

Under the conditions provided for by applicable regulations, you have the following rights regarding your personal data:

right of access and information;

right to rectification;

right to erasure, within the limits of legal retention obligations and MAVEN's legitimate interests;

right to object, notably to prospecting;

right to restriction of processing;

right to data portability when processing is based on consent or a contract and is carried out using automated processes;

right to withdraw your consent at any time, without calling into question the lawfulness of processing already carried out;

right to define directives regarding the fate of your data after your death, when applicable law provides for it.

You can exercise your rights by writing to [email protected]. MAVEN responds in principle within one (1) month from receipt of the complete request. This period may be extended by two (2) months in the case of complex requests or a high volume of requests, in accordance with the GDPR.

MAVEN may ask you for additional information to verify your identity when necessary, notably in case of reasonable doubt regarding the identity of the applicant. A copy of an identity document is only requested when other means of verification are insufficient.

You can also delete your Account or modify certain marketing preferences from your personal space when these features are available. For requests that cannot be processed directly in the interface, you can contact MAVEN by email.

If you believe that your rights are not being respected, you can file a complaint with the National Commission for Information Technology and Civil Liberties (CNIL), 3 place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07.

ARTICLE 12. DATA SECURITY

MAVEN implements reasonable technical and organizational measures intended to protect personal data against unauthorized access, loss, alteration, disclosure, or destruction. These measures may notably include the encryption of communications in transit, authorized access management, logging, backups, monitoring of processors, and awareness raising of authorized persons.

However, no transmission or storage of data can be guaranteed to be completely secure. In the event of a data breach likely to result in a risk to the rights and freedoms of the data subjects, MAVEN takes the measures provided for by the GDPR, including, where applicable, notification to the competent authority and informing the data subjects.

ARTICLE 13. COOKIES AND TRACKERS POLICY

When consulting the Site or using the Application, cookies, SDKs, pixels, identifiers, or similar technologies may be placed or read on your terminal.

Some trackers are strictly necessary for the operation of the Site, the Application, or the Services: they do not require your consent. Other trackers, notably non-exempted audience measurement trackers, targeted advertising, social networks, retargeting, and conversion measurement trackers, are placed only after your consent via the CookieYes module or any other equivalent module implemented by MAVEN.

You can accept, refuse, or configure cookies that are not strictly necessary. Refusal must be as simple as acceptance. You can withdraw or modify your consent at any time from the consent management module accessible on the Site.

13.1. Categories of Cookies Used

Category Purpose Examples of Providers / Cookies
Strictly necessary cookies Payment, security, bot detection, session management, storage of consent choices, cart or account access. Stripe, CookieYes, Google reCAPTCHA, Cloudflare, HubSpot (session), internal Maven cookies.
Functional cookies Additional features, preferences, integration of third-party services, or sharing. LinkedIn and other integrated services depending on configuration.
Audience measurement and analytics cookies Measure traffic, understand user paths, improve performance, and correct errors. Google Analytics, Google Tag Manager, HubSpot, Microsoft Clarity, BugSnag / Juicer, Amplitude where applicable.
Advertising and retargeting cookies Deliver or measure advertisements, create audiences, measure conversions, and limit ad repetition. Google Ads / DoubleClick, Meta / Facebook, TikTok Ads, Reddit Ads, Microsoft Advertising / Bing, LinkedIn depending on configuration.
Unclassified or to-be-qualified cookies Internal or third-party cookies to be classified according to their actual purpose before publication. m, FPGSID, _cfuvid, mwtm, mwtm_cart and any other uncategorized cookie in the CMP export.

13.2. Indicative List of Main Identified Cookies

Cookie Publisher Category Purpose Indicative Duration
__stripe_mid / __stripe_sid Stripe Necessary Payment processing 1 year / 1 hour
_GRECAPTCHA, rc::a, rc::b, rc::c, rc::f Google reCAPTCHA Necessary / security Protection against bots, spam, and abuse Session to 6 months; some persistent ones to be justified
cookieyes-consent CookieYes Necessary Memorization of consent choices 1 year
__cf_bm, _cfuvid Cloudflare Necessary / security Anti-bot management, network security, and service continuity Session to 1 hour depending on the cookie
__hssrc, __hssc, __hstc, hubspotutk HubSpot Necessary or analytics depending on configuration Session, visitor tracking, contact deduplication, and forms Session to 6 months
lidc, li_gc LinkedIn Functional / third-party consent Datacenter selection, storage of LinkedIn consent 1 day to 6 months
_ga, _gid, _ga_*, _gat_gtag_UA_* Google Analytics Analytics Traffic statistics, sessions, campaigns, and page views 1 minute to approximately 13 months
_gcl_au, FPID, FPLC, FPGSID Google Tag Manager / server-side tagging Analytics / advertising Advertising performance measurement, cross-domain tracking, and server-side tagging 1 hour to approximately 13 months
_fbp Meta / Facebook Advertising Targeted advertising and post-visit measurement 3 months
CLID, _clck, _clsk, SM, MR, MUID, ANONCHK, SRM_B Microsoft Clarity / Bing / Advertising Analytics / advertising / performance Usage analysis, advertising measurement, and conversion Session to approximately 13 months
IDE, test_cookie Google DoubleClick Advertising Targeted advertising, verification of cookie support 15 minutes to approximately 13 months
bcookie LinkedIn Advertising / social network Browser identification and LinkedIn advertising security 1 year
mwtm MAVEN Functional Symfony session cookie, used to maintain the user's connection/session state (authentication, flash messages, etc.) Session
mwtm_cart MAVEN Functional Stores the cart identifier for an anonymous user, in order to recover their cart between two visits Session to 6 months
mwtm_discount MAVEN Functional Retains the reduction/discount code applied to the cart 7 days
mwtm_monthly_variant MAVEN Functional Remembers that the user selected the monthly offer without commitment, to present it to them again 3 hours
mwtm_preferred_country MAVEN Functional Saves the user's preferred country (used for currency and content localization) 1 year
mwtm_preferred_language MAVEN Functional Saves the preferred language selected by the user 1 year

13.3. Cookies and SDKs in the Mobile Application

The mobile Application may use "software development kits" (SDKs) necessary for its operation, distribution via stores, push notifications, crash analysis, and usage measurement. Push notifications are sent only with your consent. When SDKs that are not strictly necessary are used, MAVEN collects your consent before their activation, under the same conditions as for the Site.

13.4. Lifespan of Cookies

Cookies subject to consent are configured for a maximum lifespan of thirteen (13) months, unless a shorter duration is indicated in the consent management module. Data collected by audience measurement trackers is retained for a limited and proportionate duration, in principle at most twenty-five (25) months.

ARTICLE 14. POLICY UPDATES

MAVEN may modify this policy to take into account changes in the Services, tools used, processing operations, regulations, or recommendations of competent authorities. In the event of a substantial modification, MAVEN will inform Users by any appropriate means.