Privacystatement Mave’s Website, App, Metrics and Player

Your privacy is important to us. It is mave’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website,, and other sites we own and operate.

This policy is effective as of 12 March 2024 and was last updated on 19 March 2024.


  • This privacystatement describes how we – Mave – process your data when you use our website, app, metrics and video player.

  • You can contact us for questions about this privacy statement or if you want to enact your rights, by sending an email to: [email protected].

  • We process personal data to perform the contract we have with you (see: Terms of Service, EULA) or because there’s a legitimate interest to do so.

  • We have the necessary agreements in place with the parties who help us with providing our services. You can learn about those parties here.

  • Please note that you remain responsible for compliance with the law, such as data protection laws, with regard to the videos you upload.

  • We store limited amounts of data, during the shortest retention period possible.

  • We hardly use any cookies or similar technologies. In the limited cases that we do, then this is necessary to perform our services. For instance, it enables dark mode and helps us with the correct handling of sessions, logins and uploads. No consent is needed for these essential technologies.

Scope of this privacystatement

What does this statement cover?

  • This privacystatement applies to:

    • Mave’s website, available at, including the “app” subdomain, available at htttps:// ("Website" and “App” respectively);

    • Mave’s video player ("Video Player"), available via Mave’s App;

    • Mave’s metrics application (“Metrics”), available via Mave’s App.

  • The Website, App, Video Player and Metrics for Mave’s customers are together referred to as Mave’s “Services”. The Website is accessible or everyone. The App, Video Player and Metrics are available to Mave’s customers, including trial users.

    What does this statement [not]{.underline} cover?

  • This privacystatement does not cover other applications than the Services.

  • For example, our open-source video player or metrics application are out of scope. This is because any party may use, fork, edit or implement these open-source applications, and is thus solely responsible when it processes your data. As a data controller, that party should inform you about personal data processing.

Our identity and contact details

Who is the controller Mave?

  • We are “Mave”, a private limited company organized under the laws of the Netherlands, with its principal place of business in (3016 BM) Rotterdam at the Westplein 12, registered in the Dutch Business Register under number: 82009392,

  • We act as the controller regarding the processing of your personal data when you visit or use either the Website or App. Our Video Player and Metrics do not, by default, process personal data. However, videos may contain personal data. It is your responsibility to ensure that you comply with data protection laws in those cases. Further reading, see “Important to know”.

  • You can contact us for questions about this privacy statement or if you want to enact your rights, by sending an email to: [email protected].

Why do we use your data?

  • The data we process are collected from you. These data are: (a) your email address, (b) billing information (such as your first and last name, your organisation’s name, billing address, postal code, city and country), (c) the IP-address of the computer you use to access our Services, and (d) security log data.

(a) Your email address is used to stay in contact with you, and to ensure access to the Mave App in a secure manner thanks to our ‘magic link’ solution. We do not process customer passwords;

(b) If you are our customer, your billing information is used to send you an invoice;

(c) Your IP-address is used for security purposes. It helps us to detect and retrace malicious access to our Services. For instance, it enables us to detect DDOS attacks.

(d) Security log data, processed by our security monitoring services, are used for security purposes. These data may identify you if we connect it to your IP-address. We don’t perform such data linkage. However, because of this theoretical possibility, we treat security log data as personal data.

  • The email address and billing information (points a and b) are necessary to provide our Services to you. Without these data, it is impossible to do this. This processing is thus necessary to perform your contract with us based on our Terms of Service and/or EULA.

  • The IP-address (point c) is used when your organisation chooses to route the data traffic via Cloudflare. When your organisation has made this choice, the IP-address may be processed because of our legitimate interests, and those of your organisation. Let us explain:

    • In this case legitimate interests are pursued, namely the security and continued proper functioning of our Services;

    • It is necessary to process IP-addresses to identify the computer accessing our Services with sufficient precision in order to be able to effectively and quickly detect and trace malicious use of our Services;

    • Your (data protection) rights and interests do not take precedence, because the proper functioning of our Services safeguards the integrity of your account and computer as well as those of other users of our Services. If we don’t do this, potentially everyone’s access to the Services will be at stake and the risks for unlawful data breaches increase. In addition, you and your organisation benefit from these processing activities because it ensures a continuous and seamless use of the Services.

  • The abovementioned reasoning also applies to the processing of security log data (point d).

  • By default, EU content distribution applies, and this method does not process IP-addresses regarding the content in relation to Video Player and Metrics. If you actively choose global distribution, IP-addresses will be processed for data security reasons. Learn more about distribution methods here:

  • Please note, videos may contain personal data. That is your responsibility, see: “Important to know”.

No automated decision-making

  • We do not perform automated decision-making, including profiling, as mentioned in the European privacy law, also known as the General Data Protection Regulation (“GDPR”).

Recipients of your data

  • The recipients of your data are companies who act as our (sub)processors. You can learn about those parties here: These parties act on our instructions based on data processor agreements we have with them.

  • Cloudflare only applies to the data processing of our Services if you or your organisation activated the use of their Content Delivery Network (CDN).

  • In addition, our Website is hosted by Github Pages, a service offered by Github based in San Francisco, U.S.A. Github processes your IP-address when you visit our Website. Our App and associated data are hosted by, as mentioned in our overview of (sub)processors.

  • We configured the data hosting locations to European (EU/EER) servers, to the extent this is reasonably possible. For instance, hosts its data in European regions, including: The Netherlands, France, Germany, Spain and Sweden.

  • Any data transfers to the U.S. are based on the Data Privacy Framework Program. If that Program ceases to exist, we will try to find other suitable legal foundations for data transfers such as the use of Standard Contractual Clauses (SCC’s) and inform you accordingly.

Important to know

Your responsibility in relation to videos

  • When you upload a video, you are responsible for it. This means that you must ensure that the video content complies with the law, such as data protection laws. See also our EULA.

  • This also means that video file names do not contain personal data, unless you upload a video with a file name containing identifiable information. In that case, you are responsible for those personal data mentioned in the video file name. This is also true regarding the video’s audio and audio transcripts, which may contain personal data.

  • By default, we delete any video EXIF metadata after the completion of the upload process to minimise data protection risks. During uploading and the video processing, EXIF metadata are kept intact. Therefore, make sure any EXIF metadata comply with data protection laws.

Data retention

How long and why do we store your data?

  • Your IP-address will be stored for 7 (seven) days as part of our security logs. If you or your organisation did not choose to route data via Cloudflare, then the IP-address will not be stored but deleted shortly after we have received it.

  • Scaleway is a French company that handles emails. If you send emails using our Services, then Scaleway retains the status of the processed email messages for 1 (one) year. The status relates to the server status sent by the recipient to the sender. The retention of the status information is needed to identify malicious use of the email service. We do not have insight in the contents of your email messages.

  • Your billing information is stored for a maximum of 7 (seven) years. This is because we have to comply with Dutch tax laws and regulations.

Your rights

  • You have several rights based on the GDPR. Relevant are:

    • the right to request access to and rectification (or erasure) of your personal data, or

    • restriction of processing concerning you as a data subject, or

    • to object to processing, as well as

    • the right to data portability regarding the personal data you have provided to us.

  • If you want to send us a request based on these rights, please send us an email: [email protected].

  • You also have a right to lodge a complaint with a supervisory authority. In The Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Cookies or similar technologies

  • We don’t use cookies or similar technologies, other than the automatic retrieval of your IP-address and cookies for the proper functioning of our Services. Such cookie use is needed to:

    • Enable dark mode, for example at;

    • Correct session handling when you visit our Website or any of its subdomains such as the App. Such session cookies (for example: _mave_key) expire when you exit your internet browser;

    • Correct login handling. These login cookies expire after sixty (60) days and apply to our Website or any of its subdomains such as the App;

    • Correct upload handling when you upload a video in the App. For example, local storage techniques are necessary to process uploads.

  • These activities are necessary for the proper functioning of our Services while respecting your data protection or privacy rights. In the future we may use A/B-testing techniques. According to the Dutch Telecommunications Act, all these activities are allowed without your consent.

works with
Our docs guide you through the process of embedding video, starting with simple steps for novices and advancing to manual configurations for experienced users. It outlines multiple hosting alternatives, including a default CDN, and highlights compatibility with popular web frameworks.
🍪 Press 'Accept' to confirm that you accept we don't use cookies. Yes, this banner is just for show!