Mux privacy policy

Mux solves the hard problems software teams face when building video. This Privacy Policy (“Policy”) explains how we collect, use, and disclose information that identifies you (“personal data”) and the choices you have around those activities. In this Policy, “Mux”, “we”, or “us” refers to Mux, Inc.

1. Scope

This Policy applies to our online services available at mux.com, stream.new, or any other website or application where this Policy is posted (collectively, the “Site”). The Site and the tools, software development kits, and application programming interfaces made available on the Site or otherwise by Mux are together referred to as our “Service.” By accessing or using our Service, you signify that you have read and understood our collection, storage, use, and disclosure of personal data as described in this Policy. If you do not agree with this Privacy Policy, then do not access or use the Site, Service, or any other aspect of our business.

When a customer uses the Service, Mux may also collect or receive (a) videos and other content belonging to that customer or its users, (b) analytics data about the customer’s users and their interactions with content, and (c) any other data provided by the customer (together, “Customer Data”). Because this Customer Data is owned and controlled solely by that customer, it is governed exclusively by the customer’s own privacy policy, not by Mux’s Policy. To learn more about Mux’s role as a processor of Customer Data, see our Data Processing Addendum.

2. Data We Collect

Generally. We collect personal data from visitors to our Site and users of our Service. When you sign up or register for an account at the Site, we request your email address, name, company name, job title, phone number, and region. We also may collect payment/billing/credit card information. The Site may contain forums or other services that allow you to post or respond to comments and questions. If you use these forums or services, we will collect the information that you provide.

Use of cookies and other technology. We also automatically collect information about you and any computer or device you use to access the Site. Some of the information we collect, and ways we collect it, include:

• Cookies. When you visit the Site, we may send one or more cookies to your computer or device that allow us to uniquely identify your browser, computer, or device. A cookie may also convey other information to us, such as your username, user ID, Internet Protocol (“IP”) address, unique device identifiers, your browser settings and specifications, and information about how you use the Site (e.g., the pages you view, the links you click, how frequently you access the Service, and other actions you take on the Service). Cookies also allow us to track your usage of the Site over time.
• Log Files. We may record log file information each time you access the Site. This information may include information such as your web request, IP address, browser type, unique device identifiers, information about your device, referring / exit pages and URLs, number of clicks and how you interact with the Site, domain names, landing pages, pages viewed, and other such information.
• Clear Gifs. We may employ clear gifs (also known as web beacons or pixel tags) which may collect information about you, your computer, or device, such as your web request, IP address, unique device identifiers, browser type, information about your device, pages viewed, and information about cookies, all of which can show your Site usage patterns.
• Mobile Device Information. When you access the Site with a mobile device, we may collect and store a unique identifier associated with your device (including, but not limited to, a UUID, Unique ID for Advertisers (“IDFA”), Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, and mobile device operating system brand and model.

Information collected by third parties. When you visit or use the Service, third parties may obtain information about you, your computer, or device. These third parties may include:

Service Providers. We may use service providers to help us with the Service or any other lawful activity we may do, including the other activities we describe under this Policy. This means service providers may collect, process, and store any of the information that we may collect under the Policy, and information collected in connection with the Service may be collected directly by our service providers. For example, we may use payment services to help us collect and process payment information.

Third Party Tracking. We may permit third party services to collect information about you, your computer, or device when you visit the Site. This information may be collected automatically, including through cookies, social media plug-ins, and other technologies. The information collected, and manner in which it is collected, may include the information and methods described in the “Use of cookies and other technology” section above. These third parties may collect information about your use of the Service over time, and they may combine it with other information that they possess or obtain about you, such as about your use of other websites and services. These third parties may use this information for our or for third party purposes, including commercial purposes such as tailoring advertising to you on the Site or in other locations like third party websites and services. Such third party services include, but are not limited to, the following:

• Google Analytics, which may use technologies like cookies to collect information, including for Google’s own purposes. Learn more on Google’s page “How Google uses information from sites or apps that use our services” at http://www.google.com/policies/privacy/partners.
• X Conversion Tracking and Tailored Audiences, which may use technologies like conversion tags and tracking pixels to collect information. Learn more about X advertising and your options at https://support.twitter.com/articles/20170405.
• Facebook Custom Audiences, which may use technologies such as cookies, web beacons, and other storage technologies to collect or receive information from your websites and elsewhere on the internet and use that information to provide measurement services and target ads.
• FullStory, which may use certain technologies to collect information. You may opt out of such collection by visiting https://www.fullstory.com/optout. For additional information about choices that you may have about third party information collection and use, see the “Your Choices” section below.

3. How We Use Data

We collect, use, process, combine, retain, and store personal data that we collect or receive for a variety of purposes, including the following:

4. How We Share Data

We also transmit, disclose, grant access to, make available, and provide personal data to third parties including:

• To service providers, subcontractors, partners, vendors, consultants, and others that help us with any of the purposes outlined in this Policy (including insurance companies, legal advisers, and auditors);
• To our affiliates, parent companies, subsidiaries, and other related companies, all for the purposes noted above or otherwise in this Policy;
• For lawful requests by public authorities, including but not limited to, court orders, subpoenas, law enforcement requests, or other government requests, or due to national security (with or without further notice to you, in our discretion);
• To buyers, successors, or others in connection with a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us may be among the assets transferred;
• To other third parties with your consent or upon your consent; and
• To third parties, in our discretion, to: (i) satisfy any applicable law or regulation, (ii) enforce this Policy or our Terms of Service, including the investigation of potential violations thereof, (iii) investigate and defend ourselves against any third party claims or allegations, or (iv) protect against harm to the rights, property, or safety of us, the Service, other Service users, or third parties. We may also share information with others in an aggregated and anonymous form that does not identify you directly as an individual.

5. Your Choices

Marketing Emails. If you do not wish to receive promotional emails, you should click the “unsubscribe” button on promotional email communications. Note that you are not able to opt out of non-promotional messages regarding your account or the Service, such as updates to features of the Service, or technical and security notices.

Online Advertising. We collect and may permit third parties to collect information from our Site using cookies and other technologies, including for our and third party online advertising purposes. You may be able to “opt out” of some of this information collection by actively managing the settings on your browser or mobile device, but we do not promise that such settings will be effective. Please refer to your browser’s or mobile device’s technical information for information on the settings offered for cookies or other tracking technologies. To learn more about cookies, you may wish to visit https://www.consumer.ftc.gov/articles/0042-cookies-leaving-trail-web and/or the Digital Advertising Alliance’s Consumer Choice Opt-Out pages at http://www.aboutads.info/choices and http://www.aboutads.info/choices-mobile (for mobile devices). Apple iOS, Android OS, and Microsoft Windows each provide their own instructions on how to control in-app tailored advertising. For other devices and operating systems, you should review your privacy settings on that platform. For additional information about third party tracking and choices you may have, please see the “information collected by third parties” section above.

6. Jurisdiction-Specific Terms

6.1. Users in California

Users who are California residents have certain rights under the California Consumer Privacy Act, (“CCPA”). For purposes of this section, "Personal Information" has the meaning given in the CCPA. If you are an eligible California user, included in these rights are:

• Right to Know: you have the right to request information about the categories and specific pieces of Personal Information we have collected about you, as well as to obtain a copy of your Personal Information.
• Right to Deletion: you have the right to request deletion of Personal Information we have collected about you.
• Right to Correction: you have the right to request correction of any inaccurate Personal Information about you.
• Right to Non-Discrimination: you have the right to to nondiscriminatory treatment for exercising any of your rights under CCPA.
• Right to Opt-Out: you have the right to opt out of the sale or sharing of your Personal Information.
• Right to Limit: you have the right to limit use and disclosure of sensitive Personal Information. While we do not sell your Personal Information by traditional definitions of the word, we do use cookies that make non-personally identifiable information available to select third parties, which may qualify under the definitions found in CCPA. To opt out of this, see details in the “Your Choices” section above. For information on how to exercise your rights, please refer to the “Contact Us” section. If you are an authorized agent looking to exercise rights on behalf of a California resident, please follow the same instructions and provide a copy of the consumer’s written authorization designating you as their agent. For your protection, we may require that the request be sent through the email address associated with your account, and we may need to verify you and/or your agent’s identity before fulfilling your request.

For more information about the Personal Information we collect and how we collect it, see the “Scope” and “Data We Collect” sections of this policy.

To learn more about the business and commercial purposes for which your Personal Information is collected and the categories of service providers who have access to it, please see the “How We Use Data” and “How We Share Data” sections of this policy.

As a California resident, the Shine the Light law gives you the right to obtain details about what Personal Information we share with third parties for those third parties’ direct marketing purposes. To submit a request, contact us as specified in the “Contact Us” section, using the phrase “California Shine the Light Request” in the subject and including your mailing address, state of residence, and email address so we can provide a response.

6.2. Users in the EEA, Switzerland, and UK

Mux is committed to processing the personal data of users based in the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”) in accordance with applicable data protection laws, including the EU General Data Protection 2016/679 (GDPR), the UK GDPR, the Swiss Federal Act on Data Protection, the Electronic Communications Directive 2002/58/EC, and any national implementing laws, as amended or updated from time to time. This section is intended to ensure that you are aware of how we, as controller, process your personal data.

6.2.1. Personal Data Processing

Personal data is defined as any data relating to an individual who can be identified directly from that data or indirectly in conjunction with other information. We will hold, process, and may disclose the personal data provided by you for the purposes and on the legal basis set out in the “How We Use Data” section above. If you fail to provide us with your personal data, you may not be able to access certain aspects of our Service. We will tell you when we ask for information that is a statutory or contractual requirement or needed to comply with our legal obligations. We do not intend to process any special categories of personal data relating to you in connection with the Service, however we will update this Policy if this position changes. We do not envisage that any decisions will be taken about you using automated means, without human involvement in the decision-making process, however we will update this Policy if this position changes. If we need to use your personal data for any purposes unrelated to the purposes set out above, we will notify you (in advance) by updating this Policy and we will explain the legal basis which allows us to do so.

6.2.2. Individual Choice

We will not disclose your personal data to third parties unless they are processing data on our behalf under a contract or we are required to do so by applicable law. We will offer you the opportunity to choose whether your personal data is to be used for a purpose other than the purpose for which it was originally collected or that you subsequently authorized. You may opt out of such uses of personal data by contacting us at privacy@mux.com. Mux does not collect sensitive information about you.

6.2.3. Cross-Border Data Transfers

Personal data is processed outside of the EEA, Switzerland, and the UK by Mux, our affiliated companies, and our service providers, including to process transactions, facilitate payments, provide the Service, and provide support services.

Mux complies with the following three frameworks as set forth by the U.S. Department of Commerce (collectively, the “DPF”):

• For data received from the EEA: the EU-U.S. Data Privacy Framework,
• For data received from the UK: the UK Extension to the EU-U.S. Data Privacy Framework, and
• For data received from Switzerland: the Swiss-U.S. Data Privacy Framework.

We have certified to the U.S. Department of Commerce that we adhere to the DPF Principles with regard to the processing of such data. If there is any conflict between the terms of this Privacy Policy and the DPF Principles, the DPF Principles shall govern.

Enforcement

The Federal Trade Commission has jurisdiction over Mux’s compliance with the DPF. To learn more about the DPF program, your rights, and to view our certification, please visit https://www.dataprivacyframework.gov. We will be fully liable for onward transfers to third parties that process personal data in a way that does not follow the DPF, unless Mux was not responsible for the event giving rise to any alleged damage.

Dispute Resolution

In compliance with the DPFs, we commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EEA, UK, and Swiss individuals with inquiries or complaints related to the DPF Principles should first contact us by emailing privacy@mux.com or by mail to Mux, Inc., Attn: Privacy Team, 50 Beale Street, 9th floor, San Francisco, CA 94105. We will respond to your inquiry within 45 days of receipt and verification of your identity.

If you do not receive a timely response or we are unable to resolve your concerns, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint (free of charge).

If your complaint is not resolved after following the recourse mechanisms described above, you may have the ability to invoke binding arbitration. Additional information regarding binding arbitration may be found as follows:

• EU/EEA, UK, and Gibraltar
• Switzerland

6.2.4. Your Rights

If you are located in the EEA, Switzerland, or the UK, you have the right to request access to, rectification, or erasure of your personal data or restriction of processing or to object to processing of your personal data, as well as the right to data portability. The following is a summary of what these rights involve:

• The right of access enables you to receive a copy of your personal data.
• The right of rectification enables you to ask us to correct any inaccurate or incomplete personal data.
• The right to erasure enables you to ask us to delete your personal data in certain circumstances, for example where it is no longer necessary for us to process it.
• The right to restrict processing enables you to ask us to delete your personal data in certain circumstances, for example where it is no longer necessary for us to process it.
• The right to object enables you to object to your personal data being processed on the basis of our legitimate interests (or those of a third party). We will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for the exercise or defence of legal claims. Where we use your personal data for direct marketing purposes, you can always opt out of future marketing messages using the unsubscribe link in such communications.
• The right to data portability enables you to ask us to transmit the personal data that you provided to us to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party.

In the event that we request (and receive) your consent to process your personal for a specific purpose, you have the right to withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of our processing based on consent before its withdrawal. If you wish to exercise this (or any other right), please see the Contact Us section below.

We will respond to your requests within one month. That period may be extended by two further months where necessary based on the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a legal basis to do so, or if it is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest. Please also note that the above rights are not absolute and may be subject to statutory exemption and/or limitation.

You also have the right to lodge a complaint with the applicable data protection supervisory authority / authorities, including the Data Protection Commission and the ICO.

6.3. Everyone Else

This section applies to users outside of California, the EEA, Switzerland, and the UK. You have the right to request access to your personal data, and may have other rights according to applicable law in your jurisdiction. If you have registered for an account with the Service, we may provide you with the ability to access, review, and change certain personal data by logging into the Service, visiting your profile page, and using the features available there.

Not all personal data is maintained in a format that you can access or change. If you would like to request access to, or correction or deletion of personal data, you may send your request to us at privacy@mux.com or write to us at Mux, Inc., Attn: Privacy Team, 50 Beale St., 9th floor, San Francisco, CA 94105. We will review your request and may require you to provide additional information to identify yourself. We may not accommodate a request if we believe the change would violate any law or legal requirement, cause the information to be incorrect, or where we have another legal basis for processing such information.

In order to provide the Service to you, we must transfer your data to the U.S. and process it there. If you are using the Service from outside the U.S., EEA, Switzerland, or UK, you consent to the transfer, storage, and processing of your data in and to the United States or other countries.

7. Security

We are committed to protecting the security of your personal data and use a variety of security technologies and procedures to help protect your information from unauthorised access and use. However, as effective as modern security practices are, no physical or electronic security system is entirely secure. As a result, we cannot guarantee the complete security of our Site, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet. Any transmission of personal data by you is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site, including the illegal acts of third parties. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) account credentials (e.g., usernames or passwords) for access to certain parts of the Service, you are responsible for keeping those credentials confidential. Do not give your credentials to anyone else. If you enter a section of the Service that requires a password, you should log out when you leave. If you believe that any account credentials for the Service have been compromised, please contact us immediately at privacy@mux.com.

8. Data Retention

We keep personal data for as long as we deem necessary for our business purposes, or as otherwise required to operate the Service, comply with your requests, or comply with applicable law.

9. Age Limitations

We do not direct our Service to individuals younger than the required age for consent to use online services where they live, including any children under the age of 13. In the event that we learn that we have collected personal data from a child without parental consent or legal authority required by applicable privacy laws, we will delete that information as quickly as possible. If you believe that we might have any information collected from a child under 13, please contact us at privacy@mux.com.

10. Updates

We reserve the right to modify this Policy from time to time. If we make any changes to this Policy, we will change the “Last Updated” date above and will post the updated Policy on this page. If we make any material change to it, we will notify you via email, through the Service, or as required by applicable law. Unless otherwise stated, modifications will become effective the day they are posted. If you object to any changes, you may close your account. As permitted by applicable law, continuing to use our Service after we publish changes to this Policy means that you are consenting to the changes. The revised Policy supersedes all previous Policies.

11. Contact Us

If you have questions, inquiries, or complaints about this Policy or our practices with respect to the collection and processing of your personal data, please contact us at privacy@mux.com or by writing to us at:

Mux, Inc.
Attn: Privacy Team
50 Beale Street, 9th floor
San Francisco, CA 94105