Mavster

Mavster Privacy Policy

Effective date: 13 May 2026 Last updated: 13 May 2026

This Privacy Policy ("Policy") explains how Marian Paraschiv, an individual doing business as Mavster ("Mavster," "we," "us," or "our") collects, uses, discloses, retains, and protects personal information when you use the Mavster macOS application, the Mavster web dashboard at https://mavster.ai, our APIs, and related services (collectively, the "Services").

The Services are offered only to users located in the United States. See Section 3 for our geographic availability terms.

This Policy is designed to comply with applicable U.S. federal and state privacy and data-security laws, including the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Washington's My Health My Data Act (MHMDA), the Children's Online Privacy Protection Act (COPPA), the CAN-SPAM Act, the New York SHIELD Act, Massachusetts 201 CMR 17.00, the comprehensive privacy laws of every U.S. state in which one is in effect, and the data-breach notification laws of every U.S. state.

If you do not agree with this Policy, do not use the Services.

1. Important notice about screen capture and AI processing

Mavster is an AI-assisted mobile-application testing and automation product, delivered as a macOS application. At its core, Mavster is a screen-recording and screen-understanding tool that captures and analyses what is on your Mac's screen — typically a mobile simulator, emulator, or mirrored mobile device running the application you are testing. When you use the Services:

  • The Mavster macOS application captures images of your screen using Apple's ScreenCaptureKit framework, and records input events (mouse movements, clicks, scrolls, drags, and — where authorized — keyboard input) within scopes you select.
  • Those screen images and event data are uploaded to our servers (Amazon Web Services, in the United States) and forwarded to third-party large language model ("LLM") providers — currently OpenAI and Anthropic — for analysis.
  • The LLM providers process this data to identify on-screen elements, infer user intent, and return structured results to Mavster.

You control what is on your screen when Mavster is recording. If you record an area of your screen that contains personal, financial, health, legal, confidential, or other sensitive information, that information will be captured, uploaded to our infrastructure, and transmitted to a third-party LLM provider. You should not run Mavster while sensitive content you do not intend to share is visible on your screen. This is particularly important if your screen displays consumer health information; see Section 11.4.

Section 7 names every service provider your data is sent to. Section 11 explains how to access, delete, or export your data.

2. Who we are and how to contact us

Business entityMarian Paraschiv, an individual doing business as Mavster
Registered address2416 Bigleaf Ct, Plano, TX 75074
Principal place of businessPlano, Texas, USA
Privacy contactsupport@mavster.ai
General supportsupport@mavster.ai

3. Geographic availability of the Services

The Services are intended for, and made available only to, users physically located in the United States.

  • By creating an account or using the Services, you represent that you are physically located in the United States.
  • We enforce this restriction by geographically restricting both the Mavster macOS application download and the account-signup flow via Amazon CloudFront to requests originating from the United States. Account creation requires a short-lived authorization that is issued only to a request originating from the United States; without it, signup cannot complete.
  • The Services are not offered, marketed, or made available to users in Canada, the European Economic Area, the United Kingdom, Switzerland, or any other jurisdiction outside the United States.
  • We do not knowingly collect personal information from users outside the United States. If we determine that you are accessing the Services from outside the United States — for example, by using a VPN or proxy to bypass our geographic access controls — we may suspend or terminate your account.
  • We offer the Services only in English and accept payment only in U.S. dollars. We do not target users in any other jurisdiction.

If you are located outside the United States, please do not use the Services.

4. Information we collect, and the sources

We collect personal information in four categories, from the sources indicated.

4.1 Information you provide to us

Source: you.

  • Account information: email address, password (stored using industry-standard hashing; we never see your plaintext password), and any display name you choose to provide.
  • Billing information: subscription tier, billing history, and Stripe customer identifiers. Full payment-card details are collected and stored by Stripe, our payment processor; Mavster does not see or store card numbers, CVCs, or full bank details.
  • Communications: the contents of any email, support ticket, or feedback you send us.

4.2 Screen capture and interaction data (the "Recording Data")

Source: your device, captured at your direction.

When you use the Services for screen analysis, automation, or testing, we process:

  • Screenshots and screen-region images captured from your macOS device;
  • Input events you generate while a recording or analysis session is active (mouse position, clicks, scrolls, drag gestures, and, where you have granted the corresponding macOS permission, keyboard input);
  • Derived artifacts produced from the above (for example, bounding boxes, element classifications, OCR text, and LLM-generated descriptions of the screen).

Recording Data may contain personal information about you and about third parties whose content is visible on your screen at the time of recording.

4.3 Information collected automatically

Source: your device and our service logs.

  • Device and environment information: macOS version, Mavster app version, device model, locale, time zone, and screen resolution;
  • Connectivity information: IP address and approximate location derived from it (state and city level — not precise geolocation as defined under the CCPA/CPRA);
  • Service logs: API request metadata, error and crash diagnostics, request and response timestamps, and identifiers used to debug and operate the Services;
  • Authentication tokens: session and refresh tokens issued by Amazon Cognito and stored locally on your device (in the macOS Keychain) or in the web browser's localStorage (for the web dashboard).
  • Product-analytics events: descriptions of how you interact with the Services (screens viewed, features used, in-product actions you take) together with device and environment metadata. We use Mixpanel, Inc. for product analytics in both the macOS application and the web dashboard, and Google Firebase Analytics for product analytics in the macOS application.
  • Crash diagnostics: when the macOS application crashes or encounters an unrecoverable error, we use Google Firebase Crashlytics to capture crash logs, stack traces, device state, and the application version at the time of the crash.

We use your Amazon Cognito subject identifier — a stable, opaque, randomly-generated identifier scoped to your Mavster account — as the user identifier in analytics events and crash reports. We do not send your email address, your password, or the contents of Recording Data to Mixpanel or Firebase. Mixpanel and Google act as service providers / processors to Mavster under written data-processing agreements, and we have disabled all advertising, retargeting, behavioural-advertising, and cross-context-targeting features of these tools (including Google Signals and ads-personalization in Firebase).

4.4 Information from third parties

  • Stripe provides us with billing status, subscription state, and transaction metadata to keep your subscription and credit balance in sync.
  • Amazon Cognito provides us with authentication-event metadata (sign-in time, password-reset events).

5. Cookies and similar technologies

The Mavster macOS application does not use cookies.

The Mavster web dashboard at https://mavster.ai uses:

  • Strictly necessary local storage (browser localStorage) to hold your authentication session so you remain signed in. This is essential to providing the Services.
  • Product-analytics cookies and local storage set by Mixpanel to identify your browser session and record in-product interactions for our internal analytics. These are configured for product-analytics use only; we have disabled all advertising, retargeting, and cross-site-tracking features of Mixpanel.

We do not use advertising, retargeting, or cross-context behavioural-tracking cookies, web beacons, or pixels.

6. How we use your information, and the business purposes for collection

We process personal information for the purposes below. These are also the "business or commercial purposes" for the collection and use of personal information for purposes of the CCPA/CPRA and the equivalent provisions of other U.S. state privacy laws.

  • To create and manage your account, authenticate you, and keep you signed in. Uses: account information, authentication tokens.
  • To provide the screen-capture, analysis, automation, and test-generation features that are the core of the Services. Uses: Recording Data, account information, device information.
  • To process payments, manage subscriptions, calculate credit usage, and prevent payment fraud. Uses: billing information, account information.
  • To operate, secure, monitor, debug, and improve the Services, including detection of and response to security incidents and abuse. Uses: service logs, device information, IP address, Recording Data only where necessary for diagnostics.
  • To respond to your support requests. Uses: communications, account information.
  • To send you service announcements, security notices, and changes to terms. Uses: account information.
  • To send you optional marketing or product-update emails, where you have consented. Uses: account information. You may withdraw consent at any time (see Section 16).
  • To comply with legal obligations and respond to lawful requests from authorities, and to establish, exercise, or defend legal claims. Uses: any relevant data.

We collect and process only the personal information that is reasonably necessary and proportionate to provide and maintain the Services you have requested. We use your personal information only for the purposes above, for purposes compatible with them, or for other purposes for which we obtain your consent at the time of collection.

7. Service providers and other disclosures

We do not sell personal information for monetary or other valuable consideration, and we do not share personal information for cross-context behavioural advertising, as those terms are defined under the CCPA/CPRA and the equivalent provisions of other U.S. state privacy laws. We have not sold or shared personal information in the preceding 12 months.

7.1 Service providers

We disclose personal information to the following service providers under written contracts that include the confidentiality, security, purpose-limitation, and use-restriction obligations required of "service providers" or "processors" under the CCPA/CPRA and equivalent provisions of other U.S. state privacy laws.

Service providerPurposeCategories of dataProcessing location
Amazon Web Services, Inc. (Cognito, Lambda, API Gateway, DynamoDB, S3, CloudFront, SES, KMS)Hosting, authentication, storage, content delivery, transactional email, key managementAll categoriesUnited States (us-east-1 region)
OpenAI, L.L.C.LLM inference on Recording Data to identify on-screen elements and intentRecording Data, prompts derived from itUnited States
Anthropic, PBCLLM inference on Recording Data to identify on-screen elements and intentRecording Data, prompts derived from itUnited States
Stripe, Inc.Payment processing, subscription management, fraud preventionBilling information, account emailUnited States
Mixpanel, Inc.Product analytics for the macOS application and web dashboardAccount identifier (Cognito sub), product-event metadata, device and environment metadata, IP addressUnited States
Google LLC (Firebase Crashlytics, Firebase Analytics)Crash diagnostics and product analytics for the macOS applicationAccount identifier (Cognito sub), product-event metadata, device and environment metadata, crash logs and stack traces, IP addressUnited States

Each service provider is contractually restricted to processing personal information only for the purposes listed above and may not use it for its own commercial purposes, sell it, share it for cross-context behavioural advertising, or combine it with information from other sources except as permitted by the CCPA/CPRA service-provider rules.

We will maintain an up-to-date list of service providers and, where reasonably possible, give notice before adding a new one that materially affects how Recording Data is processed.

As of this Policy's effective date, neither OpenAI nor Anthropic uses data submitted through its API to train its models by default, and we rely on these commitments. If a provider changes its policy in a way that materially affects how Recording Data is treated, we will update this Policy and, where required, give you notice.

7.2 Other permitted disclosures

We may also disclose personal information:

  • To comply with law: in response to a valid subpoena, court order, search warrant, or other lawful request from a public authority where we are obliged to respond. Where lawful and practical, we will notify you of such requests before complying.
  • To protect rights and safety: to enforce our Terms, investigate suspected fraud or abuse, or protect the rights, property, or safety of Mavster, our users, or others.
  • In connection with a corporate transaction: if Mavster is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be disclosed to advisors and counterparties subject to confidentiality, and may be transferred to a successor entity. We will notify you and, where required, obtain your consent before personal information becomes subject to a materially different privacy policy.

We do not share personal information with affiliates, parent or subsidiary companies, or "business partners" for joint marketing purposes; we have no such arrangements at the time of this Policy's effective date.

8. Where your information is stored

All personal information we collect is stored and processed on infrastructure located in the United States (Amazon Web Services, us-east-1 region). We do not transfer personal information outside the United States, except as our U.S.-based service providers (such as Stripe) may transfer it in accordance with their own published practices.

Personal information stored in the United States is subject to U.S. federal and state law, including the state privacy and data-security laws identified in this Policy.

9. How long we keep your information

We keep personal information only for as long as we need it for the purposes set out in this Policy, or for as long as we are required to keep it by law.

DataRetention
Account informationFor the life of your account; deleted when you delete your account (see Section 12)
Recording Data — uploaded images held for inferenceAutomatically expired within 24 hours of upload via S3 lifecycle rules, and deleted earlier where the inference workflow permits
Inference results and credit-transaction recordsWhile your account is active; transaction records may be retained for up to 7 years where required for tax, accounting, and audit purposes
Billing recordsUp to 7 years to meet U.S. federal and state tax and accounting obligations
Service logs and diagnostic dataUp to 90 days in active systems; longer in cold storage only where required for security or legal-claims purposes
Product-analytics events held by MixpanelPer Mixpanel's then-current retention default (currently up to 5 years), or earlier where we instruct deletion
Product-analytics events and user-data held by Firebase Analytics2 months, configured to the shortest retention period available in Google Analytics 4
Crash-diagnostic records held by Firebase Crashlytics90 days, the default Crashlytics retention
BackupsUp to 35 days in rolling backups, after which they are overwritten
Support communicationsUp to 3 years after the support matter is closed

When the applicable retention period ends, we delete or irreversibly anonymize the data. Where deletion from backups is not immediately possible, the data is isolated from active processing until the backup is overwritten on its normal cycle.

10. Security and breach notification

10.1 Security measures

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction, consistent with the requirements of the New York SHIELD Act, Massachusetts 201 CMR 17.00, and other applicable state data-security laws. These safeguards include:

  • Encryption in transit (TLS 1.2 or higher) for all communications between the Mavster application, the web dashboard, our APIs, and our service providers;
  • Encryption at rest for data stored in Amazon S3, DynamoDB, and Cognito, using AWS-managed keys;
  • Authentication and access control via Amazon Cognito, with passwords stored only as salted hashes, and administrative access to production systems restricted to authorised personnel using multi-factor authentication;
  • Least-privilege access controls on backend services and storage;
  • Logging and monitoring of administrative and security-relevant events;
  • Secure software-development practices, including code review and dependency monitoring;
  • A written information security program that designates accountable personnel, identifies foreseeable risks, and provides for ongoing review.

No method of transmission or storage is 100% secure.

10.2 Breach notification

If we become aware of a security breach involving the unauthorized acquisition of, or access to, your personal information, we will notify you and the appropriate state regulators in accordance with the applicable U.S. state data-breach notification law.

  • For most states, notification will be made in the most expedient time possible and without unreasonable delay, consistent with the needs of law enforcement and the legitimate needs to determine the scope of the breach and restore the integrity of our systems.
  • For states with a specific statutory deadline — including Colorado, Florida, Maine, Texas, Vermont, and Washington — we will notify affected residents within the deadline required by that state's law (typically 30 to 60 days after discovery).
  • Where required, we will also notify the relevant state attorney general, credit reporting agencies, and, for Washington consumer-health-data incidents, the Washington Attorney General's Office.

11. Your rights and choices

11.1 Rights available to all U.S. users

Regardless of the state in which you reside, you may:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete your account and the personal information associated with it (see Section 12);
  • Export a copy of your information in a portable format;
  • Withdraw consent at any time where we rely on consent (this does not affect the lawfulness of processing before withdrawal);
  • Opt out of marketing emails via the unsubscribe link in any marketing email or by emailing support@mavster.ai.

11.2 California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know the categories and specific pieces of personal information we have collected, the categories of sources, the business or commercial purposes for collection, and the categories of third parties to whom we disclose it (this Policy provides this notice in Sections 4, 6, and 7);
  • Delete personal information we have collected from you, subject to legal exceptions (such as billing records we must retain for tax purposes);
  • Correct inaccurate personal information;
  • Opt out of "sale" and "sharing" of personal information. We do not sell personal information for monetary or other valuable consideration, and we do not share personal information for cross-context behavioural advertising. We do not knowingly sell or share the personal information of consumers under the age of 16.
  • Limit the use and disclosure of sensitive personal information to purposes necessary to provide the Services. We use sensitive personal information only for purposes permitted under CCPA §1798.121(a) and the implementing regulations.
  • Non-discrimination: we will not deny Services, charge different prices, or provide a different level or quality of Services because you exercised any CCPA right.

Notice of Right to Opt-Out of Sale or Sharing. Because we do not sell or share personal information, no opt-out mechanism is required. If we ever begin to sell or share personal information as those terms are defined under the CCPA/CPRA, we will provide a clear and conspicuous "Do Not Sell or Share My Personal Information" link on the Services and update this Policy.

Categories of personal information collected (CCPA categories) in the past 12 months:

CCPA categoryCollectedDisclosed to service providers
A. Identifiers (e.g. email, IP address, account ID)YesAWS, Stripe, Mixpanel, Google (Firebase)
B. Customer records (Cal. Civ. Code §1798.80)YesAWS, Stripe
F. Internet or other electronic network activity (service logs, product-analytics events)YesAWS, Mixpanel, Google (Firebase)
G. Geolocation (state/city from IP — not precise)YesAWS, Mixpanel, Google (Firebase)
K. Professional or employment-related informationOnly if you provide itAWS
L. Inferences (e.g. inferred actions from Recording Data)YesAWS, OpenAI, Anthropic
Sensitive personal information (account credentials; contents of communications and Recording Data)YesAWS, OpenAI, Anthropic

We do not collect personal information in CCPA categories C (protected classifications), D (commercial information beyond billing), E (biometric information), H (sensory data beyond the screen-capture and input data described above), I (professional information beyond what is voluntarily provided), or J (education information).

Authorized agents. You may designate an authorized agent to make a request on your behalf. We will verify the agent's authority and your identity before responding.

Shine the Light (Cal. Civ. Code §1798.83). California residents may request a list of categories of personal information disclosed to third parties for those parties' direct marketing purposes in the preceding calendar year. We do not disclose personal information to third parties for their direct marketing purposes.

How to exercise California rights. Email support@mavster.ai with the subject line "California Privacy Request." We will respond within 45 days (extendable by a further 45 days where reasonably necessary, with notice to you). If we deny a request, you may appeal by replying to our response email with the subject "California Privacy Appeal." If your appeal is denied, you may contact the California Privacy Protection Agency (https://cppa.ca.gov) or the California Attorney General (https://oag.ca.gov).

11.3 Residents of other states with comprehensive privacy laws

If you reside in Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you have, subject to the specifics of your state's law, the right to confirm and access your personal data, correct inaccuracies (where provided by statute), delete your personal data, obtain a portable copy of it, and opt out of targeted advertising, sale, and profiling that produces legal or similarly significant effects. We do not engage in targeted advertising, sale of personal data, or such profiling, so the opt-out right is satisfied by default. Maryland law prohibits the sale of sensitive data of Maryland residents, and we do not engage in such sales. Minnesota residents may request the rationale and review the personal data used to produce any automated output of the Services that they believe has affected them.

In states that require opt-in consent for the processing of sensitive data (including Colorado, Connecticut, Delaware, New Hampshire, New Jersey, Oregon, and Texas), by signing up for and using the Services after receiving this Policy you provide the consent required for us to process the Recording Data that you direct us to collect. You may withdraw this consent at any time by emailing support@mavster.ai; doing so may prevent us from continuing to provide some or all of the Services.

How to exercise these rights. Email support@mavster.ai with the subject line "State Privacy Request" and identify your state of residence. We will respond within the timeframe required by your state's law — typically 45 days, with one 45-day extension available. If we deny a request, you may appeal by replying with the subject "State Privacy Appeal"; we will respond within 60 days. If the appeal is denied, you may complain to your state attorney general.

11.4 Washington residents (consumer health data — MHMDA)

The Washington My Health My Data Act ("MHMDA") regulates the collection, use, and disclosure of "consumer health data" — defined broadly as personal information linked or reasonably linkable to a consumer that identifies the consumer's past, present, or future physical or mental health status.

How Mavster may incidentally process consumer health data. Mavster captures images of your screen at your direction. If you record screen regions that display health-related content — for example, a patient portal, a telehealth video call, a mental-health journal, a fertility or menstrual-tracking application, or a fitness application — the resulting Recording Data may incidentally contain consumer health data within the meaning of MHMDA.

Categories of consumer health data we may process. Any consumer health data that is visible on your screen when you record. We do not intentionally collect, infer, or seek consumer health data.

Sources. Your device, captured at your direction (Section 4.2).

Purposes. Only to provide the Services you have requested, as described in Sections 1 and 6. We do not use consumer health data to infer health status, target advertising, or for any purpose beyond providing the Services.

Categories of consumer health data shared. Recording Data — including any incidentally captured consumer health data — is shared with the service providers identified in Section 7 (currently AWS, OpenAI, and Anthropic) under contracts that restrict their use of the data to providing services to Mavster.

Your MHMDA rights. If you are a Washington resident, you have the right to:

  • Confirm whether we are collecting, sharing, or selling your consumer health data, and access that data;
  • Withdraw consent to our collection or sharing of your consumer health data;
  • Delete your consumer health data, including from our archives and backups in accordance with our retention schedule (Section 9).

How to exercise MHMDA rights. Email support@mavster.ai with the subject line "Washington MHMDA Request." We will respond within 45 days (extendable by a further 45 days). We will authenticate your request before disclosing or deleting consumer health data. If we deny a request, you may appeal by replying to our response email; you may also submit a complaint to the Washington Attorney General's Office (https://www.atg.wa.gov).

Consent and sale. By signing up for and using the Services after receiving this Policy, you provide the consent required by MHMDA for us to collect consumer health data incidentally captured in Recording Data and to share that data with the service providers listed in Section 7 for the purposes identified above. We do not sell consumer health data, as that term is defined under MHMDA.

Geofencing. We do not establish geofences around any in-person health-care facility for the purposes of identifying or tracking consumers, collecting consumer health data, or sending notifications.

11.5 Nevada

Nevada residents have the right to opt out of the "sale" of certain covered information under Nevada SB 220. We do not sell personal information as defined under Nevada law. To submit a verified opt-out request, email support@mavster.ai with the subject line "Nevada Opt-Out Request."

12. Account deletion and data export

You can delete your account at any time from Settings → Account → Delete Account in the Mavster web dashboard, or by emailing support@mavster.ai.

When you delete your account, we:

  • Delete your account record, profile, and credit-balance information;
  • Delete the Recording Data, inference results, and generated artifacts stored under your user identifier in Amazon S3;
  • Delete your authentication record in Amazon Cognito and revoke all active sessions across devices;
  • Invalidate cached content served via CloudFront associated with your data.

The following data may be retained after account deletion, and only for the purposes and durations indicated:

  • Billing and tax records — up to 7 years, as required by U.S. federal and state tax and accounting law;
  • Fraud and abuse signals (such as hashed identifiers of accounts that violated our Terms) — as long as necessary to prevent re-registration of abusive accounts;
  • Backups — until overwritten on their normal cycle (up to 35 days), during which deleted data is isolated from active processing.

To request a copy of your data before deletion, email support@mavster.ai with the subject line "Data Export Request."

We will respond to deletion and export requests within 45 days (extendable by a further 45 days where reasonably necessary, with notice to you).

13. Automated decision-making and sensitive information

Mavster uses third-party large language models to analyse Recording Data and produce automated outputs (for example, identifying the position of on-screen elements or generating test steps). We do not use automated processing to make decisions that produce legal or similarly significant effects concerning you (such as decisions about credit, employment, insurance, housing, or access to essential services), so the profiling-opt-out rights under U.S. state privacy laws are not implicated by our processing. Minnesota residents have the additional rights described in Section 11.3.

We do not intentionally seek or solicit sensitive personal information, sensitive data, or consumer health data (categories including, among others, government identifiers, biometric identifiers, racial or ethnic origin, religious beliefs, sexual orientation, immigration status, precise geolocation, genetic data, and health information). However, Recording Data may incidentally contain such information when it is visible on your screen at the time of capture. We process such information only to provide the Services you have requested, apply the security measures in Section 10, and do not use it to infer characteristics about you or for any purpose beyond providing the Services. If you do not want sensitive information processed, do not record screen regions that display it; Washington residents should also review Section 11.4.

14. Children

The Services are not directed to children, and we do not knowingly collect personal information from:

  • Children under the age of 13 — consistent with the U.S. Children's Online Privacy Protection Act (COPPA); or
  • Minors under the age of 16 — for purposes of "sale" or "sharing" of personal information under the CCPA/CPRA and equivalent provisions of other state privacy laws, although we do not sell or share personal information in any event.

For state laws that require opt-in consent before processing the personal data of minors aged 13–17 for purposes of targeted advertising, sale, or certain profiling, those activities are not implicated by our processing because we do not engage in them.

If you are under 13, do not use the Services or provide any personal information to us. If we learn that we have collected personal information from a child under 13 without parental consent in accordance with applicable law, we will delete it. If you believe that a child has provided us with personal information, please contact support@mavster.ai.

15. Do Not Track and Universal Opt-Out Mechanisms

The Mavster web dashboard does not respond to browser "Do Not Track" (DNT) signals, because no widely accepted standard for honouring DNT has emerged.

Where required by applicable state law — including the CCPA/CPRA and the comprehensive privacy laws of Colorado, Connecticut, Delaware, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, and Texas — we honour Universal Opt-Out Mechanisms ("UOOMs"), including the Global Privacy Control (GPC) signal, as a valid consumer-initiated opt-out of "sale" and "sharing" of personal information and, where applicable, of targeted advertising. Because we do not sell or share personal information or engage in targeted advertising, the practical effect of a UOOM signal is already in place by default.

16. Marketing communications

We send two kinds of email:

  • Service emails (account verification, password reset, security notices, billing receipts, service announcements, and material changes to this Policy or our Terms). These are necessary to provide the Services and are sent on the basis of our contract with you; they are not subject to marketing opt-out under the CAN-SPAM Act.
  • Marketing emails (product updates, new-feature announcements, surveys). We send these only to recipients who have agreed to receive them.

CAN-SPAM compliance. Every marketing email we send identifies us as the sender, identifies the message as an advertisement where required, contains our physical mailing address, and includes a working unsubscribe mechanism that takes effect within 10 business days. We do not use deceptive subject lines or sender information.

You may withdraw consent to marketing emails at any time by clicking the unsubscribe link in any marketing email or by emailing support@mavster.ai.

17. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top of this Policy indicates when it was last revised.

If we make material changes — for example, adding a new service provider that materially affects how Recording Data is processed, beginning to "sell" or "share" personal information, expanding the geographic availability of the Services, or changing the basis on which we process a category of personal information — we will notify you by email and/or by a prominent notice in the Services before the change takes effect, and, where required by applicable law, obtain your consent.

18. How to contact us

Questions, requests, or complaints about this Policy or your personal information should be sent to:

Marian Paraschiv, an individual doing business as Mavster 2416 Bigleaf Ct, Plano, TX 75074 Email: support@mavster.ai

If you are not satisfied with our response, you have the right to lodge a complaint with the regulator in your jurisdiction: