Brand Talk | Market Walk
Brand Talk | Market Walk
Maviimedia is a Mumbai- and Pune-based branding & product studio serving clients worldwide, fusing strategy, design, and engineering to deliver modern websites, custom software and SaaS, AI-powered applications, and end-to-end product design. We move from brief to launch with speed and rigor, building experiences that are beautiful, reliable, and measurable.
“Maviimedia” (“we”, “us”, “our”) is a design & engineering studio headquartered in Mumbai and Pune, India. We partner with founders, marketing teams, and product leaders to plan, design, build, and grow digital experiences. For website visitors and prospects, we typically act as a data controller; for client projects, we may operate as a processor under a services agreement or data processing addendum (“DPA”). This Policy explains the types of information we handle, the purposes for which we process it, and the choices available to you.
We value clarity and restraint: we only collect data we actually need, limit access to those who require it, and build processes that prefer privacy by default. Wherever possible, we favor configuration over collection, aggregation over identification, and short retention over indefinite storage.
This Policy applies to personal data we process when you browse our websites, submit a form, request a proposal, subscribe to updates, apply for a role, participate in research or testing, use our hosted tools, or interact with us via email, phone, or social channels. It also covers logs and telemetry generated by our products or prototypes that we host. It does not apply to client-owned products where we act solely as a processor and where the client’s privacy terms govern the service.
Where we link to third-party services (e.g., payment, analytics, scheduling), their privacy practices apply. We encourage you to read those notices, as we don’t control their independent processing.
We collect information in three ways: (a) directly from you, (b) automatically via your device and our services, and (c) from third-party sources that help us operate our business. Categories include:
We process personal data to operate, secure, and improve our services; to communicate with you; and to meet legal obligations. Typical uses include responding to enquiries, preparing proposals, executing statements of work, providing onboarding and support, monitoring reliability and abuse, and measuring effectiveness of features or content. We also use aggregated insights to inform product direction and design decisions.
Marketing is light-touch: occasional newsletters, case studies, launches, or invites—always with a clear opt-out. Where consent is required (e.g., non-essential cookies), we will seek it before processing.
Our legal bases include Contract (to deliver requested services), Legitimate Interests (to secure systems, understand performance, and operate responsibly without overriding your rights), Consent (for optional analytics/marketing), and Legal Obligation (for tax, accounting, and compliance). Where we rely on legitimate interests, we apply balancing tests and safeguards such as minimization, access controls, and short retention.
We respect client IP and confidentiality. We do not use client-provided content to train public or third-party foundational models unless a contract or explicit written instruction permits it. When we use AI services as processors—for example, to draft summaries, classify feedback, or assist support—we apply data minimization, scoping, and role-based access. Where possible, we disable training on our business data and restrict retention to short windows.
Prompt logs and outputs may be reviewed by authorized team members to improve reliability and safety, subject to contractual commitments. We encourage clients to mark and route sensitive datasets through agreed secure channels.
We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. In practice, we prefer short retention with regular reviews. When information is no longer required, we delete it or irreversibly de-identify it according to our data retention schedule and backup rotation.
We operate globally and may transfer data to countries with different data protection laws. Where we do so, we rely on appropriate safeguards—such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms— and assess vendors for technical and organizational measures that protect your data during and after transfer.
We employ layered security controls including encryption in transit, access control and least privilege, environment segregation, secrets management, monitoring, and incident response procedures. While no system can be perfectly secure, we aim for practical resilience: fast detection, bounded blast radius, and clear recovery paths. We periodically review vendors and update controls based on changes in risk.
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to processing; to receive a portable copy; and to withdraw consent where processing is based on consent. Residents of the EU/UK (GDPR), India (DPDP Act, 2023), and California (CPRA) have additional rights specific to their jurisdictions. We will verify your request to a reasonable standard and respond within the timelines set by law. You may also use an authorized agent where permitted.
To exercise rights, see Contact. We will explain any limits that apply (e.g., legal retention).
Our services are intended for business users and are not directed to children below the age defined by local law (e.g., 13 or higher). We do not knowingly collect such data. If you believe a child has provided personal information, please contact us so we can delete it.
We may update this Policy from time to time. Material changes will be highlighted on this page with a revised “Last Updated” date. If you continue to use our services after the update, you agree to the revised terms as permitted by law.
Questions, requests, or complaints? Email us at support@maviimedia.com or write to our India office (Mumbai/Pune). EU/UK residents may also contact their local supervisory authority. For India DPDP, you may contact our Grievance Officer (details to be published here if required).
If we appoint a Data Protection Officer (DPO) or EU/UK representative, we will add those details here.
Note: This notice is general information, not legal advice. Where this notice conflicts with a signed contract or DPA, the contract controls.