Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Mux is a US-based video infrastructure platform. Mux Video (stream.mux.com) handles encoding, storage, and adaptive streaming via HLS for on-demand and live video; Mux Data instruments any HTML5 video player to measure playback quality, viewer engagement, and Quality of Experience. Mux Data sets identifiers in the visitor browser to track sessions and is the more consent-sensitive component of the offering.
Mux is a video infrastructure company founded in 2016 by the original creators of Zencoder, headquartered in San Francisco. It offers two main products: Mux Video, an API-first encoding and HLS streaming service for on-demand and live video; and Mux Data, a player analytics SDK that measures playback quality of experience and viewer engagement on any HTML5 player, including bring-your-own scenarios.
Mux Video: visitor IP, user agent, requested HLS segment, bandwidth measurements, geographic country derived from IP. Mux Data: per-viewer identifier (stored in localStorage), playback events, buffering, bitrate, error codes, player and device info, CDN provider information. Mux Data can also pass custom dimensions (logged-in user ID, content ID, A/B test bucket) when the publisher chooses to send them.
Video delivery itself can rely on legitimate interest as a technical necessity. Mux Data is a tracking module: it stores a persistent viewer identifier and emits events, qualifying as non-essential under ePrivacy and TTDSG and requiring consent. Mux supports an anonymous mode for Mux Data, which removes the persistent identifier and the IP precision; this mode may be eligible for the consent exemption depending on national supervisory authority guidance.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Mux processes encoding, storage, and analytics in the United States. Video delivery uses Fastly and CDN partner PoPs worldwide, including the EU. Transfers rely on Standard Contractual Clauses under Art. 46(2)(c) GDPR and on Mux's EU-US Data Privacy Framework certification. A Transfer Impact Assessment is recommended.
Sign the Mux DPA, gate Mux Data behind your CMP (load only after consent), enable the anonymous mode for Mux Data where the use case allows it, refrain from passing logged-in user IDs as custom dimensions without consent, document Mux in your RoPA as a processor, and mention Mux and the US transfer mechanism in the privacy notice.
Websites using Mux must obtain user consent under GDPR regulations.
DPIA considerations
Mux processes two distinct flows. Video delivery: visitor IP, user agent, requested media segment, bandwidth measurements (used for adaptive bitrate). Mux Data analytics: a per-viewer identifier (mux_viewer_id), playback events (start, pause, seek, error), buffering ratios, CDN provider, and player diagnostics. Key DPIA considerations: (1) the Mux Data identifier is a persistent first-party storage item that requires consent under ePrivacy and TTDSG; (2) playback metadata can reveal sensitive information when combined with the video subject (e.g., medical training videos); (3) US default processing requires SCCs and DPF; (4) live streaming may involve real-time chat overlays that capture additional personal data; (5) Mux integrations with personalisation tools can stitch playback events to customer profiles.
Sample consent text
Our website uses Mux to deliver and analyse video content. Mux Video streams the media via stream.mux.com (US, with global CDN PoPs). Mux Data, our video analytics module, sets a viewer identifier to measure playback quality and engagement; it loads only after you have accepted analytics cookies. Transfers to the United States rely on Standard Contractual Clauses and the EU-US Data Privacy Framework.
Third-party domains contacted
mux.comwww.mux.comstream.mux.comimage.mux.comdata.mux.comlitix.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| mux_viewer_id (localStorage) | Analytics | Up to 1 year | Persistent viewer identifier stored in localStorage by the Mux Data SDK. Used to attribute playback events to a unique viewer for Quality of Experience reporting. |
| mux-event-buffer (localStorage) | Analytics / Functional | Session | Temporary buffer used by the Mux Data SDK to queue playback events before sending them to the Mux ingestion endpoint, ensuring no events are lost during brief network disruptions. |
| mux_player_settings (localStorage) | Functional / Preference | Up to 1 year | Stores user preferences for the Mux Player (volume, captions, playback speed) so the experience is restored between visits. |
Mux uses cookies for user preferences — inform visitors with a consent banner.
Mux Video itself does not write client-side storage for delivery. Mux Data stores a persistent viewer identifier in localStorage (mux_viewer_id) plus event buffering data. In anonymous mode, the viewer identifier is reset frequently or skipped.
Mux Video delivery: typically no consent required (legitimate interest). Mux Data analytics: consent required because of the persistent viewer identifier and the playback event tracking. Anonymous mode may qualify for the consent exemption depending on national DPA guidance.
Legitimate interest (Art. 6(1)(f)) for video delivery. Consent (Art. 6(1)(a)) for Mux Data analytics in cookied mode. Contract performance (Art. 6(1)(b)) for paid VOD or subscription scenarios.
Yes for encoding, storage, and analytics. Delivery uses global CDN PoPs (including EU). Transfers rely on Standard Contractual Clauses and the EU-US Data Privacy Framework certification of Mux Inc.
For ordinary brand video, no. For platforms with logged-in viewer profiles, sensitive content (medical training, religious content), or large-scale live streaming, document a short DPIA covering the analytics scope and the transfer mechanism.
Sign the Mux DPA, gate Mux Data behind your CMP, enable anonymous mode where possible, do not pass logged-in IDs as custom dimensions without consent, document Mux in the RoPA, and mention the US transfer in the privacy notice.
EU-friendly video alternatives include api.video (France, EU residency), Bunny Stream (Slovenia), Cloudflare Stream (US, EU PoPs), Vimeo OTT, Brightcove, Kaltura (open source / managed), Bitmovin (Austria), and self-hosted FFmpeg + HLS behind your own CDN.
List the Mux Data viewer identifier (storage type: localStorage; purpose: video QoE analytics; controller: Mux, Inc., US) in the analytics section of the cookie policy. Mention SCCs and DPF for the US transfer and provide a CMP toggle to refuse Mux Data while still being able to play the video.