1. Information we collect

1.1 When you visit drewbrashler.com

Our website runs on WordPress with WooCommerce. When you visit, we and our third-party service providers collect information through cookies, scripts, and similar technologies. Here is what is in use and why.

Essential and security cookies

These are required for the site to function and cannot be opted out of:

• WordPress and WooCommerce – session cookies that manage your shopping cart, remember your login if you create a customer account, and maintain basic checkout functionality
• WooCommerce Order Attribution (SourceBuster.js) – sets cookies to record how you arrived at drewbrashler.com (for example, from a search engine, a Facebook ad, or a direct link) so we can understand which marketing efforts lead to sales. This data is stored on our server only and is not shared with third parties.
• Cloudflare – sets security cookies (_cfruid and similar) for bot detection and CDN performance. Cloudflare sits in front of drewbrashler.com and processes your IP address and request headers as part of normal CDN operation. See Cloudflare’s privacy policy.
• Wordfence – WordPress security plugin that logs IP addresses and request data to detect and block malicious traffic. This data is stored on our server only.
• Google reCAPTCHA – anti-spam service used on forms and checkout. reCAPTCHA analyzes user behavior to distinguish humans from bots and sends data to Google. See Google’s privacy policy for details.
• Stripe – when you proceed to checkout, Stripe loads payment scripts that set cookies for fraud prevention and payment session management. See Stripe’s privacy policy.

Analytics

• Fathom Analytics – we use Fathom to understand general site traffic (pages visited, referral sources, browser types). Fathom is cookieless and does not track individual visitors across sessions or sites. It does not use personally identifiable information. See Fathom’s privacy policy.

Advertising and retargeting

• Facebook Pixel – we use the Facebook Pixel to measure the effectiveness of our advertising and to show Brashler EDU ads to people who have visited our site when they are on Facebook and Instagram. The Pixel sends behavioral data (pages visited, actions taken) to Meta. Meta may use this data in accordance with Meta’s data policy. If you prefer not to have your browsing used for ad retargeting, you can opt out via Meta’s ad preferences or use a browser extension such as uBlock Origin.

A note for EU and UK visitors: The Facebook Pixel sends data to Meta for advertising purposes and under GDPR may require your consent before activating. If you are visiting from the EU or UK, you may wish to use a browser-level opt-out or ad blocker. We are working toward implementing a cookie consent mechanism for EU and UK visitors.

1.2 When you make a purchase

WooCommerce collects and stores the following on our server at drewbrashler.com:

• Name
• Email address
• Billing address
• IP address at time of purchase
• Order details (products purchased, amounts, order date)
• Referral source and UTM parameters from WooCommerce Order Attribution
• Payment method type – not full card numbers

Payment processing: Payments are handled by Stripe and PayPal. We never see or store your full card number. Stripe and PayPal each have their own privacy policies governing payment data. See Stripe’s privacy policy and PayPal’s privacy policy for details.

We use purchase data to fulfill your order, issue your license key, provide receipts, and respond to support requests. Billing address data is used for tax calculation and record-keeping.

1.3 When you activate a plugin

Our plugins require license activation through our license server at dbb-license-server.onrender.com. During activation and ongoing use, we collect:

• Your license key (issued at purchase)
• A machine fingerprint – a one-way hash of stable hardware identifiers on your computer, generated by the plugin. This hash cannot be reversed to recover individual hardware details. It identifies a machine for license enforcement purposes only.
• Your IP address – captured automatically when the plugin connects to our server
• An optional machine name you may enter (e.g., “Studio iMac”) – for your convenience only, not required
• Your email address and order ID, passed from WooCommerce when your purchase completes, to associate your license with your account

Daily token refresh: While you have an internet connection, the plugin contacts our server approximately once per day to refresh its activation token. Each refresh logs your IP address. This is how we detect and prevent unauthorized license sharing. The plugin continues to work offline using the last valid token.

What we do with this data: We use license server data exclusively for license enforcement and fraud prevention – to verify that license keys are used by the people who purchased them, to detect unauthorized sharing, and to provide support when you contact us about your license. We do not use it for marketing or advertising.

Legal basis for EU and UK visitors: We collect IP addresses and machine fingerprints under GDPR Article 6(1)(f) – legitimate interest. Our legitimate interest is preventing software piracy and providing license support. The data collected is minimal, not shared with third parties for other purposes, and not used to make automated decisions about you.

1.4 When you subscribe to our newsletter

We use Beehiiv to send a newsletter covering product updates, new releases, and audio engineering topics. Subscription is always opt-in.

If you purchase a plugin, you may check an optional box at checkout to subscribe to a customer update list. This list is used to notify you of new versions of products you own and to send occasional usage tips. It is separate from the general newsletter and is entirely voluntary.

When you subscribe, Beehiiv collects your email address and subscription date. Beehiiv may also log your IP address at the time of subscription. We do not share your email address with other parties for marketing purposes. You can unsubscribe at any time using the link in any email we send.

Legal basis for EU and UK visitors: Newsletter subscription is based on consent (GDPR Article 6(1)(a)). Customer update emails are based on legitimate interest (Article 6(1)(f)) where you opted in at checkout.

2. How we share your information

We do not sell your personal data. We share data only with the service providers necessary to operate our business, and only to the extent necessary.

Provider	Purpose	Data shared
Stripe	Payment processing	Payment details at checkout; fraud prevention cookies
PayPal	Payment processing	Payment details at checkout
Render	Hosting our license server	License data, IP addresses, machine fingerprints
Postmark	Transactional email delivery	Your email address, license key (for delivery)
Beehiiv	Newsletter platform	Your email address, subscription date
WordPress hosting provider	Website hosting	Web server logs, WooCommerce order data
Cloudflare	CDN, DDoS protection, security	IP addresses, request headers
Fathom Analytics	Privacy-focused site analytics	Aggregated, non-identifiable traffic data
Meta (Facebook Pixel)	Advertising measurement and retargeting	Pages visited, actions taken on site
Google (reCAPTCHA)	Anti-spam and bot detection	Behavioral data analyzed by Google
Wordfence	WordPress security	IP addresses, request logs (stored on our server)
WooCommerce Order Attribution	Marketing source tracking	Referral URL, UTM parameters (stored on our server only)

Each provider processes data under their own privacy policies and data processing agreements. We do not authorize them to use your data for their own marketing or any purpose beyond providing services to us.

We may disclose personal data if required by law or valid legal process. We will notify you of such requests to the extent permitted by law.

3. How long we keep your information

Data type	Retention period	Reason
WooCommerce order records	7 years	Tax and accounting requirements
License server records (email, machine fingerprint, IP logs)	7 years from last activity	Fraud prevention audit trail; consistent with financial record retention
Newsletter subscription records	Until you unsubscribe, then promptly deleted	Consent-based
Web server logs	30 days rolling	Security monitoring
Wordfence security logs	30 days rolling	Security monitoring

When the retention period ends, data is deleted or anonymized.

4. Data security

We take reasonable steps to protect your data:

• All connections to our license server use HTTPS
• Cloudflare sits in front of drewbrashler.com and our license server for DDoS protection and security filtering
• Admin access to the license server requires strong passwords stored as bcrypt hashes, with rate limiting on failed login attempts
• Database backups are stored offsite with encryption
• License tokens are signed with Ed25519 cryptography and verified offline by the plugin
• Google reCAPTCHA protects forms and checkout from automated abuse

No system is completely secure. We will notify affected customers promptly if a data breach occurs that affects their personal information.

5. Your rights

We honor data rights for all customers regardless of jurisdiction.

You have the right to:

• Access – request a copy of the data we hold about you
• Correction – ask us to correct inaccurate data
• Deletion – ask us to delete your data. For license server data, we will anonymize your record by removing your email address from the license record. This preserves the license for your ongoing use while removing your identifying information. Full deletion is also available on request but will deactivate your license.
• Portability – request your data in a machine-readable format (CSV or JSON)
• Objection – object to processing based on legitimate interest
• Withdrawal of consent – unsubscribe from newsletters at any time via the link in any email

How to exercise your rights: Email support@drewbrashler.com from the email address associated with your account. We respond within 30 days. We may ask you to verify your identity before processing the request.

EU and UK residents: You also have the right to lodge a complaint with your national data protection authority if you believe we have mishandled your data.

California residents (CCPA): You have the right to know what personal information we collect and to request deletion. We do not sell personal information. Contact support@drewbrashler.com to exercise your rights.

6. Children’s privacy

Our products are intended for professional and semi-professional audio use and are not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, contact support@drewbrashler.com and we will delete it promptly.

7. International data transfers

Brashler EDU is based in the United States. If you are located in the EU, UK, or another jurisdiction, your data will be transferred to and processed in the United States. Our data processing is limited, necessary, and covered by legitimate interest or consent as described in this policy.

8. Changes to this policy

We will update this policy when our data practices change. We will post the updated policy on this page with a new “last updated” date. For significant changes, we will notify customers by email.

9. Contact

Questions, requests, or concerns: support@drewbrashler.com

Brashler EDU, LLC United States