No Build Looping

Version 1.0

Privacy Policy

Site: brentbrownmusic-course.brentbrown808.workers.dev

Operator: Brent Brown Music, a sole proprietorship of Brent G Brown, Illinois, USA

Contact: brentbrown808 [at] gmail [dot] com

Version: v1.0.0

Effective Date: May 24, 2026

Last Updated: May 24, 2026

Plain-English Summary

We collect what we need to sell you a course and deliver it: your email address, your name, your payment information (processed through Stripe — we never see your full card number), and a log of which videos and files you have accessed (to enforce the Course Agreement). We do not sell your data. We do not track you across the web. Here are the specifics.

1. Who We Are

This site is operated by Brent Brown Music, the sole proprietorship of Brent G Brown, located in Illinois, USA.

For privacy inquiries, contact: brentbrown808 [at] gmail [dot] com

References to "we," "us," and "Brent Brown Music" in this policy all refer to that sole proprietorship.

2. What We Collect and Why

We collect the minimum personal information needed to operate this site and deliver the course. Here is what we collect and why:

2.1 Account Information

  • Email address: Used as your account username, as your electronic signature for clickwrap assent at checkout, and to deliver transactional communications (course access, booking confirmation, password reset). Collected when you register or purchase.
  • Name: Stripe may collect your name as part of card billing details during payment. We receive a Stripe customer ID linked back to your account but do not separately collect a typed legal name on this site.

2.2 Payment Information

Payment is processed by Stripe directly. Brent Brown Music's servers do not receive or store your full card number, card verification code, or full bank account details.

We receive and store from Stripe only:

  • Last 4 digits of your payment card
  • Card country
  • Payment status (success, failed, refunded)
  • Stripe customer and payment IDs

This is the minimum necessary to manage your purchase records and comply with tax obligations.

2.3 Clickwrap Assent Log

When you accept the Course Agreement at /agreement, we log:

  • Your authenticated email address
  • Your user account identifier
  • The version number of each legal document you accepted (Course Agreement, Terms of Use, Privacy Policy)
  • The text of each checkbox label you acknowledged
  • UTC timestamp of your acceptance
  • Your IP address at the time of acceptance
  • Your browser user agent string
  • Your Stripe checkout session ID (your order ID)
  • A SHA-256 cryptographic hash of the contract text source as shown to you

Why we keep this: This log is how we prove you agreed to the contract — both for legal enforcement purposes and as a contractually required reasonable measure under the Course Agreement. See the Course Agreement at /agreement for context. This data is retained for a minimum of 7 years (see Section 7).

2.4 Course Usage Logs

While you use the course, we log:

  • Which video lessons you played and when
  • Which downloadable files you accessed and when
  • The IP address associated with each access event

Why we keep this: These logs are used to detect and investigate unauthorized sharing of course access, as required by the no-sharing and trade-secret protection provisions of the Course Agreement at /agreement. They are also used to resolve access disputes.

2.5 Booking Emails

If you email brentbrown808 [at] gmail [dot] com to schedule a session or communicate about the course, those emails are stored in Brent's email account.

2.6 Contact Form Submissions

Messages submitted via the site's contact form are sent to Brent's email and stored there.

2.7 No Third-Party Analytics or Tracking

This version of the site does not use third-party analytics tools (such as Google Analytics or Plausible), advertising pixels, or any third-party tracking scripts. We do not track you across the web.

3. Cookies and Similar Technologies

3.1 What Cookies We Use

We use only functional cookies necessary for the site to work:

  • Authentication session cookie: Keeps you logged in during your session.
  • CSRF token cookie: Protects you against cross-site request forgery when you submit forms.

These cookies do not track you across other sites. They expire when your session ends or within a short period thereafter.

3.2 What Cookies We Do Not Use

We do not use:

  • Advertising or remarketing cookies
  • Third-party analytics cookies
  • Social media tracking cookies
  • Any cookie designed to build a profile of your behavior across websites

3.3 No Cookie Banner

Because we use no tracking cookies, we do not display a cookie consent banner. If this changes, we will update this policy and add appropriate notice.

3.4 Stripe Cookies

When you are redirected to Stripe's checkout interface to complete a payment, Stripe may set its own cookies. Those cookies are governed by Stripe's Privacy Policy. Brent Brown Music does not control Stripe's cookie behavior.

4. Per-User Video Watermarking

When you watch course videos, your authenticated email address is displayed as a translucent overlay on the video player. This overlay is rendered client-side using your active session.

Why we do this: The watermark deters unauthorized recording and sharing of course content, and enables us to trace the source of any leaked video. This is one of the reasonable measures Brent Brown Music takes to protect the trade secrets and proprietary methods contained in the course.

This practice is disclosed in and required by the Course Agreement at /agreement. By purchasing the course, you acknowledged and accepted the presence of this watermark.

5. Who We Share Your Data With

We share your personal data only in the following limited circumstances:

5.1 Service Providers

We use these third-party processors to operate the site. Each receives only the data necessary for its specific function:

Service What they receive Their Privacy Policy
Stripe Payment and billing information stripe.com/privacy
Bunny.net IP address, access logs for video delivery bunny.net/privacy
Supabase Account data, usage logs, assent logs supabase.com/privacy
Cloudflare IP address and request logs (standard Workers hosting logs) cloudflare.com/privacypolicy

5.2 Brent Brown Music Itself

Brent G Brown reads contact form submissions and booking emails. No other staff currently have access to user data.

5.3 We Do Not Sell Your Data

Brent Brown Music does not sell, rent, or trade your personal information to any third party for their own commercial purposes.

5.4 Legal Requirements

We may disclose your personal data if required by law, including in response to a valid subpoena, court order, or other legally binding government request. Where permitted by law, we will attempt to notify you of such a request before complying.

6. How Long We Keep Your Data

Data Type Retention Period Reason
Account and entitlement records For the life of your access period (1 year), then archived Course delivery and access management
Clickwrap assent logs Minimum 7 years Legal contract enforcement
Course usage logs 2 years, then deleted Trade-secret enforcement
Payment records 7 years Illinois tax compliance for sole proprietor
Email correspondence Up to approximately 2 years, or as operationally needed Operational continuity

After the applicable retention period, data is deleted or anonymized unless we are required by law to keep it longer.

7. Your Privacy Rights

7.1 All Users

You may:

  • Request a copy of the personal data we hold about you
  • Request correction of any inaccurate or outdated personal data
  • Request deletion of your account and associated personal data

To exercise any of these rights, email brentbrown808 [at] gmail [dot] com.

Important limits on deletion requests:

a) Clickwrap assent logs may be retained even after you request deletion, because they constitute evidence of a contract you signed. Deletion of this record could impair both your ability and our ability to enforce the contract.

b) Payment records may be retained for the full 7-year tax compliance period regardless of a deletion request.

c) Aggregated or fully anonymized data (from which you cannot be identified) may be retained.

We will respond to data rights requests within 30 days. If we cannot fulfill a request in full, we will explain why.

7.2 EU Residents — GDPR Rights

If you are located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: Obtain a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure ("right to be forgotten"): Subject to the limits in Section 7.1 above
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to restriction of processing: Ask us to limit how we process your data
  • Right to object: Object to processing based on legitimate interests
  • Right to lodge a complaint: With your national data protection supervisory authority

Legal bases we rely on:

  • Contract performance: Processing your account data and course access logs to deliver the service you purchased
  • Legal obligation: Retaining payment records for tax compliance
  • Legitimate interests: Retaining clickwrap assent logs and usage logs to enforce the course contract and protect trade secrets

7.3 California Residents — CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know: What personal information we collect, use, and share
  • Right to delete: Request deletion of your personal information (subject to the limits in Section 7.1)
  • Right to opt out of sale: We do not sell personal information; this right is satisfied automatically
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise California rights, contact brentbrown808 [at] gmail [dot] com.

8. International Data Transfers

Brent Brown Music is based in Illinois, USA. Data you provide may be stored in or processed in:

  • United States (Supabase, Stripe, Cloudflare, Brent's own email)
  • European Union — Frankfurt (Bunny.net CDN nodes)
  • Other locations where our service providers operate

Where data transfers involve countries without an adequacy decision under GDPR, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards as offered by our processors. You can review each processor's transfer mechanisms via their privacy policies linked in Section 5.1.

9. Children

This site is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16.

If you believe a person under 16 has created an account, please contact us at brentbrown808 [at] gmail [dot] com. We will delete the account and any associated personal data promptly upon verification.

10. Security

We take the following measures to protect your personal data:

  • Password hashing: Passwords are stored using bcrypt or an equivalent strong hashing algorithm, managed by Supabase.
  • HTTPS only: All data transmitted between your browser and this site is encrypted in transit via TLS.
  • No card data on our servers: Full payment card details are handled entirely by Stripe and never touch Brent Brown Music's infrastructure.
  • Per-user video watermarking: Helps deter and trace unauthorized recording (see Section 4).
  • Signed URLs: Course videos and download links use signed, time-limited URLs to prevent unauthorized sharing.
  • Admin access logs: Access to user data by Brent G Brown is logged.

No security system is perfect, and we cannot guarantee that unauthorized access, disclosure, or loss of data will never occur. If a data breach occurs that is likely to affect your rights, we will notify you as required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When changes are material:

  • The updated policy will be posted with a new "Last Updated" date
  • A notice will be posted on the site or emailed to account holders
  • The effective date will be stated clearly

Continued use of the site after the effective date constitutes acceptance of the updated policy. If you do not agree with changes to the policy, you may request deletion of your account.

We maintain a version history of this policy. Prior versions are available on request.

12. Relationship to Other Documents

This Privacy Policy works alongside:

  • Site-Wide Terms of Use — acceptable use, intellectual property, limitation of liability for site operation
  • Course Agreement — access rules, no-sharing policy, confidentiality, course IP, and the contractual basis for our data collection practices

Together, these three documents govern your relationship with Brent Brown Music.

13. Contact for Privacy Inquiries

For any questions about this Privacy Policy or to exercise your data rights:

Brent Brown Music brentbrown808 [at] gmail [dot] com

We will respond within 30 days.

Privacy Policy — v1.0.0 — Effective Date: May 24, 2026 brentbrownmusic-course.brentbrown808.workers.dev — Brent Brown Music, a sole proprietorship of Brent G Brown, Illinois, USA