Handpan ChordBook

Privacy Policy

Who we are

Our website address is: https://www.handpanchordbook.com/
We provide online courses and digital learning materials.
You can contact us at: handpanfundamentals@gmail.com

Personal Data We Collect and Why

1. User Accounts & Course Enrolment (LifterLMS)

When you create an account or enrol in a course, we collect:

  • Name
  • Email address
  • Billing details
  • IP address
  • Account username
  • Course progress and activity
  • Support messages

2. Payments

Stripe Payments

When paying via Stripe, Stripe processes your payment information, including:

  • Card number
  • Expiry date
  • CVC
  • Billing address
  • Fraud detection data (IP, device info, browser details)

We never store or see your full card details.

Stripe’s Privacy Policy: https://stripe.com/privacy

PayPal Payments

If you pay via PayPal, PayPal collects and processes:

  • Name
  • Email address
  • Billing address
  • Payment details
  • Transaction ID

We receive only payment confirmation, not your full financial details.

PayPal Privacy Policy: https://www.paypal.com/privacy

3. Newsletter Sign-Ups (Mailchimp)

When you sign up for our newsletter, we collect:

  • Email address
  • Name (optional)
  • Marketing preferences

Your data is stored by Mailchimp.

Mailchimp Privacy Policy: https://mailchimp.com/legal/privacy/

You may unsubscribe at any time.

4. Comments

When visitors leave comments, we collect:

  • The information provided in the comment form
  • IP address
  • Browser user-agent string (spam prevention)

An anonymised hash of your email may be sent to Gravatar to display a profile picture.
Gravatar Privacy Policy: https://automattic.com/privacy/

If your comment is approved, your profile image (if using Gravatar) will be publicly visible with your comment.

5. Media Uploads

If you upload images, please avoid uploading images containing embedded location data (EXIF). Visitors may download and extract this data.

6. Cookies

We use cookies to:

  • Enable website functionality
  • Remember logins
  • Support comment convenience
  • Improve security
  • Facilitate analytics

Examples:

  • Comment cookies store your name/email for future comments.
  • Login cookies store session authentication.
  • Display settings cookies remember your preferences.

These cookies do not contain sensitive personal information.

7. Embedded Content (e.g., YouTube Videos)

Pages on this site may include embedded content such as:

  • YouTube videos
  • Social media posts
  • External articles

Embedded content behaves as if you visited the third-party site directly. These sites may collect data, use cookies, and track interactions.

YouTube/Google Privacy Policy:
https://policies.google.com/privacy

8. Analytics (Google Analytics)

We use Google Analytics to collect anonymised statistical information about how visitors use our website. Google Analytics collects data such as:

  • Pages visited
  • Time spent on pages
  • Browser type and device information
  • Approximate geographic location
  • Referring websites

Google Analytics uses cookies to track this information. All IP addresses are anonymised before being processed by Google (IP masking is enabled).

Google does not identify individual users to us, and we do not merge Analytics data with any personally identifiable information.

Google Analytics Privacy Policy:
https://policies.google.com/privacy

You may opt out of Google Analytics tracking using this browser tool:
https://tools.google.com/dlpage/gaoptout/

Who We Share Data With

We share data only with:

  • Stripe (payments)
  • PayPal (payments)
  • Mailchimp (email marketing)
  • Hosting & security providers
  • Spam detection services (e.g., Akismet)

We do not sell or trade personal data.

How Long We Retain Data

  • Comments: retained indefinitely.
  • User accounts: retained while active.
  • Course + LMS data: retained as long as needed for learning records.
  • Orders & payments: retained for 7 years (legal requirement).
  • Newsletter data: retained until you unsubscribe.

Your Data Rights

Under GDPR/UK GDPR, you may request to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (“right to be forgotten”)
  • Export your data
  • Withdraw consent (e.g., unsubscribe from marketing)

To request this, contact: handpanfundamentals@gmail.com

We will respond within 30 days.

Where Data Is Sent

  • Comments may be checked by automated spam systems.
  • Payment data is sent securely to Stripe or PayPal.
  • Newsletter sign-ups are sent to Mailchimp.
  • Hosting, security, or backup services may process IP addresses.

How We Protect Your Data

We use:

  • SSL encryption
  • Secure hosting
  • Access controls
  • Regular security updates
  • Secure payment gateways
  • Fraud detection tools

Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page.