Drumfuzzled, LLC Privacy Policy

Effective June 24, 2025

 

1. Introduction and Overview

 

This Privacy Policy (“Policy”) explains how Drumfuzzled, LLC (“Drumfuzzled,” “we,” “us,” or “our”) collects, uses, stores, and shares your personal information when you access or use our Services. “Services” include our website, online and mobile courses, e-commerce features, and any third-party integrations—most notably through our platform provider, Kajabi, and its vendors.

We respect your privacy and handle your data in accordance with applicable laws around the world, including the European Union’s General Data Protection Regulation (GDPR), the UK Data Protection Act and UK GDPR, California’s CCPA/CPRA, Canada’s PIPEDA, Brazil’s LGPD, Singapore’s PDPA, Australia’s Privacy Act 1988, and other relevant regulations.

This Policy covers all personal data you provide directly (for example, when you register, enroll in a course, or purchase merchandise) as well as information automatically collected when you interact with our Services (for example, cookies, usage logs, and device data). It applies to all users of our Services, regardless of your country of residence or the device you use. 

By accessing or using Drumfuzzled, you acknowledge that you’ve read and understood this Policy. If you disagree with any part of it, please do not use our Services.

 

2. Information We Collect

 

We collect only the data we need to deliver, secure, and improve your Drumfuzzled experience—always in line with GDPR, CCPA/CPRA, PIPEDA, LGPD, PDPA, Australia’s Privacy Act, and similar laws.

2.1 Account & Profile Data

Name, email address, phone number, billing/shipping address, organization (if provided)

Username and hashed password

Collected when you register, enroll, purchase, or submit forms

 

2.2 Transaction & Payment Data

Order history, subscription tier, amount paid, timestamps, shipping status

Processed by Stripe, PayPal, or Shopify Payments (we never store full card numbers)

 

2.3 Learning & Course Interaction Data

Hosted on Kajabi: enrollment/completion dates, module progress, quiz results, certificates earned, login logs

 

2.4 Communications & Feedback

All email lists, messages, support tickets, survey responses, and community comments are submitted to and stored in Kajabi (or, where applicable, other vendors you opt into)

Drumfuzzled does not store this information separately

2.5 Technical & Usage Data

IP address (anonymized where possible), device type, browser/OS, pages viewed, session duration, click paths, referrer URL, performance metrics

Collected via our site, Kajabi Analytics, Google Analytics, and email-tracking pixels

2.6 Cookies & Similar Technologies

Cookies, web beacons, tracking pixels, local storage—used to personalize, retain sessions, and analyze usage (see Section 8)

 

2.7 Third-Party & Affiliate Data

From social-login providers (e.g., Google, Facebook), affiliate networks, shipping carriers—only when you opt in or to fulfill services

All partners are contractually bound to privacy and security standards consistent with this Policy

 

3. Lawful Bases for Processing Personal Data

 

We process your personal data only when we have a valid legal basis under applicable privacy laws. Those bases include:

3.1 Performance of a Contract Necessary to deliver the services you’ve requested—such as enrolling you in courses, managing subscriptions, fulfilling orders, and providing support via Kajabi and other partners.

3.2 Consent Based on your clear, affirmative permission for marketing emails, optional analytics cookies, surveys, or any sensitive data. You can withdraw consent at any time without affecting prior processing.

3.3 Legal Obligations Required to comply with laws and regulations—such as tax, accounting, consumer-protection, digital-goods recordkeeping, and age-verification mandates.

3.4 Legitimate Interests Pursued when our business interests don’t override your rights. This includes maintaining platform security, improving features and the learning experience, preventing fraud or abuse, and communicating important updates.

3.5 Vital Interests In rare emergencies—such as to protect life or safety—we may process data to serve vital interests without another basis.

How This Maps to Key Regulations

EU/UK (GDPR/UK GDPR): Grounds correspond to Article 6(1)(b)–(f); users also have rights under Articles 15–22. California (CCPA/CPRA): We process data for “business purposes” until you exercise your right to know, delete, correct, or opt out of sale/sharing. Canada (PIPEDA): We rely on your consent or your reasonable expectations for collection, use, and disclosure. Brazil (LGPD): We process under the bases in Article 7 (consent, contract, legal obligation, vital interests, legitimate interests) and follow ANPD guidance. Singapore (PDPA): We adhere to consent, legal obligation, and legitimate-interest principles. Australia (Privacy Act 1988 & APPs): We rely on consent, legal obligations, and necessary/legitimate interests in line with the Australian Privacy Principles.

3.6 Automated Decision-Making & Profiling We do not engage in any solely automated decision-making or profiling that produces legal or similarly significant effects on you. All decisions affecting your service, pricing, access, or support involve human review and oversight.

 

4. How We Use Information

 

We use your personal data only for clearly defined, lawful purposes that enable us to deliver, maintain, secure, and improve Drumfuzzled Services.

4.1 Service Delivery and Account Management We use your account and profile information to create and administer your Drumfuzzled account, grant access to course materials, record lesson progress, issue receipts, manage subscription tiers, and fulfill merchandise orders—primarily via our platform provider, Kajabi.

4.2 Payment Processing and Order Fulfillment We transmit your transaction details (order history, subscription level, shipping address, and payment confirmation) to trusted third-party processors (Stripe, PayPal, Shopify Payments) and shipping carriers. We never store full payment card numbers ourselves.

4.3 Learning Personalization and Performance Optimization We analyze your course interactions (enrollment and completion dates, module engagement, quiz results, time spent per lesson) to recommend relevant content, unlock new materials, and inform the development of future course modules.

4.4 Communication and Support We process your contact details and interaction history (emails, support tickets, survey responses, community posts) in Kajabi (or other chosen vendors) so we can answer inquiries, provide technical guidance, send account notifications, and follow up on feedback.

4.5 Marketing and Promotional Activities With your explicit consent, we use your email address or other contact data to send newsletters, promotional offers, event invitations, and product updates. You can withdraw consent at any time by clicking “unsubscribe” or contacting us directly.

4.6 Compliance, Risk Management, and Security We use your data to enforce our Terms of Service, detect and prevent fraud or abuse, conduct risk assessments, comply with legal obligations (e.g., tax record-keeping, age verification), and respond to regulatory or law-enforcement requests.

4.7 Analytics and Quality Assurance We aggregate technical and usage data (e.g., page load times, click patterns, device metrics) through tools like Kajabi Analytics and Google Analytics to monitor system performance, diagnose issues, optimize user experience, and test new features.

 

5. How We Share Information

 

Drumfuzzled does not sell, rent, or trade your personal information for financial gain. We share data only as necessary to provide our Services, comply with the law, or with your explicit consent.

5.1 Trusted Service Providers We share personal data with third-party vendors under strict, contractual confidentiality and security obligations. These include our platform host (Kajabi), payment processors (e.g., Stripe, PayPal, Shopify Payments), email/marketing tools (e.g., Mailchimp, ConvertKit, Kajabi’s own system), analytics and tracking services (e.g., Google Analytics, Meta Pixel, Hotjar), and any shipping or fulfillment partners. Drumfuzzled does not host user data on its own servers; we access it solely within these trusted systems to deliver and improve our Services.

5.2 Legal and Regulatory Disclosures When required by law—such as in response to court orders, government or tax authority requests, or to enforce our Terms of Service—we may disclose the minimum amount of personal information necessary to meet those obligations.

5.3 Business Transfers If Drumfuzzled undergoes a merger, acquisition, financing, corporate reorganization, bankruptcy, or sale of assets, your personal data may be transferred to the successor entity. We will ensure any new owner abides by this Policy and notify you before any material change in how your data is treated.

5.4 Affiliates and Strategic Partners For specific programs, joint offerings, or co-branded courses, we may share limited details (for example, your name and email) with affiliates or partners strictly to deliver those services. All partners must honor privacy commitments at least as protective as this Policy.

5.5 Your Consent Except for the purposes described above, we will obtain your explicit consent before sharing your personal information with any other third parties or for any uses not set out in this Policy. You may withdraw consent at any time by contacting us.

 

6. International Data Transfers

 

Because Drumfuzzled relies on global service providers—including Kajabi (United States), Stripe (United States), PayPal (Global), Google Analytics (Global), and other cloud-based vendors—your personal data may be transferred to and processed in jurisdictions outside your country of residence. Those countries may not offer the same level of legal protection as your home jurisdiction. Whenever we transfer data across borders, we apply safeguards to ensure it remains protected in accordance with this Policy and applicable privacy laws.

6.1 Transfers from the EEA, UK and Switzerland If you reside in the European Economic Area, United Kingdom or Switzerland, we will transfer your data only to countries that the European Commission or UK government has declared “adequate.” Where no adequacy decision exists—such as transfers to the United States—we put in place appropriate safeguards, including the EU or UK Standard Contractual Clauses, supplemented by technical measures (for example, encryption), binding corporate rules, or equivalent contractual commitments.

6.2 Transfers from Other Jurisdictions For users in Canada, Brazil, Australia, Singapore and other regions, we comply with local cross-border requirements. Under Canada’s PIPEDA, we rely on contractual provisions to ensure a comparable level of protection. Under Brazil’s LGPD, we transfer data pursuant to adequacy decisions, approved standard contractual clauses or binding corporate rules. Under Singapore’s PDPA and Australia’s Privacy Act (including the Australian Privacy Principles), we take reasonable steps to ensure overseas recipients uphold protections equivalent to those required at home.

6.3 Your Consent and Acknowledgement By using our Services and providing personal information, you acknowledge and expressly consent to these international transfers and the safeguards we implement. If you would like more detail about the specific measures we have in place, please contact us as described in Section 14.

  

7. Your Rights

 

You have meaningful control over your personal data. The specific rights available to you depend on where you live and the laws that apply:

 7.1 Individuals in the EEA, UK & Switzerland Under the GDPR (Articles 15–22), you have the right to be informed about how we process your data and to obtain a copy of it; to request correction of any inaccuracies; to ask for erasure when the data is no longer necessary; to restrict or object to certain processing activities; to receive your data in a structured, machine-readable format; and to withdraw consent at any time if that is our processing basis.

 7.2 California Residents Under the CCPA/CPRA, you can request details about the categories and specific pieces of personal information we’ve collected, ask for deletion of your personal information (subject to legal exceptions), correct any inaccuracies, opt out of the sale or sharing of your data, limit the use of your sensitive personal information, and exercise these rights without fear of discrimination.

 7.3 Canadian Residents Under PIPEDA, you may access the personal information we hold about you, request corrections, withdraw consent at any time, and lodge a complaint with the Office of the Privacy Commissioner of Canada if you’re not satisfied with our response.

 7.4 Brazilian Residents Under the LGPD (Article 18), you have the right to confirm whether we process your data and to access it; to correct incomplete or outdated information; to request anonymization, blocking, or deletion of unnecessary or unlawfully processed data; to port your data to another service provider; to receive information about third-party data sharing; and to withdraw consent without penalty.

 7.5 Singaporean Residents Under the PDPA, you may require us to inform you of the purposes for which your data is collected, used, or disclosed; access and correct your personal data; withdraw consent (and be informed of any consequences); request data portability; and opt out of marketing messages at any time.

 7.6 Australian Residents Under the Privacy Act 1988 (Australian Privacy Principles), you have the right to know why we collect your personal information, how we use it, and to whom we disclose it; to access and correct your information; to request that we stop sending you direct marketing; and to make a complaint about our handling of your personal information.

To exercise any of these rights, please contact us as described in Section 14: Contact Information. We will verify your identity, respond within the legally required timeframes, and never charge you for submitting a request.

  

8. Cookies and Tracking Technologies

 

Drumfuzzled uses cookies and similar technologies to keep our Services running, understand how you engage with content, and—where you consent—personalize your experience. These tools are governed by global privacy rules (EU ePrivacy/GDPR, CCPA/CPRA, PIPEDA, LGPD, PDPA, Australia’s APPs).

 8.1 What They Are Cookies are small text files your browser stores at our request. Related technologies include tracking pixels (web beacons), HTML5 local storage, and device-fingerprinting scripts. Together, they help us recognize your device, secure your session, remember preferences, and collect aggregate usage data.

 8.2 Categories of Cookies Strictly necessary cookies enable core site functions (such as authentication, payment checkout, and session integrity) and do not require consent. Performance cookies gather anonymous data on site performance (for instance, page load times and error logs) to inform technical improvements. Functional cookies remember your choices (for example, language or interface settings) to streamline your experience. Marketing cookies—from Drumfuzzled or authorized partners—deliver relevant promotions, measure campaign effectiveness, and, where required, profile interests with your consent.

 8.3 Third-Party Tracking Technologies Some cookies and pixels originate from integrated providers, including Kajabi Analytics, Google Analytics, Meta Pixel, Hotjar, email-tracking pixels, and embedded media platforms (YouTube, Vimeo). Those third parties may collect data under their own privacy policies. We recommend reviewing their terms if you interact with their features.

 8.4 Your Choices and Controls Where required by law (for example, in the EU or Singapore) we present a consent banner on first visit, allowing you to accept all non-essential cookies, reject them, or customize by category. In California, you may opt out of any “sale” or sharing of personal information via our “Do Not Sell or Share My Personal Information” link. In Canada and Brazil, we rely on implied or explicit consent and let you withdraw it at any time. Under Australia’s APP 5, we notify you at or before collection and provide mechanisms to refuse non-essential cookies.

You can also manage cookies through your browser settings—blocking, deleting, or warning before storage—or use opt-out tools such as the Network Advertising Initiative or YourAdChoices. Please note that disabling cookies may degrade site functionality, disrupt course delivery, or limit certain features.

  

9. Security Practices

 

Drumfuzzled is committed to protecting the confidentiality, integrity, and availability of your personal data by implementing robust administrative, technical, and physical safeguards.

 9.1 Platform and Infrastructure Security All personal information is processed and stored within certified third-party environments—primarily Kajabi—which maintain industry-standard security controls such as SSL/TLS encryption in transit, AES-256 encryption at rest, network firewalls, intrusion detection systems, and continuous vulnerability scanning. Vendors are vetted for compliance with international frameworks and contractually bound to uphold equivalent data-protection obligations.

 9.2 Access Management and Internal Controls Access to user data is strictly limited to authorized personnel on a need-to-know basis. We enforce unique user accounts, strong password requirements, mandatory multi-factor authentication, and role-based permissions. All access attempts and administrative actions are logged, monitored, and reviewed regularly to detect and deter unauthorized activity.

 9.3 Encryption, Pseudonymization, and Data Integrity Where feasible, we apply pseudonymization techniques and encrypt sensitive data—such as authentication credentials and payment tokens—both at rest and in motion, in line with GDPR’s requirements for appropriate technical and organisational measures to safeguard personal data.

 9.4 Security Assessments and Audits We conduct scheduled security assessments, including automated scans and annual third-party penetration tests, to identify and remediate vulnerabilities. Periodic internal and external audits verify that our policies, controls, and incident-response procedures remain effective and compliant with evolving legal requirements.

 9.5 Incident Response and Breach Notification Drumfuzzled maintains a formal incident-response plan outlining roles, responsibilities, and escalation paths. In the unlikely event of a breach affecting your personal data, we will promptly contain the incident, assess its impact, and notify affected individuals and relevant authorities as mandated—such as under GDPR’s breach-notification timelines, CCPA/CPRA, PIPEDA, LGPD, PDPA, and Australia’s Privacy Act.

 9.6 Data Minimization and Retention We adhere to the principle of data minimization by collecting only what is necessary for the purposes described in this Policy. Personal information is retained solely for as long as required to fulfill service delivery, legal obligations, or legitimate business needs, after which it is securely deleted or irreversibly anonymized.

  

10. Data Retention 

 

Drumfuzzled LLC (“Drumfuzzled,” “we,” “us,” or “our”) retains personal information only as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and applicable law.

10.1 Educational & Account Data We keep your course enrollments, progress records and any user-generated content for the lifetime of your active Drumfuzzled account plus a reasonable grace period (typically up to 12 months) after you close or become inactive, so you can reactivate or get support.

10.2 Transaction & Payment Data We maintain purchase records, invoices and payment confirmations in line with statutory requirements—commonly up to seven (7) years for tax and audit purposes—then securely delete or irreversibly anonymize them.

10.3 Communications & Support Records Email threads, support-ticket histories, survey responses and community posts stay on file as long as needed to address your requests and improve our services, generally not exceeding three (3) years from the last interaction.

10.4 Marketing Preferences & Consent Logs If you opt in to marketing, we retain your contact details and consent records until you unsubscribe. We may keep anonymized logs of those consent transactions for two (2) additional years purely for compliance auditing, then purge them.

10.5 Data Deletion Requests You can request deletion of your personal data at any time. Once we verify your request, we’ll remove your information from our active systems and instruct third-party processors (e.g., Kajabi) to erase it—unless we’re legally obliged to retain certain records or need them to defend legal claims.

10.6 Secure Disposal & Anonymization When retention periods expire or you ask us to delete your data, we apply secure disposal methods or irreversible anonymization so that it cannot be re-identified.

 

11. Children's Privacy

 

Drumfuzzled is committed to protecting the personal data of children and complying with global regulations that govern children's privacy.

11.1 No Knowing Collection from Children Under 18
Our Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect or process personal data from anyone under this age without verifiable parental or legal guardian consent. Where applicable law sets a higher minimum age (e.g., GDPR Article 8), we comply with that threshold. We also do not knowingly market our Services to individuals under the age of 18.

 11.2 Parental Consent Requirements
If a parent or guardian wishes to authorize limited participation by a child under 18 (such as uploading media or attending a workshop), they must provide documented, verifiable consent in advance. This includes agreeing to our data handling practices and granting Drumfuzzled permission to process the child’s information solely for the specified purpose.

We do not allow independent account creation by minors, and we require that any personal information related to children is submitted and managed solely by a parent or guardian.

11.3 Data Removal for Minors
If we discover that we have inadvertently collected personal data from a child without proper consent, we will promptly take steps to delete that data from our systems and notify the parent or guardian where contact information is available.

Parents or legal guardians may request at any time that we:

•  Remove any personal information or media submitted by their child
•  Withdraw previously given consent
•  Obtain details about what personal data, if any, we have collected in connection with their child

Such requests can be submitted using the contact information in Section 14. We will honor these requests promptly, in accordance with applicable legal timelines.

11.4 Jurisdictional Compliance
We comply with all relevant children’s privacy regulations, including but not limited to:

•  United States (COPPA) – Verifiable parental consent is required before collecting personal data from children under 13.
•  EU/UK (GDPR/UK GDPR, Article 8) – Parental consent is required before processing data of users under the age of digital consent (13–16, depending on country).
•  Canada (PIPEDA), Brazil (LGPD), Singapore (PDPA), Australia (Privacy Act) – We adhere to age-related consent and data minimization standards for youth under local law.

  

12. Third-Party Services

 

Drumfuzzled may integrate or link to services that we do not control, including payment processors, video-hosting platforms, embedded social media content, analytics tools, and other educational or marketing partners. These third-party services operate under their own privacy policies and may collect or process personal data independently of Drumfuzzled. We recommend reviewing each provider’s privacy disclosures before using their features.

12.1 Kajabi and Core Platform Integrations Our entire site, course delivery, account management and communications infrastructure runs on Kajabi. While Drumfuzzled configures your experience and accesses data through Kajabi, the platform itself—and any subprocessors it employs—stores and processes your information under Kajabi’s privacy policy and security controls. We do not replicate or archive personal data outside of Kajabi’s environment.

 12.2 Embedded Content and External Links Where Drumfuzzled embeds videos, playlists or tutorials from YouTube, Vimeo, Spotify or similar platforms, those providers may collect usage data, set cookies or otherwise track your interaction. Any external link or embedded media you click brings you under the host’s own terms and privacy practices.

 12.3 Social Media and Affiliate Channels Drumfuzzled maintains profiles on channels like Instagram, Facebook and YouTube. If you engage with Drumfuzzled content on those platforms—liking, commenting or subscribing—you do so under their rules. Personal information you share there is governed by each platform’s policies.

 12.4 Liability and Your Choices Drumfuzzled is not responsible for how third parties handle your data once it leaves our Services. We carefully vet our providers and require contractual privacy and security commitments, but you remain in control. Always consult a third party’s privacy policy and contact them directly with any questions about their data practices. If you need help understanding a vendor’s terms, reach out to us via Section 14.

 

13. Data Subject Requests and Complaints

 

Drumfuzzled is committed to giving you clarity and control over your personal data. Depending on where you live, you may have rights to access, correct, delete, restrict, object to processing, port your data, or withdraw consent. We’ll honor your requests promptly, free of charge, and within the timeframes required by law.

 13.1 How to Submit a Request To exercise any of these rights, contact us using the information in Section 14. Please include enough detail to identify yourself and the data you’re asking about. We may request additional information to verify your identity before fulfilling your request.

 13.2 Regional Rights If you’re in the EEA, UK or Switzerland, the GDPR gives you rights to access, correct, erase, restrict processing, obtain portability, object to processing based on legitimate interests or marketing, and withdraw consent. California residents under CCPA/CPRA can ask what data we collect, request deletion or correction, opt out of sale or sharing, limit use of sensitive personal information, and must not face discrimination for exercising these rights. Canadians under PIPEDA have rights to access, correct and complain to the Office of the Privacy Commissioner of Canada. Brazilians under LGPD may confirm processing, access, correct, anonymize, block or delete data, port data, withdraw consent and complain to ANPD. Residents of other jurisdictions may have similar rights under local laws.

 13.3 Complaints If you have any concerns about how we handle your data, please reach out so we can resolve them directly. If you remain dissatisfied, you may lodge a complaint with your local data protection authority.

 

14. Contact Information

 

If you have questions about this Privacy Policy, wish to exercise your data rights, or need assistance with your personal information, you can reach us as follows:

Email: [email protected]

Mailing address: Drumfuzzled 8465 W. Sahara Ave., Suite 111 Unit #1415
Las Vegas, NV 89117

When contacting us to request access, correction, deletion, or portability of your data, please include your full name, the email address associated with your Drumfuzzled account, and a brief description of your request. This will help us verify your identity and respond securely and promptly.

 

 

15. Collection of Images, Video and Audio Recordings

 

Drumfuzzled may capture or collect photos, videos and audio recordings of community members during live events, webinars, workshops or other activities for use in promotional materials, community engagement efforts, internal documentation and educational highlights. These recordings may be made by Drumfuzzled staff or by participants themselves.

By attending or participating, you consent to the collection, use and distribution of your likeness, voice and performance in these contexts. If you prefer not to appear in any recordings, please notify us in writing at least 48 hours before the activity, and we will make reasonable efforts to exclude you.

 15.1 User-Submitted Media and Minors

Members are invited to upload their own photos, videos or audio clips to our online teaching community—subject to the following requirements:

Minors (under 18) must obtain verifiable, written consent from a parent or legal guardian before submitting any media.

Uploads must be original content you own or have licensed, and you must have secured all necessary rights and permissions for any third parties featured (including other minors).

By uploading, you grant Drumfuzzled a perpetual, worldwide, royalty-free license to use, modify, reproduce and display the media in any community, marketing, training or archival materials.

Drumfuzzled reserves the right to remove any submission that violates these rules or is deemed inappropriate.

Parents or guardians may request removal of any media submitted by a minor at any time by contacting us as described in Section 14. We will delete the content promptly and confirm its removal.

  

16. Policy Updates and Authority Contacts

 

Policy Updates: We may revise this Policy periodically. Material changes will be noted by date and notified via email or a banner on our website. Continued use after updates constitutes acceptance.

 

Supervisory Authorities: 

– European Economic Area / UK: You may lodge a complaint with your national Data Protection Authority or the UK Information Commissioner’s Office. 

– Switzerland: Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch). 

– Canada: Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca). 

– Brazil: National Data Protection Authority (ANPD) (https://www.gov.br/anpd). 

– Singapore: Personal Data Protection Commission (https://www.pdpc.gov.sg). 

– Australia: Office of the Australian Information Commissioner (https://www.oaic.gov.au). 

– California: California Attorney General’s Privacy Enforcement and Protection Unit (https://oag.ca.gov/privacy).

 

If you have questions about this Policy or your data, please reach out—your privacy matters to us.