Effective Date: July 15, 2025

This Privacy Policy describes how Matthew Daniel (referred to as “we,” “us,” or “our”) collects, uses, and shares your personal data when you visit and use our website, https://matthew-daniel.com (the “Site”). We are committed to protecting your privacy and ensuring you understand how your information is handled. Our webhost location is in New York, USA.

Who we are

Our website address is https://matthew-daniel.com. Matthew Daniel operates this website. For privacy-specific concerns, you can contact us at https://matthew-daniel.com/contact.

What Personal Data We Collect and Why We Collect It

We collect various types of personal data from users and site visitors for different purposes, primarily to provide and improve our services, process transactions, and enhance your experience on our Site. The legal bases for our data collection and retention include your consent, the necessity for performing a contract (e.g., fulfilling orders), and our legitimate interests in running our business, provided these interests do not override your fundamental rights and freedoms.

Mailing Lists and Marketing Communications

This section outlines how we collect, use, and manage your personal data when you sign up for our mailing list or elect to receive marketing communications from us.

When you subscribe to our mailing list, we collect your email address. We may also collect your first name and last name if you provide them. This information is collected with your explicit consent, typically through a dedicated signup form on our website.

We use this data for the following purposes:

• To send you newsletters featuring our latest blog posts, articles, and updates.
• To send you promotional emails about our products, services, special offers, and discounts.
• To inform you about important announcements related to matthew-daniel.com.

We are committed to sending you only relevant communications.

Opting In and Consent: By subscribing to our mailing list, you are providing us with your express consent to receive these marketing communications. You can withdraw your consent at any time.

Unsubscribing from Our Mailing List: You can easily unsubscribe from our mailing list at any time by clicking the “unsubscribe” link provided at the bottom of every email we send you. Alternatively, you can contact us directly at customerservice@matthew-daniel.com to request removal from our mailing list. We will process your request promptly, typically within three business days.

Third-Party Email Services: We may use third-party email service providers to manage our mailing list and send emails on our behalf. These providers are MailPoet. Your data, including your email address, may be transferred to these third parties for processing solely for the purpose of delivering these communications. We ensure that any third-party providers we work with adhere to strict data protection and privacy standards.

Data Retention for Marketing: We will retain your personal data collected for marketing purposes for as long as you remain subscribed to our mailing list or until you withdraw your consent. Even after you unsubscribe, we may retain a minimal amount of your information on a “do not contact” list to ensure we honor your request and do not send you further marketing communications.

Comments

When visitors leave comments on the Site, we collect the data shown in the comments form, the visitor’s IP address, and browser user agent string. This data is collected to help with spam detection and to facilitate comment moderation.

• An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/.
• After approval of your comment, your profile picture is visible to the public in the context of your comment.

Legal Basis: Legitimate interest (spam prevention, community engagement).

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Legal Basis: Not directly collecting personal data; providing user guidance.

Contact Forms

We may use contact form plugins on our Site. When you submit a contact form, we collect the information you provide, such as your name, email address, and the content of your message.

• We retain contact form submissions for a certain period (e.g., six months) for customer service purposes, but we do not use the information submitted through them for marketing purposes unless explicitly consented to.

Legal Basis: Legitimate interest (customer service, responding to inquiries).

Cookies

Our Site uses cookies to enhance your experience and for various functionalities. Cookies are small data files stored on your device.

• If you leave a comment on our site, you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
• If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
• When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
• If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
• WooCommerce Cookies: When you use our shop, WooCommerce sets various cookies to enable shopping cart functionality, track product views, and manage your checkout process. These cookies may include:
  • woocommerce_cart_hash, woocommerce_items_in_cart: Helps WooCommerce know when cart data changes.
  • wp_woocommerce_session_: Contains a unique code for each customer to find cart data in the database.
  • woocommerce_recently_viewed: Stores recently viewed products.
  • These cookies are essential for the functioning of our online store.

Legal Basis: Consent (for optional cookies), legitimate interest (for strictly necessary functional cookies).

Embedded content from other websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

• These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. We recommend reviewing the privacy policies of any third-party websites whose content is embedded.

Legal Basis: Legitimate interest (providing rich content).

Analytics

We use both Google Analytics and Matomo Analytics to understand how visitors interact with our Site, which helps us improve its functionality and user experience.

• Google Analytics: This service collects data such as your IP address (anonymized), browser type, device information, pages visited, and time spent on pages. Google Analytics uses cookies to collect this data.
  • How Google uses information from sites or apps that use their services: You can find more information on how Google collects and processes data by visiting www.google.com/policies/privacy/partners/.
  • Opt-out: You can opt-out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout.
• Matomo Analytics: We self-host Matomo Analytics, giving us full control over the data collected. We have configured Matomo to anonymize IP addresses and to not collect User IDs by default, minimizing the collection of personal data. Matomo also uses cookies to collect data such as your IP address (anonymized), browser type, pages visited, and time spent on pages.
  • Opt-out: You can opt-out of Matomo Analytics tracking using the opt-out mechanism provided below: You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You are not opted out. Uncheck this box to opt-out. You are currently opted out. Check this box to opt-in.

The tracking opt-out feature requires cookies to be enabled.

Legal Basis: Legitimate interest (website improvement, understanding user behavior). We strive to anonymize data where possible to respect your privacy.

WooCommerce

As an e-commerce platform, WooCommerce collects data necessary for processing your orders and managing your account.

• When you make a purchase, we collect your name, billing address, shipping address, email address, phone number, and payment details (though payment details are primarily processed by Stripe, as detailed below). We collect information about the products you purchase.
• For registered users, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. We never store credit card information.
• We collect information about your shopping cart contents and Browse behavior related to products to provide a functional shopping experience.

Legal Basis: Performance of a contract (processing orders), legitimate interest (managing user accounts, improving shopping experience).

Stripe

We use Stripe for payment processing. When you make a purchase on our Site, your payment information is collected and processed directly by Stripe.

• Data collected by Stripe: This may include your name, billing address, shipping address, email address, payment method information (e.g., credit card number, bank account details), merchant and location details, and the amount and date of purchase.
• Stripe is a third-party payment processor, and your data is subject to their privacy policy. You can review Stripe’s Privacy Policy here: https://stripe.com/privacy. We do not store your full payment card details on our servers.
• We do not store your credit card information, but it may be stored with Stripe.

Legal Basis: Performance of a contract (processing payments).

WooCommerce Tax

WooCommerce Tax is used to calculate sales tax during the checkout process. This service requires access to certain order and location data.

• Data shared with WooCommerce Tax: This includes your billing and shipping address and order total to accurately calculate applicable taxes.

Legal Basis: Legal obligation (tax compliance), performance of a contract (providing accurate pricing).

Who we share your data with

We share your data with the following third-party providers for the purposes outlined below. We only share data necessary for them to perform their services and ensure they adhere to appropriate data protection standards.

Password Resets: If you request a password reset, your IP address will be included in the reset email.

Gravatar: For displaying profile pictures with comments (anonymized hash of email address).

Google Analytics: For website analytics and improvement (anonymized IP address, Browse data).

Matomo Analytics: For website analytics and improvement (anonymized IP address, Browse data – self-hosted).

Stripe: For payment processing (name, billing/shipping address, payment details).

WooCommerce Tax: For tax calculation (billing/shipping address, order total).

Spam Detection Service: Visitor comments may be checked through an automated spam detection service (IP address, browser user agent string, comment content).

We do not sell your personal data to any third parties.

How long we retain your data

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements.

Analytics Data (Google Analytics, Matomo): Data is retained according to the retention settings configured within each service (e.g., 26 months for Google Analytics, or shorter if configured in Matomo). We recommend regular deletion of old raw Matomo visitor data (e.g., after 3-6 months).

Comments: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

User Accounts: For users that register on our website (if any), we also store the personal information they provide in their user profile. This data is retained as long as the user account is active.

Contact Form Submissions: Retained for six months for customer service purposes.

Order Data (WooCommerce, Stripe, WooCommerce Tax): We retain order information for a period necessary to fulfill transactions, process refunds, and comply with tax and accounting regulations (e.g., typically 7-10 years as required by financial regulations).

What rights you have over your data

You have the following rights regarding your personal data:

• Right to Access: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
• Right to Rectification: You have the right to request that we correct any inaccurate personal data we hold about you.
• Right to Erasure (“Right to Be Forgotten”): You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
• Right to Restriction of Processing: You have the right to request that we limit the processing of your personal data under certain conditions.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to our processing of your personal data under certain circumstances, particularly for direct marketing purposes or when processing is based on our legitimate interests.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the contact information provided in the “Contact Information” section below. We will respond to your request in accordance with applicable data protection laws.

Where your data is sent

Our website and some of our third-party service providers may process your data outside the European Union.

Other Third Parties: We strive to ensure that all third-party service providers we use who may process data outside the EU have appropriate safeguards in place, such as Standard Contractual Clauses, Privacy Shield certification (if applicable), or other approved mechanisms to ensure your data is protected to European data protection standards.

Web Hosting: Our website is hosted in [mention your hosting location, e.g., the United States]. Data transferred outside the EU is safeguarded by [mention safeguards, e.g., standard contractual clauses, or specific certifications if applicable to your host].

Google Analytics: Data processed by Google Analytics may be stored in various Google data centers globally, including outside the EU. Google relies on mechanisms such as Standard Contractual Clauses to protect data transferred from the EU.

Stripe: As a global payment processor, Stripe may transfer and process data in various locations worldwide. Stripe adheres to legal frameworks such as the EU-U.S. Data Privacy Framework to ensure adequate protection of data transferred from the EU.

How We Protect Your Data

We implement various measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Measures:

• SSL/TLS Encryption: Our website uses Secure Socket Layer (SSL) or Transport Layer Security (TLS) encryption to secure data transmitted between your browser and our server (indicated by “https://” in your browser’s address bar).
• Firewalls and Security Plugins: We utilize firewalls and security plugins to protect against common web vulnerabilities.
• Regular Software Updates: We keep our WordPress installation, themes, and plugins updated to patch known security vulnerabilities.

Security Measures:

• Access Control: Access to personal data is restricted to authorized personnel who require it for legitimate business purposes.
• Strong Passwords: We enforce strong password policies for user accounts and administrative access.

Data Minimization: We only collect and retain personal data that is necessary for the stated purposes.

What Data Breach Procedures We Have in Place

In the unlikely event of a data breach, we have procedures in place to address it promptly:

• Internal Reporting System: Upon detection of a potential or actual data breach, an internal reporting system is activated to assess the scope and impact of the breach.
• Investigation: We will conduct a thorough investigation to identify the cause of the breach and the data affected.
• Notification: If required by applicable law (e.g., GDPR, CCPA), we will notify affected individuals and relevant supervisory authorities within the legally mandated timeframe.
• Remediation: We will take immediate steps to contain the breach, prevent further unauthorized access, and implement necessary security enhancements.

Additional Information

What Automated Decision Making and/or Profiling We Do with User Data

• We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you based solely on automated processing of your personal data.