# Privacy policy — Stream Visualizer (streamvisualizer.com)
Status: Template for Stream Visualizer / streamvisualizer.com. Not legal advice. Have a qualified professional review this for your jurisdiction (GDPR, CCPA, etc.) and your exact checkout setup.
Before publishing: Add a registered business / legal entity name if you operate as an LLC or corporation (replace the controller line below if needed).
—
## Who we are
Stream Visualizer at StreamVisualizer.com / streamvisualizer.com (“we”, “us”) operates this website and may offer the DistroKid Earnings Analytics WordPress plugin (the “Plugin”).
Contact: info@streamvisualizer.com
Controller / operator: StreamVisualizer.com
This policy explains what information is processed when someone uses pages that include the Plugin (for example the public earnings tool shortcode or block) and when they use other parts of the site (such as the WordPress dashboard or an online store).
—
## Summary (plain language)
This section compares the same topics across the public tool, wp-admin, and shop — in bullet form so it stays readable in any editor (no Markdown table syntax).
### Your DistroKid earnings file (CSV/TSV)
– Public tool (shortcode / block on the front of the site): Processed in the visitor’s browser. We do not require you to upload that file to our server for that tool.
– WordPress wp-admin (Plugin dashboard): If a site administrator uploads a file in wp-admin, it is stored on the server (see section 2).
– Shop (WooCommerce / payments), if you use it: Not collected by the analytics tool itself for checkout; see the shop section for order data.
### Parsed rows / charts / exports
– Public tool: Generated in the browser; not sent to our server as part of the default public tool design.
– WP-admin: Admin-side features may process the stored upload on the server.
– Shop: Not applicable.
### Demo / sample data
– Public tool: The page may load a bundled sample CSV from our site into the browser (like any static file). It is not your personal data.
– WP-admin / shop: Not applicable.
### Explore settings (filters, etc.)
– Public tool: May be saved in the browser’s sessionStorage on your device only (per browser tab/session).
– WP-admin / shop: Not applicable.
### Payments and orders
– Public tool: If you purchase access on this site, normal e-commerce data applies (email, order details, payment processors).
– WP-admin: Not applicable.
– Shop: Yes — see Online purchases (section 3).
Paid export access (when sold for the public tool): In addition to order data, we may store time-limited entitlement information and a cryptographic fingerprint (hash) of your selected earnings file on our servers — not the file’s contents. See §3.4.
—
## 1. Public earnings tool (front of website)
When you use the public tool (for example after choosing “Choose DistroKid earnings file” on a page that embeds the Plugin):
### 1.1 What we do not do (by design of the public tool)
– We do not ask you to upload your DistroKid earnings CSV/TSV to our server in order to view KPIs, charts, maps, or Explore in the browser.
– We do not store your earnings file or parsed earnings rows on our server for that browser-only flow.
– Export files (CSV, ZIP, PDF, PowerPoint, etc.) are generated in your browser on your device unless and until you save them yourself.
Paid export access (when this feature is enabled): To enforce how long paid downloads remain available and to tie certain offers (for example Standard → Pro upgrade) to a specific analysis without receiving your file, we may:
– Store entitlement tokens or use cookies (or similar) with an expiry time linked to your order; and/or
– Receive from your browser a cryptographic hash (for example SHA-256) computed from the raw bytes of the file you selected, and store that hash together with metadata such as order identifier, timestamps, and expiry.
We still do not store your full DistroKid export or parsed earnings rows on our server for this design. Full detail: §3.4.
Technical note: The page may load JavaScript libraries from third-party CDNs (for example chart or export libraries). Those providers may receive standard technical data (such as IP address, User-Agent) as part of loading scripts, under their policies.
### 1.2 What may happen on your device
– sessionStorage: The tool may store Explore-related UI state (for example filters or chart options) in your browser under the key `distrokid_ea_pub_explore_v1`. This stays on your device and is cleared when you close the tab/browser session (behavior may vary slightly by browser). You can clear it via your browser settings.
– Cookies / tokens: The public tool does not rely on analytics cookies for the core behavior described above. If you purchase paid export access, we may set cookies or issue signed tokens that carry entitlement and expiry so your browser can use paid downloads for a limited time without us storing your earnings file. §3.4 describes how this works together with optional file fingerprints (hashes).
### 1.3 Bundled demo / sample data
If enabled, the page may fetch a sample CSV from our website so you can try the tool without selecting your own file. That file is demo data, not your personal DistroKid export. The request is a normal HTTPS download to your browser.
### 1.4 “Clear” / new file
Using Clear (or choosing a new file) clears the in-page state; sessionStorage for Explore may also be cleared by the tool as implemented.
—
## 2. WordPress admin (wp-admin) — Plugin dashboard upload
If a logged-in administrator uses the Plugin’s WordPress dashboard features and uploads a DistroKid earnings CSV:
– The file may be saved on the server under a directory such as `wp-content/uploads/distrokid-earnings/` (or the equivalent uploads path configured by WordPress).
– Who can access it: Typically site administrators and anyone with sufficient file or database access to the hosting account.
– Purpose: To power admin-side analytics and features provided by the Plugin, not the same as the public browser-only flow above.
Site owner responsibility: Configure backups, access control, and retention (deleting old uploads) according to your security and legal obligations.
—
## 3. Online purchases (WooCommerce, Stripe, PayPal) — if offered
If Stream Visualizer / streamvisualizer.com sells download access, templates, tips, or other products:
### 3.1 What we collect and store (typical WooCommerce behavior)
– Order information in the WordPress / WooCommerce database, including at least billing email (for receipts and support), and commonly name and billing address depending on checkout settings.
– Payment is processed by payment providers (for example Stripe and/or PayPal). They process card or wallet payments and maintain their own records under their privacy policies.
### 3.2 What we do not use checkout for
– We do not use the checkout form to upload or store your DistroKid earnings CSV as part of the public browser analytics design. Purchase data is used for commerce and access (entitlements), not to ingest your earnings file.
### 3.3 Guest checkout and “restore access”
If you buy without creating a full account, we may still store an order tied to your email. To restore access on a new device, we may ask for order number + email or send a link in email — as described when that feature is available.
### 3.4 Paid export access — time-limited entitlement and file fingerprint (public tool)
When we sell download access for the public earnings tool (CSV, ZIP, Explore exports, PDF, PowerPoint, etc.), we use a design that keeps your earnings file and parsed rows off our servers while still allowing us to enforce access duration and fair upgrade rules (for example Standard → Pro only for the same registered analysis).
Default access period (as configured for Stream Visualizer): Paid export entitlement (including redownload / restore within that window) is time-limited. Unless a product page states otherwise, the default is 24 hours from when a valid entitlement token is issued or refreshed (for example after purchase confirmation or “restore access”). Standard → Pro upgrade eligibility is also bounded (by default 24 hours from Standard purchase for the registered file hash), as described in our Terms and checkout copy — adjust if we publish a different period.
What we may store on our servers (in addition to normal WooCommerce order data in §3.1):
– Entitlement and time limits: Data that proves your purchase is still valid for paid exports until a stated expiry — for example values inside an HttpOnly cookie, a signed token (JWT or similar), or server-side session records tied to your order. This can include order ID, product / capability flags, and expiration timestamps.
– File fingerprint (hash): Your browser may compute a one-way cryptographic hash (typically SHA-256) of the raw file you selected and send only that hash to us. We store the hash and related metadata (such as which order it is linked to, when it was registered, and when that registration expires). The hash is not human-readable earnings data and is not designed to be reversed to recover your file, but it uniquely identifies that exact file content for our enforcement logic.
What we do not store under this design: The contents of your DistroKid CSV/TSV, parsed rows, charts, or export blobs — those are produced in your browser unless you choose to save them locally.
Why we process this: To run time-limited access after purchase, to offer restore access flows tied to your order, and to ensure upgrade pricing applies only where our Terms and product pages say it does (for example the same registered analysis).
Retention: We keep hashes and entitlement records only as long as needed for these purposes — typically until the access period ends, plus a short operational window if required for fraud prevention or accounting. Exact retention should match your site configuration; you may ask us to delete non-statutory records where applicable law allows — contact info@streamvisualizer.com.
> Legal note: Depending on your jurisdiction, a hash plus order linkage may still be treated as personal data because it relates to an identifiable person’s use of the service; this section is intended to describe what we hold, not to replace legal advice.
—
## 4. Server logs, hosting, and security
Like most websites, hosting providers and security tools may log IP addresses, timestamps, URLs, and similar technical metadata for security and operations. Retention depends on the host and your configuration.
—
## 5. Legal bases and rights (if applicable)
Depending on your location, you may have rights to access, correct, delete, or object to certain processing of personal data, and to lodge a complaint with a supervisory authority. To exercise rights, contact info@streamvisualizer.com. We will respond as required by applicable law.
—
## 6. Children’s privacy
The Plugin and site are not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.
—
## 7. Changes
We may update this policy when we change the Plugin, add or change paid entitlements (including time-limited access or file fingerprint handling), or change hosting or payment providers. The “Last updated” date at the bottom will change when we do.
—
## 8. Third-party services (reference)
You should link to the current policies of providers you actually use, for example:
– WooCommerce — [Automattic / WooCommerce privacy documentation](https://woocommerce.com/document/privacy-policy/)
– Stripe — [https://stripe.com/privacy](https://stripe.com/privacy)
– PayPal — [https://www.paypal.com/privacy](https://www.paypal.com/privacy)
– WordPress — your host and core privacy documentation as applicable
Public tool — third-party script hosts (from plugin enqueue): The browser may load JavaScript from jsDelivr ([https://www.jsdelivr.com/](https://www.jsdelivr.com/)) and Plotly ([https://plotly.com/](https://plotly.com/)) when you use pages that embed the public analytics tool. Typical script URLs (versions match [`includes/class-public.php`](../distrokid-earnings-analytics/includes/class-public.php) as shipped):
| Library | URL |
|——–|—–|
| Papa Parse | `https://cdn.jsdelivr.net/npm/papaparse@5.4.1/papaparse.min.js` |
| Chart.js | `https://cdn.jsdelivr.net/npm/chart.js@4.4.1/dist/chart.umd.min.js` |
| chartjs-chart-treemap | `https://cdn.jsdelivr.net/npm/chartjs-chart-treemap@2.3.1/dist/chartjs-chart-treemap.min.js` |
| Plotly | `https://cdn.plot.ly/plotly-2.35.2.min.js` |
| JSZip | `https://cdn.jsdelivr.net/npm/jszip@3.10.1/dist/jszip.min.js` |
| PptxGenJS | `https://cdn.jsdelivr.net/npm/pptxgenjs@3.12.0/dist/pptxgen.min.js` |
| jsPDF | `https://cdn.jsdelivr.net/npm/jspdf@2.5.1/dist/jspdf.umd.min.js` |
| jsPDF AutoTable | `https://cdn.jsdelivr.net/npm/jspdf-autotable@3.8.2/dist/jspdf.plugin.autotable.min.js` |
Site CSS and the main public-app.js bundle are served from your WordPress site (same origin), not from these CDNs.
—
Last updated: March 22, 2026