Legal

Privacy Policy

Last updated: May 25, 2026

This Privacy Policy explains what data ashleybrasso.com (the “Site”) collects, how it’s used, who I share it with, and what rights you have. The Site is operated by Ashley Brasseaux (“I,” “me,” or “my”).

1. The short version

I keep this Site light on data collection on purpose:

I don’t run analytics, advertising pixels, tracking scripts, or social-media trackers on this Site.
I don’t sell, rent, or share your personal information with third parties for their marketing.
I collect personal data only when you actively give it to me — for example, by signing up for my email list or booking a discovery call.
I use third-party services (Kit, TidyCal, Substack) for some of this. Their own privacy practices apply to data they handle.

2. What I collect, and when

Email signup (the high-ticket launch plan and similar resources)

When you sign up to receive a free resource, the signup form is provided by Kit (formerly ConvertKit). Kit collects:

Your email address (and first name, if you provide it)
Technical metadata such as IP address, browser type, and timestamps
Engagement data such as opens and clicks on the emails I send you

Kit stores this on my behalf. I use it to send you the resource you requested, follow-up emails related to my work, and occasional broader updates. You can unsubscribe from any email I send using the unsubscribe link in the footer; that immediately stops future emails.

Booking a discovery call

Discovery call booking is handled by TidyCal. When you book a call, TidyCal collects:

Your name and email address
The date and time you select
Any notes or answers to intake questions you choose to provide

I use this to prepare for and hold the call. After our call, your contact details may be retained in my CRM for follow-up purposes related to the call.

Newsletter (Substack)

My Substack newsletter is hosted on Substack. If you click through to subscribe, Substack handles that signup directly under its own privacy policy. I receive your email address as a subscriber, and aggregated engagement data (opens, clicks). I don’t receive the broader profile data Substack may collect.

Direct email

If you email me directly (for example, at [email protected]), I receive whatever you choose to send — your email address, name (if signed), and message content. I use that to respond to you. Direct emails are stored in my inbox indefinitely unless you ask me to delete them.

Just visiting the Site

When you visit the Site without signing up for anything, very little is collected:

Cloudflare (my hosting / CDN provider) automatically logs basic technical request data — IP address, browser user agent, request timestamps — for security, performance, and abuse prevention. This is standard for any modern website.
Google Fonts serves the Site’s typefaces. Google receives your IP address as part of the font request. See Google’s privacy policy.
RSS2JSON is used client-side to pull the latest Substack post titles for display. No personal data of yours is sent to RSS2JSON.

3. Cookies

I don’t set first-party cookies myself. However, the third-party services described above may set cookies in your browser when you interact with them:

Kit may set cookies when you submit the signup form (for example, to remember that you already signed up).
TidyCal may set cookies during the booking flow.

You can clear cookies, block third-party cookies, or use private/incognito browsing through your browser’s standard controls without breaking the Site.

4. How I use the data

To send you what you asked for — the free resource, the call confirmation, the newsletter you signed up for.
To follow up with email content related to what you signed up for, and (for clients) related to our work.
To improve the Site and my offerings by understanding which content resonates — based on aggregated, not individually-identified, email engagement.
To comply with legal obligations if I’m ever required to retain or disclose information by law.

I do not use your data for automated profiling that produces legal or similarly significant effects.

5. Who I share data with

I share personal data only with:

Service providers I depend on to run the business — Kit (email), TidyCal (scheduling), Substack (newsletter), Cloudflare (hosting), and similar tools. These vendors process data on my behalf and are bound by their own privacy commitments.
Professional advisors (lawyers, accountants) on a need-to-know basis.
Legal authorities if compelled by valid legal process.

I do not sell or rent personal information. I do not share personal information with third parties for their own marketing.

6. How long I keep data

Email list subscribers: until you unsubscribe, then your record is suppressed (not deleted) so I don’t accidentally re-add you. You can request full deletion by emailing me.
Discovery call records: typically up to 24 months after our last contact, then deleted.
Direct emails: retained in my inbox indefinitely unless you ask me to delete them.
Server / hosting logs: retained per Cloudflare’s default policies (typically a short rolling window).

7. Your rights

Depending on where you live, you have some or all of the following rights regarding your personal data:

Access — a copy of the personal data I have about you
Correction — have inaccurate data fixed
Deletion (“right to be forgotten”) — ask me to delete your data, subject to legal exceptions
Portability — receive your data in a structured, commonly used format
Restriction — ask me to limit how I use your data
Objection — object to specific uses of your data
Withdraw consent — withdraw consent at any time where processing is consent-based
Complain — lodge a complaint with a supervisory authority where you live

To exercise any of these, email [email protected]. I respond within 30 days. I may ask for reasonable verification of your identity before acting on a request.

8. California residents (CCPA / CPRA)

If you’re a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA: the right to know what categories of personal information I’ve collected about you in the past 12 months, the right to delete that information, the right to correct inaccurate information, and the right to opt out of any “sale” or “sharing” of personal information.

I do not sell or share personal information as those terms are defined under the CCPA. I do not have a “Do Not Sell or Share My Personal Information” link because there is no such activity to opt out of.

9. EU/UK residents (GDPR)

If you’re in the EU, UK, or EEA, my legal bases for processing your personal data are:

Consent — when you sign up for the email list or book a call
Legitimate interests — for security, fraud prevention, and improving the Site, balanced against your rights
Legal obligation — when retention or disclosure is required by law

Data may be transferred outside the EU/UK to U.S.-based service providers (Kit, TidyCal, Substack, Cloudflare) under standard contractual clauses or equivalent safeguards.

10. Children

The Site is intended for adults running or scaling businesses. I don’t knowingly collect personal information from anyone under 16. If you believe a child has provided personal data through the Site, please email me and I’ll delete it.

11. Security

I take reasonable measures to protect your data — relying on reputable vendors (Cloudflare, Kit, TidyCal, Substack) that maintain modern security practices, and limiting access to personal data to what’s necessary for the work. That said, no online system is perfectly secure. If a data incident materially affects you, I’ll notify you in accordance with applicable law.

12. Changes to this Policy

I may update this Privacy Policy from time to time. When I do, I’ll change the “Last updated” date at the top of this page. Material changes will be reasonably communicated, for example via the email list or a notice on the Site.

13. Governing law and contact

This Privacy Policy is governed by the laws of the State of Utah, United States, without regard to its conflict-of-laws principles.

For any privacy-related question or request, email [email protected].