Last updated: June 26, 2026
This policy applies to monsterDSP websites, online store, user accounts, and audio plugin licensing services.
At monsterDSP, we respect your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what choices you have when you visit our website, create an account, purchase plugins, download installers, or activate licenses.
By using our services, you acknowledge this policy. Where we rely on consent (for example, analytics or marketing cookies), you can withdraw that consent at any time without affecting purchases or core product functionality.
For the purposes of the EU General Data Protection Regulation (GDPR) and Brazil's Lei Geral de Proteção de Dados (LGPD), the data controller is:
Diogo Guedes Audio Profissional
Trade name: monsterDSP
CNPJ: 23.731.502/0001-98
São Paulo, SP, Brazil
Privacy / data protection: privacy@monsterdsp.com
General inquiries: info@monsterdsp.com
Encarregado de Dados (Data Protection Officer): For LGPD and GDPR requests, contact privacy@monsterdsp.com. As a small audio software business, we handle data protection inquiries directly through this channel.
We collect only what we need to run the store, deliver licenses, prevent fraud, and improve our products. Like other professional audio plugin companies, some technical identifiers are required for license activation and trial management.
We describe data by category and purpose, not by internal database or system names. This is the standard approach under GDPR and LGPD and matches how peer audio software companies publish their policies.
When you buy plugins, we collect:
To deliver downloads, enforce license terms, and manage trials (similar to industry-standard plugin authorization), we collect:
This data is used for license compliance, fraud prevention, and support — not to track your audio projects or DAW session content.
We do not sell your personal information to data brokers. We may share data with service providers and advertising partners as described below, which may constitute "sharing" under some U.S. state privacy laws when used for cross-context behavioral advertising.
Depending on your location, we rely on the following legal bases:
Processing necessary to fulfill purchases, deliver licenses, manage activations, and provide support.
Retaining tax and transaction records, processing CPF/CNPJ for Brazilian invoicing, and responding to lawful requests. Under LGPD, CPF/CNPJ may be treated as sensitive personal data; we process it based on legal/regulatory obligation and, where applicable, your consent at checkout. Confirm Art. 11 requirements with qualified counsel.
You may object to processing based on legitimate interests by contacting privacy@monsterdsp.com.
You may withdraw consent at any time via Cookie Settings in the site footer or by unsubscribing from emails.
One legal basis per activity (GDPR Art. 6 / LGPD Art. 7). This summary avoids listing internal systems.
| Activity | Legal basis |
|---|---|
| Account, orders, licenses, activations | Contract |
| CPF/CNPJ, invoices, tax records | Legal obligation |
| Fraud prevention, security logs, license enforcement | Legitimate interests |
| Google Analytics | Consent |
| Meta Pixel and Conversions API | Consent |
| Marketing emails, beta opt-in, waitlists | Consent |
| Transactional email (receipts, licenses, security) | Contract |
We keep personal data only as long as needed for the purposes above:
When retention periods end, we delete or anonymize data. Backup copies may persist for up to 90 additional days before being overwritten.
We use trusted third parties to operate our business. Our primary database is hosted by Supabase in São Paulo, Brazil (AWS sa-east-1). Even though core account and license data is stored in Brazil, some processing still occurs internationally — for example payment data with Stripe (US), analytics with Google (US), advertising with Meta (US), website delivery via Vercel and Cloudflare, and plugin downloads from Cloudflare R2.
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, backend | Brazil (sa-east-1) |
| Stripe | Payment processing, billing, tax ID and address storage | United States / global |
| Vercel | Website hosting and deployment | United States / global edge |
| Cloudflare R2 | Plugin installer file storage and delivery | Global |
| Google Analytics 4 | Website analytics (with consent) | United States |
| Meta (Pixel + Conversions API) | Advertising measurement and optimization (with consent) | United States |
| Supabase Auth / email | Transactional emails (account verification, password reset) | Varies by configuration |
| NFS-e provider (when enabled) | Brazilian electronic invoicing (name, email, tax ID, address) | Brazil |
Privacy policies: Stripe, Supabase, Vercel, Cloudflare, Google, Meta.
Where personal data is transferred outside Brazil or the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and, where applicable, provider participation in recognized transfer frameworks (for example, the EU-U.S. Data Privacy Framework).
We may disclose personal data when:
Payment card data is handled solely by Stripe under PCI-DSS standards. We never receive or store your full card number.
We use cookies and similar technologies on our website. Plugin software installed in your DAW does not use advertising cookies.
When you complete a purchase and have accepted marketing cookies, we may send server-side Purchase events to Meta's Conversions API. This includes:
Your marketing consent at checkout is recorded and server-side events are not sent if you rejected marketing cookies. See Meta's Privacy Policy.
On your first visit, a cookie banner lets you accept all, reject non-essential, or customize preferences. Your choices are stored in browser localStorage under the key cookie-consent (fields: necessary, analytics, marketing, timestamp).
Use Cookie Settings or Do Not Sell or Share My Personal Information in the site footer to change preferences at any time. You can also email privacy@monsterdsp.com.
Depending on where you live, you may have the following rights:
Email privacy@monsterdsp.com with subject line "Data Protection Rights Request" and include your name, account email, and the right you wish to exercise.
Data portability: On request, we provide a structured export (typically JSON or CSV) of your account profile, order history, and active licenses tied to your email.
In Brazil, contact the ANPD. In the EU/EEA, contact your local authority via the EDPB.
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA provides additional rights.
We use these categories to operate our store, deliver licenses, provide support, comply with tax law, prevent fraud, and — with consent — measure advertising. Categories may be shared with Stripe, Supabase, Vercel, Cloudflare, Google, Meta, and NFS-e providers as described in Section 7.
We do not sell personal information for money. We may share identifiers and commercial information with Meta and Google for cross-context behavioral advertising and conversion measurement when you consent to marketing/analytics cookies, and via Meta Conversions API on purchase when marketing consent was granted.
Click Do Not Sell or Share My Personal Information in the site footer, use Cookie Settings to disable marketing cookies, or email privacy@monsterdsp.com. If your browser sends a Global Privacy Control (GPC) signal, we honor it for browser-based tracking where technically feasible.
We respond to verifiable California requests within 45 days (with a possible 45-day extension and notice).
We use encryption in transit (HTTPS), access controls, and secure payment processing through Stripe. If a breach is likely to result in high risk to your rights, we will notify affected users and relevant authorities as required by law.
Our services are not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. Contact us to request deletion if you believe a child provided us data.
We may update this policy when our practices or legal requirements change. We will post the revised version on this page and update the "Last updated" date above.
Diogo Guedes Audio Profissional (monsterDSP)
CNPJ: 23.731.502/0001-98
São Paulo, SP, Brazil
Privacy: privacy@monsterdsp.com
General: info@monsterdsp.com
Contact form
This Privacy Policy is provided for informational purposes. It is not legal advice. Consult a qualified attorney for guidance specific to your situation.
© 2026 monsterDSP. All rights reserved.