Privacy Policy

Effective date: 28 March 2026

Introduction

This Privacy Policy explains how Podtastic ("Podtastic", "we", "us", or "our") collects, uses, shares, and safeguards personal data when you use our websites, applications, and services (the "Service"). It also describes your rights and choices.

If you do not agree with this Policy, do not use the Service. If you have questions, contact support@podtastic.app.

1. Who we are and how to contact us

Controller

• Podtastic is the controller of your personal data.

Contact

• support@podtastic.app

Applicable region

• This Policy is intended to satisfy obligations under the UK GDPR, EU GDPR, and comparable privacy laws including the California Consumer Privacy Act (as amended by the CPRA), Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Brazil LGPD, and Canada PIPEDA, as applicable.

2. What we collect

We collect information in three ways: (a) you provide it to us; (b) it is collected automatically; and (c) it is provided by third parties.

A. Information you provide

• Account information (e.g., name, display name, email address, password or password hash).
• Subscription and purchase information (plan tier, status, renewal/cancellation settings, billing country). Payment card data is handled by Apple (App Store) or Google (Play Store); we do not store payment card numbers.
• Preferences (e.g., Pod-telligence feature toggles, notification settings, cookie/consent settings).
• Support and communications (messages, feedback, bug reports, email content and metadata).
• Podcast subscription and episode metadata (podcast name, episode titles, playback progress).

B. Information collected automatically

• Usage data (feature interactions, pages/screens viewed, session timestamps, referring URLs).
• Device and technical data (IP address, device identifiers, OS, browser/app version, language, time zone).
• Diagnostic and performance data (crash logs, error reports, load times).
• Cookies and similar technologies (pixels, local storage) on our website for essential operations and analytics, as described below. Our mobile apps do not use cookies or advertising identifiers.
• On-device processing data: The app may process podcast audio on your device using AI models. Audio is not sent to our servers; only derived text data may be transmitted.
• AI-generated content: The Service generates AI content (e.g., summaries, topic markers) using third-party AI services, including Google Gemini. This content may contain inaccuracies.
• Podcast feed data: The app fetches podcast RSS feeds from hosting providers on your behalf.
• Push notification tokens: When you enable notifications, a device token is stored on our servers to deliver notifications about new episodes and service updates.

C. Information from third parties

• Payments: subscription status and billing events from Apple App Store and Google Play Store.
• Advertising and analytics partners (website only): pseudonymized identifiers and conversion data from Reddit, Google, and Meta. These tools are used on our website only and are not present in our mobile apps.
• Cloud and infrastructure providers: service metadata necessary to operate the Service.

3. How we use personal data (purposes)

• Provide, operate, and maintain the Service.
• Process subscriptions and payments, and prevent fraud.
• Personalize your experience and measure and improve product performance.
• Provide customer support and communicate about the Service.
• Send push notifications (with your opt-in consent).
• Security, abuse prevention, and to enforce our Terms.
• Legal compliance and recordkeeping.
• Generate AI-powered features to enhance your listening experience.
• Share anonymized content analysis between users to improve the Service. No personal data is shared between users.
• Advertising and measurement on our website to grow our business. Our mobile apps do not contain advertising SDKs, do not collect advertising identifiers (such as IDFA), and do not track users across apps or websites. We do not sell your personal information.

4. Our advertising and analytics practices

Mobile apps

• Our mobile apps (iOS and Android) do not contain advertising SDKs, do not collect advertising identifiers (such as IDFA or GAID), and do not track users across apps or websites owned by other companies. App analytics are first-party only, sent to our own servers using anonymous device-generated identifiers. Email addresses are used solely for account authentication and are never shared with advertising or analytics partners.

Website

• On our website, we use Reddit, Google, and Meta advertising and analytics tools (e.g., pixels, Conversion APIs) to measure and improve our marketing.

Data minimization

• Where feasible, we use pseudonymized or hashed identifiers and limit data to what is necessary for measurement and ad delivery.

Consent

• Where required (e.g., in the UK/EEA), we obtain your consent before placing or reading non-essential cookies or using identifiers for targeted advertising or analytics.

Opt-out

• You can opt out of targeted advertising and analytics using our in-product cookie/consent controls and by following the platform instructions below:
  • Google: https://adssettings.google.com and https://tools.google.com/dlpage/gaoptout
  • Meta: https://www.facebook.com/adpreferences/ad_settings and https://www.facebook.com/help/568137493302217
  • Reddit: https://www.reddit.com/personalization and https://www.redditinc.com/policies/privacy-policy

Global Privacy Control (GPC)

• We honor GPC signals as an opt-out of "sharing" for cross-context behavioral advertising where legally required.

5. Legal bases for processing (UK/EU)

• Performance of a contract: To provide and support the Service you request, including payments and customer support.
• Legitimate interests: To maintain and improve the Service, ensure security, prevent fraud, and promote the Service (including limited advertising and measurement), balanced against your rights and expectations.
• Consent: For non-essential cookies/SDKs, targeted advertising, push notifications for marketing purposes, and where required for marketing communications. You may withdraw consent at any time via settings or by contacting us.
• Legal obligations: To comply with accounting, tax, and regulatory requirements.

6. Sharing of personal data

• Service providers and processors that help us operate the Service (e.g., hosting, analytics, customer support).
• Apple and Google for subscription billing and app distribution.
• Third-party AI providers (including Google) for content analysis. Podcast content (not personal data) may be processed by these providers.
• Advertising and measurement partners solely to target and measure our own ads.
• Professional advisors, auditors, and insurers under confidentiality.
• Authorities or other parties when required by law.
• In connection with a corporate transaction, subject to appropriate safeguards.
• Anonymized content analysis may be shared between users to improve the Service. No personal data is shared between users.

We do not sell personal information.

7. International transfers

We may transfer personal data to countries outside the UK/EEA, including the United States, where our service providers or systems are located. When we do so, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or other legally approved mechanisms. Copies of relevant transfer safeguards are available on request where not subject to confidentiality.

8. Data retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods are:

• Account and subscription records: for the life of your account and up to 24 months after closure.
• Push notification tokens: for the life of your account; deleted on account closure or when you disable notifications.
• Communications and support records: up to 24 months after resolution.
• Analytics and advertising event data: up to 24 months, or shorter where you opt out or withdraw consent.
• Transaction records and invoices: at least 6 years to meet tax and accounting obligations (or longer as required by law). We may retain de-identified or aggregated data that does not identify you.

9. Your rights and choices

A. UK/EEA (GDPR)

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your personal data.
• Restriction: Ask us to limit processing of your data.
• Portability: Receive your data in a commonly used, machine-readable format and transmit it to another controller.
• Objection: Object to processing based on legitimate interests, including profiling and direct marketing. We will cease processing for direct marketing upon objection.
• Withdraw consent: Where processing is based on consent (e.g., non-essential cookies/ads, push notifications), you can withdraw at any time.

How to exercise

• Use in-product tools (e.g., account deletion and cookie controls) or email support@podtastic.app. We may need to verify your identity. You also have the right to lodge a complaint with your local data protection authority; in the UK, the ICO (ico.org.uk).

B. United States (CCPA/CPRA and similar laws)

• Right to know/access: Request the categories and specific pieces of personal information we have collected about you.
• Right to delete: Request deletion of personal information we collected from you.
• Right to correct: Request correction of inaccurate personal information.
• Right to portability: Receive certain information in a portable format.
• Right to opt out of "sale" or "sharing" for cross-context behavioral advertising: We do not sell your personal information, and we only "share" it for the limited purpose of targeting and measuring our own ads on Reddit, Google, and Meta. You can opt out via our cookie/consent controls or by emailing support@podtastic.app. We also honor GPC where required.
• Right to limit use/disclosure of sensitive personal information: We do not use or disclose sensitive personal information for purposes requiring a "Limit" link under the CPRA.
• Non-discrimination: We will not discriminate against you for exercising your rights.

How to exercise

• Use our in-product tools or email support@podtastic.app with sufficient information to verify your request. You may designate an authorized agent to submit a request on your behalf where permitted by law.

10. Cookies and similar technologies

On our website, we use cookies, pixels, and local storage to operate the Service, remember preferences, analyze usage, and target/measure ads on Reddit, Google, and Meta. Our mobile apps do not use cookies or tracking pixels. You can control cookies and tracking:

• In-product cookie banner/controls (where available).
• Browser settings and extensions, including blocking third-party cookies.
• Platform-specific opt-outs (see section 4). Note that blocking cookies may impact functionality.

11. Security

We implement technical and organizational measures designed to protect personal data, including encryption in transit, access controls, and monitoring. However, no system is 100% secure, and we cannot guarantee absolute security.

12. Children's privacy

The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it.

13. Automated decision-making, profiling, and AI processing

We do not engage in automated decision-making that produces legal or similarly significant effects. We use limited profiling for advertising and product analytics; you can opt out as described above.

AI Processing Notice

The Service uses AI to process podcast content and generate features such as summaries and topic markers. This processing applies to podcast content, not to your personal data or behavior, and does not produce decisions with legal or similarly significant effects on you. Contact support@podtastic.app with questions about our AI processing.

14. Your account deletion and data removal

You may delete your account at any time via in-product controls (where available) or by emailing support@podtastic.app. Account deletion is permanent and will remove your profile and associated personal data subject to legal retention requirements. You may request deletion of specific data as described in section 9.

15. Changes to this Policy

We may update this Policy from time to time to reflect operational or legal changes. If we make material changes, we will provide notice (e.g., by email or in-product). Continued use after the effective date constitutes acceptance of the updated Policy.

16. Additional disclosures

• Do Not Track: We respond to Global Privacy Control (GPC) signals as described above. We do not otherwise respond to browser "Do Not Track" signals.
• No sale: We do not sell personal information.
• No app tracking: Our mobile apps do not use IDFA, GAID, or any advertising identifiers. They do not track users across apps or websites owned by other companies. Email addresses are collected solely for account authentication.
• AI use: The Service uses AI to process podcast content and generate features. AI features process podcast content — not your personal data. We do not use your personal data to train AI models.

17. Contact

If you have questions about this Privacy Policy or our data practices, contact us at support@podtastic.app.

Last updated: 28 March 2026