Your Privacy,
Protected
We believe in transparency. Here's exactly how we handle your data — no legal jargon, just straight facts.
Last updated: February 11, 2026
What's Covered
Information We Collect
Account Info
Email and name for your account.
Your Content
Podcast topics and scripts — used only for generation.
Usage Analytics
How you use PodThis — helps us improve.
Payment Data
Handled by Stripe — we never see your card.
How We Use Your Data
- Provide and improve podcast generation services
- Account communication and support
- Process payments and manage subscriptions
- Ensure platform security and prevent fraud
AI & Automated Processing
PodThis uses artificial intelligence to generate podcast content. Here's how your data interacts with AI:
- Content Generation: Your topics and prompts are sent to Google Gemini API for script generation and text-to-speech synthesis. Google processes this data under their data processing terms.
- No AI Training: Your content is not used to train or fine-tune AI models. It is processed solely to generate your podcasts.
- Automated Decisions: We do not make automated decisions that produce legal or similarly significant effects on you. Content moderation may use automated tools, but human review is available on request.
- AI-Generated Labels: Audio generated by PodThis may include metadata indicating it was AI-generated, in compliance with the EU AI Act.
Data Security
256-bit Encryption
All data encrypted at rest and in transit.
Google Cloud Infrastructure
Enterprise-grade cloud with automatic backups.
Regular Security Audits
Ongoing security scans and vulnerability checks.
Limited Access Controls
Only essential team members can access data.
Data Retention
Account Data
Until deletion or 3 years inactive
Podcast Content
Until you delete or close account
Usage Analytics
Aggregated, 26 months
Payment Records
7 years (tax/regulatory)
Support Tickets
2 years
Server Logs
90 days
Third-Party Services
Firebase
Authentication and real-time database.
Stripe
Secure payment processing.
Google Cloud
AI voice synthesis and infrastructure.
Cloudflare
CDN and security protection.
International Transfers
PodThis operates on Google Cloud infrastructure. Your data may be transferred to and processed in countries outside your own, including the United States. We protect these transfers through:
Standard Contractual Clauses
EU-approved contracts with all providers processing data outside the EU/EEA.
Adequacy Decisions
Data transferred only to countries with EU-approved privacy standards where applicable.
Encryption in Transit
All data transfers are encrypted using TLS 1.3.
Data Processing Agreements
Binding agreements with Google Cloud, Stripe, Firebase, and Cloudflare.
Your Rights
GDPR Rights
- Right to Information: Know what data we collect and why.
- Access: Get a copy of all your data.
- Rectification: Correct inaccurate information.
- Erasure: "Right to be forgotten" — request deletion of your data.
- Restriction: Limit how we process your data.
- Portability: Export your data in a machine-readable format.
- Objection: Object to processing for marketing purposes.
- Human Review: No fully automated decisions with legal or significant effects.
California Privacy (CCPA/CPRA)
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to Delete: Request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out: We do not sell your personal information. We do not share it for cross-context behavioral advertising.
- Right to Correct: Request correction of inaccurate personal information.
- Non-Discrimination: We will not discriminate against you for exercising any of these rights.
How to Exercise Your Rights
Response time
Within 30 days (60 for complex requests)
Legal & Contact
Legal Basis for Processing
Contract Performance
PrimaryEssential for providing PodThis services.
Legitimate Interests
Service improvement and security.
Consent
Marketing and optional features.
Legal Obligation
Tax and regulatory compliance.
Data Protection Officer
Our DPO oversees GDPR compliance and data protection practices.
dpo@podthis.comSupervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we've processed your data in violation of GDPR. Contact your national data protection authority or the European Data Protection Board.
Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms:
- Affected users notified within 72 hours, as required by GDPR.
- Relevant supervisory authorities notified as required by applicable law.
- Notifications describe the nature of the breach, affected data, and measures taken.
- Guidance provided on steps you can take to protect yourself.
Questions About Privacy?
Our privacy team is here to help. We typically respond within 48 hours.
Start Creating
Your first episode is free. No credit card, no commitment.