Privacy Policy

We collect information in several ways depending on how you interact with our Service.

1.1 Information You Provide Directly

• Account Information: When you register for an account, we collect your name, email address, and password.
• Billing Information: When you subscribe to a paid plan, payment information (credit card number, billing address) is collected and processed by our payment processor, Stripe. We do not store your full payment card details on our servers.
• Podcast Content: RSS feed URLs, episode metadata, show notes, images, blog posts, custom pages, and other content you upload or import.
• Guest and Contact Information: If you use our guest management features, you may provide guest names, email addresses, phone numbers, bios, social media links, and signed release forms.
• Contact Forms and Voicemails: Messages submitted through website contact forms (including sender name, email, and message content) and voicemail recordings left by listeners.
• Social Media Credentials: If you connect social media accounts (Facebook, Twitter/X, LinkedIn, Instagram) for auto-posting, we store OAuth access tokens, refresh tokens, and basic profile information necessary to post on your behalf.
• Survey Responses: If you use our listener survey feature, responses may include respondent names, email addresses, and answers to survey questions.

1.2 Information Collected from Your Listeners and Visitors

Podpage collects certain information from visitors to podcast websites hosted on our platform:

• Subscriber Information: Email addresses and first names submitted through email signup forms on your podcast website.
• Email Engagement Data: Whether subscriber emails were opened, clicked, bounced, or reported as spam (tracked via our email delivery provider).
• Contact Form Submissions: Name, email, and message content submitted by visitors through your website's contact form.
• Survey Responses: Name, email (if provided), IP address, and answers submitted through listener surveys.

1.3 Information Collected Automatically

• Log and Usage Data: IP address (hashed for analytics purposes), browser type and version, operating system, referring URLs, pages visited, timestamps, and session identifiers.
• Cookies and Similar Technologies: We use cookies, local storage, and similar technologies as described in Section 5 below.
• Analytics Data: We use Google Analytics and internal analytics to collect aggregate usage statistics, including page views, traffic sources, UTM parameters, and user agent information.

1.4 Information from Third Parties

• Podcast Directory Data: We may import publicly available information from podcast directories (e.g., Apple Podcasts reviews, RSS feed data).
• Payment Processor: Stripe may provide us with limited transaction information such as subscription status and customer identifiers.
• Email Delivery Webhooks: Our email delivery provider (SendGrid) sends us event notifications about email delivery, opens, clicks, bounces, and spam reports.

We use the information we collect for the following purposes:

• To provide and maintain the Service: Creating and managing your account, hosting your podcast website, syncing episodes, and delivering features you have enabled.
• To process payments: Managing subscriptions, processing billing through Stripe, and sending payment-related communications.
• To communicate with you: Sending service-related emails, responding to support requests, and notifying you of product updates or changes.
• To improve the Service: Analyzing usage patterns, diagnosing technical issues, and developing new features.
• To deliver subscriber emails: Sending emails on your behalf to listeners who subscribe through your podcast website.
• To facilitate integrations: Connecting your podcast website with third-party services you have chosen to enable (e.g., social media auto-posting, Zapier webhooks, email marketing platforms).
• To ensure security and prevent fraud: Detecting spam, protecting against unauthorized access, and maintaining the integrity of the Service.
• To comply with legal obligations: Responding to legal requests and fulfilling our regulatory obligations.

We do not sell your personal information. We share your information only in the following circumstances:

3.1 Service Providers (Sub-Processors)

We use trusted third-party service providers to help us operate the Service. These providers process data on our behalf and are contractually obligated to protect your information:

• Stripe: Payment processing and subscription management.
• SendGrid: Email delivery for subscriber notifications and transactional emails.
• Loops: Marketing email communications to Podpage account holders.
• Cloudflare: Content delivery, image processing, and DDoS protection.
• Heroku / AWS: Cloud hosting and infrastructure.
• Google Analytics: Website analytics (with IP anonymization where GDPR consent tools are enabled).
• Intercom: Customer support and in-app messaging.

3.2 Integrations You Enable

If you connect third-party integrations through your Podpage dashboard, data may be shared with those services as you have configured:

• Social media platforms (Facebook, Twitter/X, LinkedIn, Instagram) for auto-posting.
• Email marketing platforms (Mailchimp, ConvertKit, AWeber, MailerLite, ActiveCampaign, Constant Contact) for subscriber synchronization.
• Zapier for workflow automation (episode, blog post, review, guest, and subscriber events).
• Tracking pixels (Facebook Pixel, Twitter Universal Tag, LinkedIn Insight Tag, Reddit Pixel, Google AdSense) that you choose to install on your podcast website.

3.3 Business Transfers

If Podpage is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.

3.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency request).

3.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Under data protection laws such as the GDPR:

• Podpage as Data Controller: Podpage is the data controller for the personal information of its account holders (podcast owners). We determine the purposes and means of processing your account data, billing information, and usage data.
• Podpage as Data Processor: When podcast owners collect subscriber emails, contact form submissions, survey responses, and other listener data through their Podpage-hosted websites, the podcast owner is the data controller and Podpage acts as the data processor. Podcast owners are responsible for obtaining appropriate consent from their listeners and complying with applicable data protection laws for data they collect through their websites.

5.1 Cookies We Use

We use the following categories of cookies:

• Strictly Necessary Cookies: Session cookies (sessionid), CSRF protection tokens (csrftoken), and cookie consent preferences (podpage_gdpr_consent). These are essential for the Service to function and cannot be disabled.
• Analytics Cookies: Google Analytics cookies to understand how visitors use podcast websites. These cookies collect aggregate, anonymized data.
• Marketing Cookies: If a podcast owner has enabled tracking pixels (Facebook, Twitter/X, LinkedIn, Reddit), those services may set cookies on the podcast website for advertising purposes.

5.2 Cookie Consent

Podpage provides a built-in GDPR-compliant cookie consent banner on all podcast websites. When enabled, non-essential cookies (analytics and marketing) are blocked until the visitor provides explicit consent. Visitors can manage their cookie preferences at any time through the "Cookie Preferences" link in the website footer.

5.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, blocking essential cookies may impair the functionality of the Service.

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained for the duration of your account and deleted within 30 days of account deletion, except where we are required to retain it for legal, tax, or audit purposes.
• Subscriber and Listener Data: Retained for as long as the podcast owner's account is active. Podcast owners may export or delete subscriber data at any time through the dashboard.
• Billing Records: Retained for up to 7 years after the end of the billing relationship, as required by tax and accounting regulations.
• Analytics Data: Aggregate analytics data is retained indefinitely. Individual-level analytics data (hashed IPs, session identifiers) is retained for up to 26 months.
• Email Engagement Data: Retained for as long as the associated subscriber record exists.
• Contact Form Submissions and Voicemails: Retained for as long as the podcast owner's account is active, unless deleted earlier by the podcast owner.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent local laws:

• Right of Access: You have the right to request a copy of the personal information we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information.
• Right to Erasure: You have the right to request deletion of your personal information, subject to certain legal exceptions.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your personal information for direct marketing or where processing is based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

Legal Bases for Processing

We process personal information on the following legal bases:

• Contractual Necessity: Processing necessary to provide the Service under our Terms of Use (e.g., account management, website hosting, email delivery).
• Consent: Processing based on your explicit consent (e.g., marketing emails, cookie consent for analytics and advertising).
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, where those interests are not overridden by your rights.
• Legal Obligation: Processing necessary to comply with applicable laws and regulations.

International Data Transfers

Podpage is based in the United States. If you are accessing the Service from the EEA, UK, or Switzerland, your personal information will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and other lawful transfer mechanisms to ensure adequate protection of your data.

To exercise any of your rights, please contact us at [email protected]. We will respond to your request within 30 days.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share your information.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: Podpage does not sell your personal information and does not share your personal information for cross-context behavioral advertising purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, IP address (hashed), account username.
• Commercial Information: Subscription plan, payment history, transaction records.
• Internet Activity: Browsing history on the Service, search history, interactions with the Service.
• Professional Information: Podcast name, podcast content, guest information.
• Audio and Visual Information: Voicemail recordings, podcast artwork and images.

To exercise your California privacy rights, please contact us at [email protected]. We will verify your identity before processing your request.

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Secure password hashing.
• Access controls limiting employee access to personal information.
• Regular security assessments.
• CSRF protection and secure session management.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at [email protected].

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party websites you visit.

We may send you service-related emails (e.g., account verification, billing notices, security alerts). These are transactional and cannot be opted out of while you maintain an account. We may also send you product updates and marketing communications, which you can opt out of at any time by following the unsubscribe link in the email or by contacting us at [email protected].

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on the Service and updating the "Effective Date" below. For material changes, we will also notify you by email at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Podpage, Inc.
Email: [email protected]

For GDPR-related inquiries, EU/UK residents may also contact us at the email above.

Effective Date: February 23, 2026