Privacy & Cookie Policy

Last Updated: October 22, 2025

1. Introduction

Podmod LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy & Cookie Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered podcast production assistant service (the "Service").

By using Podmod.ai, you acknowledge that you have read, understood, and agreed to this Privacy & Cookie Policy.

Data Controller: Podmod LLC, 249 East 48th St., New York, NY 10017, United States, acts as the data controller for personal information collected through the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, password, billing information.
User Content: Podcast audio streams and recordings, transcripts, topics, metadata, and manually uploaded or input content.
Payment Information: Credit card details and billing address (processed securely through third-party processors).
Communications: Messages you send to our support team.

2.2 Automatically Collected Information

Usage Data: Features used, time spent, interactions, content accessed.
Device Information: IP address, browser type, OS, device identifiers, microphone permissions.
Cookies and Tracking: We use cookies and similar technologies (see Section 10).
Log Data: Server logs, performance data, API calls, and error reports.

2.3 AI Processing Data and Biometric Information

Our AI systems analyze your audio content in real-time to:

Detect speakers and conversations.
Identify keywords and topics.
Provide contextually relevant content cards.
Perform fact-checking and content sourcing.

Important Notice About Biometric Data: Voice recordings collected through the Service may constitute biometric information under applicable privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), as voice recordings can be used to extract voiceprints that uniquely identify individuals. This biometric data is classified as sensitive personal information.

We may also collect Processing Metadata (e.g., source URLs and AI-generated responses) and Content Sourcing Data from external sources used during sessions.

Multi-Party Recording Notice: When using the Service to record conversations involving multiple participants, you are responsible for obtaining all necessary consents from all parties being recorded in accordance with applicable federal, state, and international recording consent laws. Podmod is not responsible for violations of two-party or multi-party consent requirements.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:

Contract Performance: Processing necessary to provide the Service you requested.
Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications, optional features).
Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, network security, and service improvement, provided these interests do not override your fundamental rights.
Legal Obligation: Processing required to comply with applicable laws and regulations.

You have the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal.

4. How We Use Your Information

We use your information to:

Provide and improve real-time podcast production services.
Transcribe and analyze your content with AI.
Process payments and manage your account.
Respond to inquiries and support requests.
Send updates, alerts, and administrative messages.
Prevent fraud and enhance security.
Conduct analytics and improve functionality.
Comply with legal obligations.
Send marketing messages (only with your consent, which can be withdrawn at any time).

5. AI and Machine Learning

5.1 Real-Time Processing

Audio is processed live for transcription and analysis.

5.2 Model Training

Your data is not used for AI training unless you explicitly opt in through your account settings.

5.3 Data Retention

Temporary processing data is deleted within 24 hours; session data persists as long as your account remains active or as specified in Section 7.

5.4 Quality Improvement

Aggregated, anonymized data may be used for improvement.

5.5 Third-Party AI Services

We use secure, contractually bound third-party AI and transcription service providers, including cloud-based AI APIs for natural language processing, speech-to-text conversion, and content analysis. These providers process data solely on our instructions under written Data Processing Agreements that comply with GDPR Article 28 requirements.

5.6 Automated Decision-Making

We do not use your personal data for automated decision-making that produces legal effects or similarly significantly affects you. Our AI features provide suggestions and content recommendations, but all final decisions regarding content use remain under your control. You have the right to request human review of any AI-generated outputs.

6. How We Share Your Information

We do not sell personal information. Sharing occurs only:

With Service Providers
For Business Transfers
For Legal Reasons
With Consent

6.1 Service Providers and Data Processors

We share data with third-party vendors who perform services on our behalf under written Data Processing Agreements:

Cloud hosting providers (AWS, Google Cloud, Microsoft Azure)
AI and transcription service providers
Content sourcing and search API providers
Payment processors (Stripe, PayPal, etc.)
Email service providers
Analytics providers (Google Analytics, subject to your cookie preferences)
Customer support tools

All service providers are contractually obligated to implement appropriate security measures and process data only according to our instructions.

6.2 Business Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, your information may be transferred as part of such transaction. You will be notified via email and/or a prominent notice on our website of any such change in ownership or control of your personal information, and you will be given the opportunity to delete your account before the transfer if you do not consent.

6.3 Legal Requirements

We may disclose information if required by law or in response to valid legal processes, including:

Court orders or subpoenas
Legal requests from government authorities
Protection of our rights, property, or safety, or that of users or the public
Emergency situations involving danger to persons

6.4 With Your Consent

We may share information with third parties when you give us explicit consent to do so.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Account Data: Retained while your account is active and for up to 3 years after account closure for legal compliance, dispute resolution, and fraud prevention purposes.
User Content: Retained while your account is active. Upon account deletion request, user content is deleted within 30 days, except where retention is required by law.
Temporary Processing Data: Deleted within 24 hours post-session.
Backups: May persist in backup systems for up to 90 days after deletion, after which they are permanently erased.
Marketing Data: If you opt out of marketing communications, your contact information is retained on a suppression list to honor your opt-out preference.
Legal and Compliance Records: Retained as required by applicable law, typically 7 years for financial records.

You may request deletion of your data at any time by contacting us at
[email protected]
subject to our legal obligations to retain certain information.

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

GDPR Compliance (EEA/UK/Switzerland Users): Notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

CCPA/CPRA Compliance (California Residents): Comply with California Civil Code Section 1798.82 breach notification requirements.

All Users: In the event of a breach involving unauthorized access to your personal information, we will notify you via email at the address associated with your account and/or through a prominent notice on our website. The notification will include:

The nature of the breach
The types of information involved
Steps we are taking to address the breach
Recommended actions you can take to protect yourself
Contact information for further inquiries

We maintain detailed records of all data breaches, regardless of whether notification is required, in accordance with GDPR Article 33(5).

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

9.1 General Rights (All Jurisdictions)

Right to Access: Request copies of your personal data.
Right to Rectification: Request correction of inaccurate data.
Right to Deletion: Request deletion of your personal data (subject to legal retention requirements).
Right to Data Portability: Request your data in a structured, commonly used, machine-readable format (JSON or CSV).
Right to Withdraw Consent: Withdraw previously given consent at any time.
Right to Object: Object to processing of your personal data based on legitimate interests.
Right to Restrict Processing: Request limitation of processing in certain circumstances.
Right to Lodge a Complaint: File a complaint with your local data protection authority.
Right to Non-Discrimination: Exercise privacy rights without discrimination in service or price.

9.2 California Rights (CCPA/CPRA)

California residents have additional rights including:

Right to know what categories of personal information we collect and how it is used
Right to know what categories of sensitive personal information we collect
Right to opt out of sale or sharing of personal information (we do not sell data)
Right to limit use and disclosure of sensitive personal information
Right to correct inaccurate personal information

9.3 European Rights (GDPR)

EEA, UK, and Switzerland residents have the right to:

Object to processing based on legitimate interests or for direct marketing
Request human intervention in automated decision-making
Lodge complaints with their supervisory authority

9.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email:
[email protected]

Phone: (973) 255-8871

Mail: Podmod LLC, 249 East 48th St., New York, NY 10017

We will respond to verified requests within:

30 days (CCPA/CPRA and general requests)
1 month (GDPR), with possible extension to 3 months for complex requests

We may require verification of your identity before processing requests.

10. International Data Transfers

Your data may be transferred to, stored, and processed in countries outside your country of residence, including the United States, where data protection laws may differ from those in your country.

We implement appropriate safeguards to ensure your personal data remains protected:

Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses for transfers of personal data from the EEA, UK, and Switzerland to countries without adequacy decisions.
Adequacy Decisions: We rely on adequacy decisions where available.
UK International Data Transfer Agreement (IDTA): For UK transfers, we use the UK IDTA as approved by the UK Information Commissioner's Office.
Supplementary Measures: We implement technical and organizational measures to ensure data security during international transfers, including encryption, access controls, and regular security assessments.

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described herein.

11. Data Protection Officer and Representatives

11.1 Data Protection Officer

We have appointed a Data Protection Officer to oversee compliance with data protection laws. You may contact our DPO at:

Email:
[email protected]

Mail: Data Protection Officer, Podmod LLC, 249 East 48th St., New York, NY 10017

11.2 EU Representative

For users in the European Economic Area Contact:
[email protected].

11.3 UK Representative

For users in the United Kingdom Contact:
[email protected]

11.4 Supervisory Authorities

You have the right to lodge a complaint with your local data protection supervisory authority:

EEA: Contact your national Data Protection Authority (list available at): https://edpb.europa.eu/about-edpb/board/members_en

UK: Information Commissioner's Office (ICO) at https://ico.org.uk

Switzerland: Federal Data Protection and Information Commissioner (FDPIC) at https://www.edoeb.admin.ch

12. Children's Privacy

12.1 Age Restrictions

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 13 years of age (or under 16 in the EEA, UK, and Switzerland, or the applicable age of digital consent in your jurisdiction).

12.2 COPPA Compliance (United States)

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13 years of age without verifiable parental consent. If we discover that we have inadvertently collected personal information from a child under 13, we will delete that information immediately.

12.3 GDPR Age of Consent

For users in the EEA, UK, and Switzerland, we do not knowingly process personal data of children under 16 years of age (or the lower age set by applicable member state law, which may be as low as 13) without parental consent.

12.4 Parental Rights

If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at
[email protected]

Upon verification, we will:

Delete the child's personal information from our systems
Terminate any associated account
Provide confirmation of deletion

13. California Privacy Rights (CCPA/CPRA)

13.1 California Consumer Rights

California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of personal information collected, used, disclosed, or sold in the preceding 12 months.
Right to Delete: Request deletion of personal information, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out: Opt out of the sale or sharing of personal information. We do not sell or share personal information.
Right to Limit Use of Sensitive Personal Information: Limit the use of sensitive personal information to purposes necessary to perform services or provide goods requested by you.
Right to Non-Discrimination: Exercise CCPA/CPRA rights without discrimination in service, price, or quality.

13.2 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

Identifiers (name, email, IP address)
Commercial information (subscription history, payment information)
Internet/network activity (usage data, browsing behavior within the Service)
Audio/visual information (podcast recordings, voice data)
Biometric information (voiceprints derived from audio recordings)
Professional information (podcast topics, metadata)
Inferences (preferences, content recommendations)

13.3 Sensitive Personal Information

We collect the following categories of sensitive personal information:

Account login credentials
Precise geolocation (only if you enable location services)
Biometric information (voiceprints for speaker identification)
Contents of communications (podcast transcripts)

Sensitive personal information is used only to provide the Service and as disclosed in this policy. You may limit the use of sensitive personal information by contacting us.

13.4 Sale or Sharing of Personal Information

We do not sell personal information and have not sold personal information in the preceding 12 months. We do not share personal information for cross-context behavioral advertising.

13.5 Disclosure for Business Purposes

We disclose the categories of personal information listed in Section 15.2 to the categories of third parties listed in Section 6.1 for business purposes such as service provision, analytics, and security.

13.6 Data Retention

We retain each category of personal information for the periods specified in Section 7.

13.7 Exercising California Rights

California residents may exercise their rights by:

Email:
[email protected]

Phone: (973) 255-8871

We do not charge a fee to process or respond to verifiable consumer requests unless excessive, repetitive, or manifestly unfounded. We will respond within 45 days, with a possible extension of 45 additional days when necessary.

13.8 Authorized Agents

California residents may designate an authorized agent to make a request on their behalf. We will require written proof of authorization and verification of identity.

15. European Privacy Rights (GDPR)

15.1 Data Controller Information

Controller: Podmod LLC

Address: 249 East 48th St., New York, NY 10017, United States

Email:
[email protected]

Data Protection Officer:
[email protected]

15.2 Legal Bases for Processing

As detailed in Section 3, we process your personal data based on contract performance, consent, legitimate interests, and legal obligations.

15.3 Your GDPR Rights

Please see Section 10 for a comprehensive list of your rights under the GDPR.

15.4 Right to Lodge a Complaint

You have the right to lodge a complaint with your supervisory authority as specified in Section 13.4.

15.6 EU and UK Representative

See Section 13 for information about our EU and UK representatives.

16. Third-Party Links and Integrations

The Service may contain links to third-party websites, APIs, and services that are not operated by us, including:

Content sources (news sites, media platforms)
Social media platforms
Payment processors
Third-party podcast hosting platforms

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information or interacting with their services. This Privacy Policy applies only to information collected by Podmod.

17. Policy Updates

We may modify this Privacy & Cookie Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors.

17.1 Notification of Changes

We will notify you of material changes via:

Email to the address associated with your account
Prominent notice on our website
In-app notification upon your next login

17.2 Review Period

For material changes, we will provide at least 30 days' notice before the updated policy becomes effective, giving you the opportunity to review the changes and decide whether to continue using the Service.

17.3 Continued Use

Continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes. If you do not agree with the updated policy, you must discontinue use of the Service and may request deletion of your account.

17.4 Version History

The "Last Updated" date at the top of this policy indicates when the policy was last revised. Previous versions are available upon request by contacting
[email protected]

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy & Cookie Policy or our data practices, please contact us:

Podmod LLC

249 East 48th St.

New York, NY 10017

United States

Email:
[email protected]

Data Protection Officer:
[email protected]

Phone: (973) 255-8871

Response Time: We will respond to all inquiries within 30 days (or as required by applicable law).

By using Podmod.ai, you consent to the collection, processing, and sharing of your data as outlined in this policy.