Privacy Policy
Last updated: 8 March 2026
1. Introduction
Podli ("we", "our", "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform at podli.co.
We are the data controller for the personal data we process. This policy is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read this policy carefully. By using our Service, you acknowledge you have read and understood this Privacy Policy.
2. Data We Collect
We collect the following categories of personal data:
Account Information
- Name and email address (provided during registration)
- Profile picture (optional, uploaded by you)
- Account creation date
Payment Information
- Subscription plan and billing status
- Stripe customer ID (payment card details are held by Stripe — we never store card numbers)
Content & Usage Data
- Audio files you upload for processing
- Processed output files and transcriptions
- Processing job history and usage statistics
- Music template preferences and saved settings
Technical Data
- IP address and browser/device information
- Pages visited and features used (via analytics)
- Error logs and performance data
3. How We Use Your Data
We use your personal data for the following purposes:
- Providing the Service: Processing your audio files, managing your account, and delivering the features you use
- Billing & Subscriptions: Processing payments, managing your subscription, and sending invoices
- Communication: Sending transactional emails (account confirmations, payment receipts, security alerts)
- Service Improvement: Analysing usage patterns to improve the platform (using anonymised or aggregated data where possible)
- Legal Compliance: Meeting our legal and regulatory obligations
- Security: Detecting and preventing fraud, abuse, and security threats
We do not use your audio content to train AI models, and we do not sell your personal data to third parties.
4. Legal Basis for Processing
Under UK GDPR, we process your personal data on the following legal bases:
- Contract performance: Processing necessary to provide the Service you have signed up for
- Legitimate interests: Security monitoring, fraud prevention, and service improvement
- Legal obligation: Where we are required to process data by law
- Consent: For optional cookies and marketing communications (where applicable)
5. Data Sharing
We share your data only with trusted third-party service providers necessary to operate the Service:
We do not share your data with advertisers or data brokers. We may disclose your data if required by law or to protect our legal rights.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service:
- Account data: Retained while your account is active, deleted within 30 days of account deletion
- Audio files: Processed files are retained for a limited period and may be automatically deleted after prolonged inactivity
- Billing records: Retained for 7 years to comply with financial record-keeping requirements
- Analytics data: Aggregated and anonymised — retained indefinitely
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:
- Encrypted data transmission (TLS/HTTPS) for all communication
- Encrypted storage of audio files on DigitalOcean Spaces
- Hashed and salted passwords — we never store your password in plain text
- Access controls limiting data access to authorised personnel only
Despite these measures, no method of transmission over the internet is 100% secure. In the event of a data breach affecting your rights and freedoms, we will notify you and relevant authorities as required by law.
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data ("right to be forgotten")
- Right to restriction: Request that we limit processing of your data in certain circumstances
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests
- Rights related to automated decision-making: We do not make solely automated decisions with legal or significant effects
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
10. Children's Privacy
The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice within the Service. The "last updated" date at the top of this page indicates when it was last revised.
Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
12. Contact Us
For any privacy-related questions, data subject requests, or concerns, please contact us: