This Privacy Policy explains how Podread( "Podread", "we", "us") collects, uses, and shares personal data when you use podreadme.com (the "Service"). Podread is operated from Italy and the Service is hosted in the European Union. We do not run advertising, we do not sell your personal data, and we do not build advertising profiles.

1. Data controller

The data controller for the personal data processed through the Service is the operator of Podread, established in Italy. You can reach us at [email protected]for any privacy-related request, including the controller's full identification details.

2. Personal data we collect

• Account data — email address, display name and avatar provided through Clerk when you sign up or sign in (including via Google or other supported identity providers).
• Billing data — when you subscribe to Pro, billing information (name, country, last 4 digits of the card, billing address as required for tax) is processed by Stripe via Clerk Billing. We never see or store your full card number.
• Usage data — which YouTube videos you submitted, which output formats and languages you generated, credits consumed, timestamps. This data is tied to your account.
• Generated content — articles and synced readers we produce from public YouTube captions. Your identity is not displayed alongside the generated content.
• Technical data — IP address, user agent, request and error logs, kept for security, debugging and abuse prevention.
• Communications — content of emails you send to us at [email protected].

We do not use third-party advertising trackers, cross-site cookies for marketing, fingerprinting or behavioural profiling. We do not use Google Analytics or similar.

3. How we use your data and legal bases (GDPR Art. 6)

• Performance of contract (Art. 6(1)(b)) — to create your account, authenticate you, enforce free / Pro credit limits, process the videos you ask us to transcribe, deliver outputs and handle billing.
• Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, prevent abuse and fraud, debug errors, and improve the Service. We balance these interests against your rights.
• Legal obligation (Art. 6(1)(c)) — to keep tax and accounting records related to paid subscriptions for the period required by Italian and EU law.
• Consent (Art. 6(1)(a)) — only where strictly required, e.g. for any optional newsletter you opt into. You can withdraw consent at any time.

4. Subprocessors and recipients

To deliver the Service we rely on the following subprocessors:

• Clerk (USA) — authentication, user directory, subscription management.
• Stripe (USA / Ireland) — payment processing for Pro subscriptions, billed through Clerk Billing.
• OpenAI (USA) — text rewriting and translation. We send YouTube captions to OpenAI to produce the article and translation outputs. OpenAI states that data sent through its API is not used to train its models.
• Cloudflare R2 — object storage for cached outputs.
• Hetzner (Germany / Finland) — application and database hosting in the EU.
• Resend — transactional email (account, billing notifications).
• YouTube— captions are fetched from public YouTube videos. Your YouTube usage is governed by Google's policies.

We do not share personal data with third parties for their own marketing purposes. We may disclose data to law enforcement or regulators where required by a binding legal request.

5. International transfers

Some of our subprocessors (Clerk, OpenAI, Stripe) are based in the United States. Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) and any additional safeguards required by Schrems II. You can request a copy of the relevant safeguards at [email protected].

6. Retention

• Account data is kept for as long as your account is active. After account deletion, we erase or anonymize personal data within 30 days, except records we must keep for legal reasons (e.g. billing records: up to 10 years under Italian tax law).
• Generated outputs are cached so other readers can retrieve the same article without spending credits. Outputs are not tied to a public username. You can switch any output you generated to unlisted or archived from the reader. Archived outputs are hard-deleted within 30 days.
• Technical logs (IP addresses, request logs, error traces) are kept up to 90 days for security and abuse prevention, then deleted or anonymized.
• Email correspondence is kept up to 24 months unless a longer period is needed to handle a dispute.

7. Cookies

Podread uses only strictly necessary cookies: session and authentication cookies set by Clerk, plus a small first-party cookie remembering your interface language and theme. We do not set third-party advertising or analytics cookies. Because only strictly necessary cookies are used, no consent banner is required under the ePrivacy Directive.

8. AI processing disclosure

Articles and translations are produced by large language models. Outputs may contain inaccuracies. We verify quotes and references against the source transcript and label every generated page with a visible AI-disclosure footer. The synced reader preserves the original transcript wording verbatim alongside the video.

9. Your rights

If you are in the EEA, the UK, Switzerland or another jurisdiction with comparable rights, you may:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data erased (right to be forgotten);
• restrict or object to certain processing;
• receive your data in a portable format;
• withdraw consent for any consent-based processing;
• lodge a complaint with your local data protection authority. In Italy this is the Garante per la protezione dei dati personali.

Send requests to [email protected]. We respond within 30 days.

10. Security

We use TLS for all traffic, encrypted storage at rest, scoped access to production systems, and limit administrative access to the operator. In the event of a personal data breach likely to result in risk to your rights, we will notify the competent supervisory authority within 72 hours and, where the risk is high, notify you directly without undue delay.

11. Age

The Service is intended for users 16 years of age or older. If you are under 16, do not use the Service or provide personal data to us.

12. Changes

We may update this policy. The last-updated date at the top reflects the current version. Material changes will be announced on the homepage or by email.

13. Contact

For any privacy question or to exercise your rights, contact [email protected]. See also our Terms of Service and Refund Policy.