Privacy Policy.

1 Who we are ¶

Minim Digital Limited, trading as PodcasterPlus, is the data controller responsible for the personal data described in this policy, except where this policy says otherwise.

Company name: Minim Digital Limited

Trading as: PodcasterPlus

Company number: 13802088 (registered in England and Wales)

Registered office: 8 Hackness Drive, Scarborough, North Yorkshire, England, YO12 5SB

Privacy contact: privacy@podcasterplus.com

References to "we", "us", and "our" in this policy mean Minim Digital Limited.

2 Quick summary ¶

This summary is for convenience only. The full policy below is what binds us.

• We collect only the personal data we need to provide the Service.
• We use your data to run your account, deliver your podcasts to listeners, operate booking and automation features, generate AI content when you ask us to, send service emails, and keep the Service secure.
• We do not sell your personal data. We do not use your podcast content to train AI models without your consent.
• We host your data within the UK and EEA where we can. Some of our infrastructure providers operate globally, so some data may be transferred internationally under appropriate safeguards.
• You have rights over your data, including the right to access, correct, delete, and export it.
• We keep your data only for as long as we need it. When you close your account we delete it, with a short grace period for you to export anything you want.
• You can contact us at any time at privacy@podcasterplus.com and you can complain to the Information Commissioner's Office if you are unhappy with how we have handled your data.

3 Who this policy applies to ¶

This policy applies to the following people, whom we collectively call "you":

• Account holders ("Hosts"). Podcasters, producers, agencies, networks, and other customers who create a PodcasterPlus account.
• Team Members. People that an account holder has invited to their account in a role such as Producer or Co-host.
• Guests. People invited to take part in a specific episode through a magic link, without creating a full account.
• Listeners. People who download or stream podcast episodes hosted on PodcasterPlus, whether through a podcast app, browser, or directory such as Apple Podcasts or Spotify.
• Website visitors. People who visit our marketing site at podcasterplus.com without creating an account.
• Support contacts. People who contact us through our support channels.
• Prospective customers. People who sign up to our newsletter, request a demo, or otherwise enter into early conversation with us.

Different parts of this policy apply to different groups. Where a section is specific to one group, we say so.

4 Our role: controller and processor ¶

For some personal data, we decide why and how it is processed. In that case we are the controller, and this policy explains how we handle it.

For other personal data, an Account holder decides why and how it is processed, and we process it on their behalf. This applies in particular to:

• contact details of Guests, listeners, and subscribers that a Host uploads or imports;
• email content, recipient lists, and send timing for messages sent through our automation engine;
• audio and transcripts that contain personal data of identifiable individuals.

For that data, we are the processor and the Account holder is the controller. Our processing is governed by the Data Processing Agreement that forms part of our Terms of Service. If you are a Guest, listener, or other contact of a podcast hosted on PodcasterPlus and you have a privacy question about how that podcast is handling your data, please contact the Host directly. We can help you find them on request.

5 Personal data we collect, why, and on what legal basis ¶

We collect personal data in five broad ways:

1. data you give us directly when you create an account, contact us, or use the Service;
2. data we generate when you interact with the Service (such as logs and analytics);
3. data we receive from third parties you have connected to us (such as calendar providers);
4. data uploaded to your account by you or your Team Members (which may contain personal data of others); and
5. data we collect automatically when you visit our website (cookies and similar technologies, covered in section 12).

What we collect, why we collect it, and our legal basis for doing so is set out below.

5.1 Account holders and Team Members

What we collect

• Identity and contact: name, email address, password (hashed, never stored in plain text), optional profile picture, optional company name, optional phone number.
• Billing: billing address, VAT number where applicable, and payment card details (the card details themselves are handled directly by our payment processor, Stripe, not by us; we receive only the last four digits, brand, and expiry).
• Account activity: timestamps of logins, IP addresses used to access the Service, browser and device information, security events, and audit logs of actions taken in your account.
• Communications: emails and messages you exchange with our support team.
• Marketing preferences: whether you have opted in to receive product updates, the newsletter, or other communications.

Why we collect it

• to create and run your account;
• to provide you with access to the features of your subscription plan;
• to take and refund payments;
• to communicate with you about your account, including service notices and security alerts;
• to detect and prevent fraud, abuse, and security incidents;
• to respond to your support enquiries;
• to send you product updates and marketing communications where you have opted in or where we have a soft opt-in under PECR for existing customers;
• to comply with our legal obligations (for example, accounting and tax obligations);
• to enforce our Terms of Service and protect our rights.

Legal basis

• Performance of a contract (UK GDPR Art. 6(1)(b)): for everything required to deliver the Service to you.
• Legitimate interests (UK GDPR Art. 6(1)(f)): for security, fraud prevention, service improvement, audit logging, and direct marketing to existing business customers under PECR.
• Consent (UK GDPR Art. 6(1)(a)): for marketing emails where consent is required, and for optional features that you actively switch on.
• Legal obligation (UK GDPR Art. 6(1)(c)): for tax records, statutory disclosures, and responses to lawful requests from authorities.

Retention

We keep your account data while your account is active and for up to 12 months after you close your account, except where we are required by law to keep it longer (for example, accounting records must be kept for six years under HMRC rules). After that, we delete or fully anonymise your data.

5.2 Guests

What we collect

• Name and email address (provided to us by the Host who invited you).
• The magic link access token associated with your invitation (used to authenticate you when you visit the collaboration portal).
• Anything you contribute to the episode portal, such as bio, prep responses, show notes contributions, and uploaded files.
• Activity within the portal, such as when you accessed it and what you edited.

Why we collect it

• to give you access to the episode you have been invited to;
• to let you contribute to show notes and prep materials;
• to let you communicate with the Host and other participants;
• to keep an audit trail of who edited what (so the Host can attribute contributions);
• to keep the portal secure.

Legal basis

• Legitimate interests (UK GDPR Art. 6(1)(f)): we have a legitimate interest in providing the Service to the Host who invited you. This interest is balanced against your privacy by limiting your data to what is needed to participate in the episode.
• Performance of a contract (UK GDPR Art. 6(1)(b)): where you have a separate agreement with the Host.

Note for Guests

If you are a Guest, the Host who invited you is the controller of your personal data for the purposes of their podcast. We process your data on their instructions. If you want your data removed, you can ask us at privacy@podcasterplus.com and we will help, including by routing the request to the Host where appropriate.

Retention

Guest data tied to a specific episode is retained while the Host keeps that episode in their account. If the Host deletes the episode or closes their account, your Guest data is deleted within 30 days, except for audit records kept for security purposes.

5.3 Listeners (people downloading or streaming podcasts hosted on PodcasterPlus)

When you download or stream a podcast episode hosted on PodcasterPlus, your podcast app, browser, or platform makes a request to our delivery infrastructure.

What we collect

• IP address (used to estimate location at country or region level and to detect abuse);
• user agent (the name of your podcast app or browser);
• timestamp of the request;
• which episode was requested and how much of it was delivered.

We do not set persistent identifiers on listeners, we do not track listeners across podcasts or sessions, and we do not build behavioural profiles of listeners.

Why we collect it

• to deliver the audio file to you;
• to count downloads in accordance with IAB Tech Lab Podcast Measurement Guidelines;
• to provide Hosts with aggregate statistics about their listenership (such as "downloads by country");
• to detect and block abuse such as bot-driven download inflation;
• to keep the Service secure.

Legal basis

• Legitimate interests (UK GDPR Art. 6(1)(f)): we have a legitimate interest in delivering podcast content to listeners and in providing Hosts with the basic analytics that the podcasting industry expects. This is balanced against listener privacy by keeping the data minimal, not building profiles, and aggregating analytics shown to Hosts.

Retention

Raw request logs are retained for up to 60 days for security and abuse detection. After that, only aggregated, non-identifying statistics are kept.

5.4 Website visitors

When you visit podcasterplus.com without logging in or creating an account, we collect limited information through our self-hosted analytics tool.

What we collect

• the pages you visit and how long you spend on them;
• the country or region you are visiting from (derived from your IP address, not stored);
• referrer (the link you arrived from);
• general device and browser information.

Our analytics tool is privacy-focused and self-hosted. It does not set cross-site tracking cookies, it does not share data with third-party advertising networks, and it does not build a profile of you across sessions or sites.

Why we collect it

• to understand how visitors find and use the website;
• to improve the website over time;
• to plan content and marketing.

Legal basis

• Legitimate interests (UK GDPR Art. 6(1)(f)): we have a legitimate interest in understanding how our website is used, balanced against visitor privacy by using a privacy-by-design analytics tool that does not personally identify you.

Retention

Analytics data is kept for up to 24 months, then aggregated or deleted.

5.5 Support contacts

What we collect

• the email address you contact us from (or the address on your account);
• your name where you provide it;
• the content of your messages with us, including any screenshots or files you share;
• metadata about the support conversation (such as ticket reference, status, and timestamps).

Why we collect it

• to answer your questions and help you with the Service;
• to track and improve our support quality;
• to keep a record in case the same issue comes up again.

Legal basis

• Legitimate interests (UK GDPR Art. 6(1)(f)): for support to people who are not yet account holders.
• Performance of a contract (UK GDPR Art. 6(1)(b)): for support to existing account holders.

Retention

Support conversations are kept for 3 years after the conversation closes, then deleted, except where retention is needed for a longer period (for example, an unresolved legal matter).

5.6 Prospective customers, newsletter subscribers, and marketing contacts

What we collect

• name, email address, and any optional details you provide when you sign up for the newsletter, request a demo, register for the beta, or contact our sales/partnerships team.

Why we collect it

• to send you the newsletter;
• to evaluate beta and demo requests;
• to follow up on conversations you have started with us.

Legal basis

• Consent (UK GDPR Art. 6(1)(a)) for newsletter subscriptions.
• Legitimate interests (UK GDPR Art. 6(1)(f)) for following up on enquiries you initiated.

Retention

We keep newsletter subscriber data until you unsubscribe, then we keep a suppression record indefinitely so we do not contact you again. Other prospect data is kept for up to 24 months from the last interaction, then deleted.

6 AI content tools ¶

When you use our AI content tools (such as transcription, show notes generation, social post drafting, or highlight extraction), your audio and related metadata are processed through AI services to produce the requested output.

Where the AI processing happens. Most AI processing happens on edge infrastructure operated by our cloud infrastructure provider. We may also use other AI vendors for specific features, listed in our Subprocessor List.

No training on your content. We do not use your podcast content to train AI models. Our agreements with our AI vendors prohibit them from training their models on your content. If this position changes in the future for a specific feature, we will ask for your explicit consent before any such processing.

Sensitive content. AI tools should not be used to process content that includes special category personal data (such as health, ethnicity, religious belief, or sexual orientation data) about identifiable individuals unless you have a lawful basis and have considered any additional safeguards required.

Quality. AI Output can be inaccurate. You should review it before publishing or relying on it. We are not responsible for errors, omissions, or unsuitable content produced by AI tools.

7 Who we share your personal data with ¶

We do not sell your personal data. We share it only where necessary to operate the Service or where required by law.

7.1 Service providers (processors)

We use a small number of carefully chosen service providers ("subprocessors") to deliver the Service. These include:

• Cloud infrastructure provider: hosts the website and application, delivers audio files, runs the RSS feed service, provides bot protection, and provides AI processing.
• Database and authentication provider (EU-hosted): stores account and application data and handles login.
• Backup storage provider (EU-hosted): keeps encrypted backups of critical data.
• Payment processor (Stripe): handles all card payments. We do not see or store full card numbers. Stripe's privacy policy is available at stripe.com/privacy.
• Email delivery provider: sends transactional emails (account, billing, security) and emails you configure in the automation engine.
• Customer support tool (self-hosted): runs our support inbox.
• Analytics tool (self-hosted): collects website usage statistics.

A current list of subprocessors, with their roles and locations, is available in our Subprocessor List.

All subprocessors are bound by written contracts that require them to protect your personal data, to use it only on our instructions, and to apply appropriate security measures.

7.2 Other Hosts, Team Members, and Guests on the Service

If you are a Team Member or Guest, your name, email, contributions, and activity inside a podcast or episode are visible to the Host who invited you and to other authorised participants in that podcast or episode. This is how collaboration works.

7.3 Third-party platforms you connect to your account

If you connect a third-party service to your account (for example, a calendar provider, a social network, or a podcast directory), we share the personal data needed to make that integration work. Use of those services is governed by their own terms and privacy policies.

7.4 Podcast directories

When you submit your podcast to Apple Podcasts, Spotify, Amazon Music, YouTube, or any other directory, the metadata you have entered in your RSS feed (including show and episode titles, descriptions, and any personal details such as a host name) becomes visible to the directory and to the public. You control what goes in your feed.

7.5 Legal, regulatory, and law enforcement

We may share your personal data:

• where we are required to do so by law, including in response to a court order, statutory request, or other legally binding instruction;
• where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others;
• where we are responding to a credible copyright takedown or other rights-holder notice;
• to enforce our Terms of Service or investigate suspected breaches.

We will resist overbroad or improper requests and, where lawfully able, we will notify you before disclosing your data.

7.6 Business transfers

If we sell, restructure, or merge our business, your personal data may be transferred to the acquiring entity, subject to the same protections that apply under this policy. We will give you notice of any such transfer.

8 International data transfers ¶

We aim to store your personal data within the UK and the European Economic Area. Some of our providers operate globally and may process or back up data outside the UK and EEA.

Where we transfer personal data outside the UK and EEA, we rely on one of the following safeguards:

• an adequacy decision by the UK or the European Commission (for example, transfers to countries deemed to provide an adequate level of protection);
• the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, combined with a transfer risk assessment;
• another lawful transfer mechanism permitted under UK GDPR.

Details of which transfers occur and on what basis are set out in our Subprocessor List. You may request a copy of the safeguards in place by emailing privacy@podcasterplus.com.

9 How long we keep your data ¶

We keep personal data only for as long as we need it, then we delete or anonymise it. Specific retention periods are set out in section 5 above. As a general rule:

• Active account data: kept while your account is active and for up to 12 months after closure.
• Billing and accounting records: kept for six years from the end of the relevant financial year, to comply with HMRC requirements.
• Audit and security logs: kept for up to 12 months for security and incident investigation.
• Listener request logs: kept for up to 60 days, then aggregated.
• Marketing suppression records: kept indefinitely so we do not contact people who have opted out.
• Backups: encrypted backups may contain copies of deleted data for up to 90 days, after which they are rotated out.

Where law requires a longer retention period than the above, the longer period applies.

10 Your rights ¶

Under UK GDPR and the Data Protection Act 2018, you have the following rights over your personal data:

10.1 Right of access. You can ask us for a copy of the personal data we hold about you.

10.2 Right to rectification. You can ask us to correct personal data that is inaccurate or incomplete.

10.3 Right to erasure. You can ask us to delete your personal data in certain circumstances, for example when it is no longer needed for the purpose we collected it. We will not always be able to delete (for example, where we need to keep records for legal reasons), and we will explain why if so.

10.4 Right to restrict processing. You can ask us to limit our processing of your data while we look into a concern you have raised.

10.5 Right to data portability. Where we process your data based on consent or contract, you can ask us to provide it in a structured, commonly used, machine-readable format, and to send it to another controller if technically feasible.

10.6 Right to object. Where we process your data based on legitimate interests, you can object on grounds relating to your particular situation. You have an absolute right to object to direct marketing.

10.7 Right to withdraw consent. Where we process your data based on consent, you can withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing we did before you withdrew it.

10.8 Rights relating to automated decisions and profiling. We do not make decisions about you that produce legal or similarly significant effects based solely on automated processing.

How to exercise your rights

Contact us at privacy@podcasterplus.com. We will respond within one calendar month. Where a request is complex or we have received a number of requests from you, we may extend this by up to two further months, in which case we will let you know.

We may need to verify your identity before responding, to make sure we do not disclose personal data to the wrong person.

Most requests are free of charge. We may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive, in line with UK GDPR.

Right to complain

If you are unhappy with how we have handled your personal data, you can complain to the Information Commissioner's Office, the UK's independent data protection authority:

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk

We would, however, appreciate the chance to address your concerns before you go to the ICO. Please contact us first if you can.

11 How we protect your data ¶

We use a range of technical and organisational measures to protect your personal data, including:

• encryption of data in transit using TLS;
• encryption of data at rest, including encrypted backups;
• hashing of passwords (we do not store plain-text passwords);
• access controls and the principle of least privilege for our team;
• multi-factor authentication for administrative access to production systems;
• audit logging of significant account and admin actions;
• regular security reviews and dependency updates;
• isolated environments for development, staging, and production;
• bot protection and rate limiting on public endpoints.

No security measure can guarantee complete protection. If we become aware of a personal data breach affecting your data, we will notify you and the ICO as required by UK GDPR.

You can report security concerns to security@podcasterplus.com.

12 Cookies and similar technologies ¶

We use a small number of cookies and similar technologies. Most are strictly necessary for the Service to work. Our use of cookies is set out in detail in our Cookie Policy. In summary:

• Strictly necessary cookies (such as authentication and bot protection cookies) are set without your consent because the Service cannot run without them. These are set by us or by our security and infrastructure provider.
• Functional cookies remember settings such as your preferred language or display options.
• Analytics cookies, where used, are set by our self-hosted, privacy-focused analytics tool. We do not use third-party advertising or cross-site tracking cookies.

You can manage cookies through the consent banner on the website (where applicable) and through your browser settings. Disabling strictly necessary cookies will prevent the Service from functioning.

13 Children ¶

The Service is not directed to children. You must be at least 16 years old to create an account.

If you become aware that a child under 16 has provided personal data to us, please contact privacy@podcasterplus.com and we will take steps to delete it.

We have no control over the content of podcasts hosted on PodcasterPlus, including whether a particular show is suitable for children. Podcast directories that distribute podcasts (such as Apple Podcasts and Spotify) have their own child safety policies.

14 Changes to this policy ¶

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any change.

If we make a material change (for example, a change to the categories of data we collect or to the lawful basis we rely on), we will give you at least 30 days' notice by email or in-product notification before the change takes effect, except where the change is required by law to take effect sooner.

Older versions of this policy are available on request.

15 How to contact us ¶

For any privacy question, request, or complaint:

Email: privacy@podcasterplus.com

Post: Minim Digital Limited, 8 Hackness Drive, Scarborough, North Yorkshire, England, YO12 5SB

For security issues, please use security@podcasterplus.com.

For general support, please use support@podcasterplus.com.

Minim Digital Limited

Trading as PodcasterPlus
Company number 13802088
Registered in England and Wales