Privacy

Privacy Policy

Last updated 1 May 2026

The short version

  • · We do not sell or trade your data.
  • · We do not use advertising or cross-site tracking cookies.
  • · Listener analytics are anonymous — no IP, no user agent, no cross-page identity.
  • · You can claim, edit, or suppress your guest profile; you can delete your account.
  • · We use a small list of well-known service providers to run the platform — Section 5 below.

1. Who we are

PodSocial.fm (“PodSocial”, “we”, “our”) is operated by Story Ninety-Four. We host smart landing pages for podcasts, plus a directory of podcast guests aggregated from the public Podcasting 2.0 metadata in show feeds.

For UK GDPR, the “data controller” for personal data we process about our account holders and site visitors is Story Ninety-Four. Contact us at hello@storyninetyfour.com.

2. Data we collect

We collect the minimum needed to run the service. We never sell personal data. We do not use third-party advertising or behavioural-tracking cookies.

2.1 Account data

When you sign in, our authentication provider (Clerk — see Section 5) handles your password / OAuth tokens and shares with us a stable user ID, your email address, and your account avatar (if you set one). We store the ID and email in our database to associate you with the podcasts and guest profiles you control.

2.2 Podcast feed data

When you submit an RSS feed, we fetch and cache its contents (show title, description, cover artwork, episode list, and any Podcasting 2.0 namespace tags the publisher has set, including <podcast:person> attributions, transcripts, chapters, alternate enclosures, podroll, and funding links). This data comes from the public RSS feed you point us at.

We also enrich a feed with metadata from the Podcast Index API (see Section 5) — typically genre, owner email, and platform listings.

2.3 Guest directory data

The guest directory aggregates <podcast:person> entries from the RSS feeds of podcasts that have opted into the guest directory. Each guest profile is a row in our database keyed by the publisher-supplied URL or, where no URL is provided, scoped to that specific podcast. Names, photos, and links are taken from the publisher's feed.

If you are listed as a guest and want to claim your profile, you can do so via “Is this you? Claim this profile” on your guest page. Once claimed, you control your bio, social links, and tags. Your photo is read live from your account avatar.

2.4 Anonymous analytics

When listeners visit a podcast page, listen to an episode, click out to a podcast app, or follow a podcaster’s tracked link into the platform, we log an anonymous event recording the podcast (or episode, or tracked link) and a country code derived at the edge from the request. For page visits we also record the origin of the referring site (e.g. theverge.com) when the browser shares it — never the full URL or query string — so podcasters can see where their inbound traffic comes from. We do not store IP addresses or user-agent strings, and we do not associate listener events with any signed-in user.

Aggregate counts (plays / views / clicks / tracked-link clicks) are surfaced on owner dashboards. Tracked-link clicks may be pivoted by the owner-defined tags attached to each link (e.g. Source, Campaign, Guest) but the click record itself never identifies a listener. The raw events are retained indefinitely in their anonymous form to support historical reporting; we may revisit retention as the dataset grows.

2.5 Email logs

When we send you a transactional email (verification, claim approval, etc.) we keep a record of the message and its delivery status via Resend (Section 5). We do not send marketing email and we do not have a newsletter.

2.6 RSS health check

When you use the RSS Health Check tool at /rss-check we do not store the contents of your podcast feed. The feed is fetched, validated in memory, and the report is returned to your browser. We log the URL you checked alongside basic request metadata (hashed IP for rate limiting, timestamp, result code) for up to 30 days for security and abuse-prevention purposes. Results are saved in your browser's local storage so you can compare scores between checks; they are never transmitted to our servers after that initial validation.

2.7 Automated feed-quality checks for claimed podcasts

For podcasts you have claimed, we run the same RSS Health Check automatically as part of our hourly feed-refresh process and store a short summary on your podcast record (score, band, issue counts, Apple Podcasts and PSP-1 compliance flags, and a checked-at timestamp). The summary is displayed in your dashboard so you can see your feed's current health at a glance. The underlying data is derived entirely from your public RSS feed; we don't collect anything new for this purpose. Removing the podcast (or your account) removes the summary alongside everything else.

2.8 Apple Podcasts reviews

For claimed podcasts where the owner has enabled the reviews feature, we cache reviewer-submitted content from Apple Podcasts' public customer-reviews feed (review text, title, rating, reviewer display name as published on Apple Podcasts, and the storefront the review came from). Reviews are fetched on demand when the podcast owner clicks "Sync reviews" in their dashboard; we do not run automated background syncs. The data is publicly available on Apple Podcasts itself; we cache it so it can render on the show's PodSocial page. Removing the podcast (or your account) removes the cached reviews alongside everything else. We don't cache or surface reviews from any storefront for podcasts that have not been claimed.

3. Why we use it

Account & service operation: signing you in, letting you claim and edit a podcast or guest profile, sending verification emails. Lawful basis: contract (Article 6(1)(b) UK GDPR) — we cannot provide the service without it.

Anonymous analytics: showing owners traffic and engagement; ranking shows on internal tooling. Lawful basis: legitimate interest (Article 6(1)(f)). We do not track individuals.

Guest directory: rendering publisher-supplied guest credits. The publisher sets the data; we publish it on the guest's behalf when they have not yet claimed. Lawful basis: legitimate interest; superseded by your direct consent once you claim and edit your profile.

Email verification + claim review: a podcast owner can prove ownership of a feed using the email in the feed's <itunes:owner> tag; a guest can request a claim that an admin or show owner reviews. Lawful basis: contract.

4. Who can see what

Most data on PodSocial is public by design. A podcast landing page, episode pages, search results, and guest profiles are all visible to anyone with the URL. Owner dashboards and admin tooling are private.

We do not sell, rent, or trade personal data. We do share data with the subprocessors listed below to run the service.

5. Subprocessors

We use the following service providers to run PodSocial. Each handles a specific function and is bound by their own data-protection terms.

  • Clerk (United States) — authentication and account management. Stores credentials, OAuth tokens, and your account avatar.
  • Vercel (United States / European edges) — hosting and serverless function execution. Standard request logs.
  • Neon (United States / European regions) — managed Postgres database. Holds account, podcast, and analytics data.
  • Upstash Redis (Global) — rate-limiting and short-lived caches.
  • Resend (United States) — transactional email delivery and logs.
  • Podcast Index (United States) — third-party API queried server-side to enrich podcast metadata. We send the feed URL or GUID and receive public metadata in response. No personal data is shared.

International transfers from the UK to the US rely on UK Addendum / Standard Contractual Clauses or, where applicable, the EU-US Data Privacy Framework adequacy for transfers from EU regions.

6. Cookies and local storage

We use cookies and browser local storage strictly to run the service. We do not use cookies for advertising or cross-site tracking.

  • Authentication cookies set by Clerk keep you signed in. Required to use the dashboard.
  • Local storage remembers your audio player state (volume, last-played episode position), admin section open/closed states, and podcast embed preferences. None of this is sent to our servers.

7. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. To exercise any of these, email hello@storyninetyfour.com and we will respond within 30 days.

Account deletion: signed-in users can delete their account directly from the dashboard (“Delete account” in the Danger zone at the bottom of /dashboard). This removes your user record from PodSocial, deletes your Clerk auth identity, releases your podcasts back to unclaimed (the public landing pages stay live; anyone with the right RSS owner email can re-claim), unclaims your guest profile, and erases your guest bio, social links, and tags. Anonymous analytics events tied to your podcasts remain — they cannot be linked back to you. If you cannot access your dashboard for any reason, email hello@storyninetyfour.com and we will action the deletion within 30 days.

Guest-profile suppression: if a podcast credits you as a guest and you do not want a public profile on PodSocial, email us and we will suppress the profile (404 the URL) without deleting the underlying appearance attribution from the source feed.

If you are unhappy with how we have handled your data, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Data retention

  • Account data: retained while your account is active. Deleted within 30 days of an account-deletion request.
  • Podcast feed cache: refreshed periodically; old versions overwritten. Deleted within 30 days when the underlying podcast is removed from the platform.
  • Analytics events: retained indefinitely in anonymous form.
  • Email logs: kept for up to 90 days at Resend per their retention policy.

9. Children

PodSocial is not directed at children under 13. We do not knowingly collect personal data from children. If you believe we have, contact us and we will remove it.

10. Changes

We will update this policy when we add features that affect how we process personal data. The “Last updated” date at the top of the page reflects the most recent material change. For any change that materially expands how we use data, we will notify account holders by email before the change takes effect.

11. Contact

Email hello@storyninetyfour.com for any privacy or data-protection question, including access requests, deletion requests, and suppression requests for guest profiles.

PodSocial.fm by Story Ninety-FourTerms & Conditions →