Privacy Policy
Last Updated: October 1, 2025
1. Introduction
Welcome to PodAlpha ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services at podalpha.tech (the "Service").
PodAlpha is a content curation platform that aggregates video content from YouTube channels, generates AI-powered summaries of podcast/interview content, and distributes summaries to users via email.
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.
2. Information We Collect
2.1 Information You Provide Directly
We collect the following personal information that you voluntarily provide to us:
- Account Information: Email address, name (optional), and password (if you don't use OAuth)
- Subscription Information: Subscription tier (Free or Pro), email notification preferences (hourly, daily, weekly frequencies)
- Communication Data: Information you provide when you contact us for support or feedback
2.2 Information Collected Automatically
When you use our Service, we automatically collect certain information:
- Authentication Cookies: Session cookies and tokens to maintain your login state
- Usage Data: Which videos you view, which summaries you access, and your email notification history
- Technical Data: IP address, browser type, device information, and operating system (collected by our service providers)
2.3 Information from Third Parties
We receive information from the following third-party services:
- Google OAuth: If you sign up using Google, we receive your email address and basic profile information
- Stripe: Payment information, billing address, subscription status, and payment history (we do NOT store your credit card details—Stripe does)
- YouTube: Publicly available video metadata including titles, channels, descriptions, and thumbnails
3. How We Use Your Information
We use your personal information for the following purposes:
| Purpose | Data Used |
|---|---|
| Account management and authentication | Email, name, authentication tokens |
| Email delivery of content summaries | Email address, subscription tier, notification preferences |
| Payment processing and billing | Stripe customer ID, subscription data |
| Customer support | Email, account details, support inquiries |
| Service improvement and analytics | Usage patterns, feature engagement |
| Legal compliance and fraud prevention | All collected data as necessary |
4. How We Share Your Information
We share your personal information with the following third parties:
| Third Party | Data Shared | Purpose |
|---|---|---|
| Supabase | All user profile data, email history, authentication data | Database hosting, authentication, backend services |
| Stripe | Email, name, customer ID, subscription details, payment information | Payment processing, subscription billing |
| Resend | Email address, name, content summaries | Email delivery service |
| Email address (if you use Google OAuth) | Authentication via Google Sign-In | |
| OpenAI / Anthropic | Video content (no personal user data) | AI-powered content summarization |
We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes.
We may also disclose your information:
- To comply with legal obligations, court orders, or government requests
- To protect our rights, property, or safety, or that of our users or the public
- In connection with a merger, acquisition, or sale of assets (you will be notified via email)
5. Data Storage and Security
Your personal information is stored on secure servers provided by Supabase (PostgreSQL database hosted in the cloud). We implement industry-standard security measures including:
- JWT-based authentication with 1-hour token expiry
- Row-level security (RLS) policies ensuring users can only access their own data
- Encrypted data transmission using HTTPS/TLS
- Secure webhook verification for payment processing
- Environment-based secrets management (API keys never committed to code)
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
6. Data Retention
We retain your personal information for as long as necessary to provide you with our Service and comply with legal obligations:
- Account Data: Retained until you delete your account
- Email History: Retained until you delete your account (cascading deletion)
- Payment Records: Retained by Stripe according to their retention policies and legal requirements (typically 7 years)
- Authentication Tokens: Session-based; refresh tokens expire and rotate according to our security policy
When you delete your account, we permanently delete all associated personal data from our systems, including user profile, email history, and notification tracking records.
7. Your Privacy Rights
7.1 General Rights
You have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your account and all associated personal data
- Opt-Out: Unsubscribe from email notifications at any time
- Data Portability: Request a machine-readable copy of your data
7.2 California Residents (CCPA/CPRA Rights)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
- Right to Delete: Request deletion of your personal information (subject to certain exceptions)
- Right to Opt-Out of Sale: We do NOT sell your personal information. See our Do Not Sell My Personal Information page.
- Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights
- Right to Correct: Request correction of inaccurate personal information
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information in ways that require this right
7.3 How to Exercise Your Rights
To exercise any of these rights, please contact us at jeff@podalpha.tech. We will respond to your request within 30 days (or as required by applicable law).
To delete your account directly, visit your account settings or use the delete account feature at /settings.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to maintain your session and provide our Service. Specifically:
- Essential Cookies: Session cookies required for authentication and login functionality (Supabase Auth cookies)
- Functionality Cookies: Cookies that remember your preferences (e.g., email notification settings)
We do NOT use third-party analytics cookies, advertising cookies, or tracking pixels. The cookies we use are strictly necessary for the operation of our Service.
For more information, see our Cookie Policy.
9. Email Communications
We send you emails for the following purposes:
- Transactional Emails: Account verification, password resets, subscription confirmations, billing notifications
- Marketing/Content Emails: Content summaries, curated insights, and highlights based on your selected frequency (hourly, daily, or weekly)
You can opt out of marketing emails by:
- Clicking the unsubscribe link in any email we send
- Updating your email preferences in your account settings
- Contacting us at jeff@podalpha.tech
Please note that even if you opt out of marketing emails, we may still send you transactional emails related to your account or subscription.
10. Children's Privacy
Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at jeff@podalpha.tech, and we will delete such information.
11. International Data Transfers
Your personal information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.
We use service providers (Supabase, Stripe, Resend) that may process data in the United States and other jurisdictions. By using our Service, you consent to the transfer of your information to these jurisdictions.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:
- Posting the updated policy on this page with a new "Last Updated" date
- Sending you an email notification (for material changes)
Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
14. California Online Privacy Protection Act (CalOPPA) Compliance
In accordance with CalOPPA, we agree to the following:
- Users can visit our site anonymously (before creating an account)
- This Privacy Policy is linked in our website footer and is easily accessible
- Our Privacy Policy link includes the word "Privacy" and can be easily found on the page specified above
- You will be notified of any Privacy Policy changes on this page
- You can change your personal information by logging in to your account settings
Effective Date: October 1, 2025