Privacy Policy
[BRACKETED] placeholders before
publishing.Last updated: July 14, 2026
1. Who We Are
PodKit ("we," "us," "our") operates a podcast data API at podkitapp.com. This Privacy Policy explains what information we collect from you as an API customer, how we use it, and your rights regarding it. This policy covers our customers (developers and businesses using our API) — not the podcast creators whose publicly published content our API surfaces, and not their listeners.
Contact us about privacy matters at support@podkitapp.com.
2. Information We Collect
Account information you provide:
- Email address, collected when you sign up for a free API key or subscribe to a paid plan.
Information generated by your use of the Service:
- A cryptographic hash of your API key (we do not store the raw key after initial generation).
- Request/usage counts per API key, used to enforce plan quotas and rate limits — we log request counts and timestamps, not the substantive content of your queries beyond what's operationally necessary (e.g., which endpoint was called, for rate-limiting and debugging).
- Basic technical logs (IP address, timestamps, error details) for security, abuse prevention, and troubleshooting, retained for a limited period.
Information from billing:
- If you subscribe to a paid plan, billing and payment processing is handled entirely by Polar Software, Inc., our merchant of record. We receive your email, subscription status, and plan tier from Polar to provision your API key — we do not receive or store your payment card details. Polar's own privacy policy governs the payment data they process.
We do not collect: payment card numbers, government ID numbers, precise geolocation, or any special categories of personal data. We do not knowingly collect data from anyone under 18.
3. How We Use Your Information
We use the information above to:
- Provide, operate, and maintain the API (authenticate requests, enforce quotas and rate limits, serve responses).
- Process billing and manage subscriptions, via Polar.
- Send you transactional emails: your API key (on signup or key recovery), and, if you opt into or trigger them, service-related notices.
- Monitor for abuse, security issues, and to keep the Service reliable (e.g., automated alerting on error spikes).
- Respond to support requests you send us.
We do not sell your personal information, and we do not use your account data for advertising or share it with data brokers.
4. Who We Share Data With (Subprocessors)
We use the following third-party service providers to operate PodKit. Each processes a limited slice of data necessary for their specific function:
| Provider | Purpose | Data involved |
|---|---|---|
| Cloudflare | Hosting, API infrastructure, DDoS/security | All API traffic passes through Cloudflare's network |
| Supabase | Database (stores hashed API keys, usage counters, cached podcast data) | Email, hashed API keys, usage counts |
| Polar Software, Inc. | Payment processing, merchant of record | Email, subscription/plan status, payment details (held by Polar, not us) |
| Resend | Transactional email delivery (API key delivery, key recovery) | Email address, email content |
We do not share your data with these providers for their own independent marketing purposes — only to the extent needed for them to perform the service they provide us.
Separately, PodKit's API itself retrieves data from the Apple iTunes Search API and the Podcast Index API to serve podcast content to you. These are data sources for the Service's core function, not processors of your personal customer data.
We may also disclose information if required by law, to enforce our Terms of Service, or to protect the rights, property, or safety of PodKit, our users, or others.
5. Data Retention
- We retain your account (email, hashed key, plan) for as long as your account is active, and for a reasonable period after cancellation for billing records and support purposes.
- Temporary records used to deliver a newly issued API key are automatically purged shortly after delivery (or after a longer window if never viewed), via an automated cleanup process.
- Usage/request counters are retained on a rolling monthly basis for quota enforcement and are not kept indefinitely at fine-grained detail.
- You can request deletion of your account and associated data at any time (see Section 7).
6. Data Security
- API keys are never stored in raw/plaintext form — only a one-way cryptographic hash is retained, meaning even we cannot recover a lost key.
- Secrets and credentials used to operate the Service are stored using Cloudflare's encrypted secrets management, not in plaintext configuration.
- No method of transmission or storage is 100% secure, and we can't guarantee absolute security, but we take reasonable technical measures appropriate to the scale of the Service.
7. Your Rights
Depending on your location, you may have rights to access, correct, export, or delete the personal data we hold about you, or to object to or restrict certain processing. To exercise any of these rights, email support@podkitapp.com — we'll respond within a reasonable time.
If you're in the EU/UK or California and believe we haven't adequately addressed your request, you may have the right to lodge a complaint with your local data protection authority. [Placeholder — confirm specific regional rights language (GDPR Art. 15-22, CCPA, etc.) with a lawyer if you serve those regions at meaningful scale.]
8. Cookies
Our website and dashboard use only the minimal cookies/local storage necessary for core functionality (e.g., keeping you logged into an admin session, if applicable). We do not use third-party advertising or tracking cookies. [Placeholder — update this if you later add analytics tooling that sets cookies, and disclose accordingly.]
9. International Data Transfers
Our infrastructure providers (Cloudflare, Supabase, Polar, Resend) operate globally, which means your data may be processed in countries other than your own, including the United States. [Placeholder — if you serve EU/UK customers at scale, you’ll want to confirm each subprocessor’s applicable transfer mechanism (e.g., Standard Contractual Clauses) with a lawyer.]
10. Children's Privacy
The Service is not directed at, and we do not knowingly collect personal information from, anyone under 18. If you believe a minor has provided us personal information, contact us and we'll delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We'll post the updated version here with a new "Last updated" date. If changes are material, we'll make reasonable efforts to notify active account holders by email.
12. Contact
Questions or requests regarding this policy or your data: support@podkitapp.com.