Privacy Policy

This Privacy Policy describes how Episo (“Episo,” “we,” “us”) collects, uses, and shares information when you use our website at episo.io and our related services (the “Service”). By using the Service you agree to the collection and use of information as described here.

1. Information we collect

1.1 Account information

When you create an account, we collect your email address and a display name. If you sign in with Google, we receive your name, email address, and profile picture from Google's OAuth API. If you sign up with an email and password, we store your password as a bcrypt hash — we never store or have access to your raw password.

1.2 Content you submit

When you submit a podcast URL or audio file, we collect the source URL, audio file, generated transcript, derived metadata (episode title, show, duration, publish date), and any chat messages you exchange with the transcript. Audio files are stored in our object storage. Transcripts and chat messages are stored in our primary database.

1.3 Billing information

Payment card data is collected and processed directly by Stripe or PayPal. We never see or store full card numbers. We retain your Stripe customer ID (or PayPal subscription ID), plan, billing interval, and subscription state to provide and renew the Service.

1.4 Usage telemetry

When you view a public episode or podcast page, we record the page view together with the requesting IP address and user agent for anti-abuse and trending-content ranking. We also use product analytics (PostHog, EU region) to understand which features people use and where they get stuck: page views, button clicks on pricing and checkout, and billing lifecycle events (subscription start, upgrade, downgrade, cancel, refund). Events are keyed to your user id once you sign in. We do not use Google Analytics, Facebook pixel, or other ad-network trackers.

1.5 Cookies

We use first-party cookies strictly necessary to keep you signed in (an HTTP-only session cookie issued by our auth system) and, if you visited via a referral link, a short-lived cookie that records the referral code so that the referring user receives credit at sign-up. We do not use advertising or cross-site tracking cookies.

2. How we use information

• To provide, operate, and maintain the Service.
• To process your podcast URLs and audio files into transcripts and answer chat queries about that content.
• To bill you and manage your subscription.
• To send transactional emails (sign-in confirmations, billing receipts, account notices). We do not send marketing email without your opt-in.
• To detect abuse, enforce our Terms of Service, and comply with legal obligations.

3. Sub-processors

We share information with the following sub-processors, each of which is contractually bound to use that information only to provide their service to us:

• Neon — managed Postgres hosting (account data, transcripts, chat history).
• OpenAI — audio transcription (Whisper) and embedding generation. Audio chunks and transcript snippets are sent to OpenAI as part of processing.
• Google Gemini — chat responses. Your questions and relevant transcript excerpts are sent to Gemini at the moment you send a message.
• AssemblyAI — alternative transcription provider used for some workloads.
• Amazon Web Services / MinIO — audio file storage.
• Stripe and PayPal — payment processing.
• Resend — transactional email delivery.
• Google OAuth — sign-in (if you use the Google sign-in option).
• Sentry — error and crash reporting. Stack traces may include your user ID but no transcript content.
• Better Stack — uptime monitoring; no user data is sent.
• PostHog (EU region, eu.i.posthog.com) — product analytics. Receives anonymous and identified event data (page views, feature clicks, billing lifecycle events). Hosted in the EU so events stay in-region.

We do not sell your personal information to third parties.

4. International data transfers

Our sub-processors operate primarily in the United States and the European Union. By using the Service, you consent to the transfer of your information to jurisdictions outside your own. We rely on Standard Contractual Clauses or equivalent safeguards where required.

5. Data retention

We retain account information, transcripts, and chat history for as long as your account is active. Audit log entries for administrative actions (account bans, credits) are retained indefinitely. Backups (Postgres point-in-time recovery) are retained for up to seven days.

6. Your rights

• Access — you can view your account information, transcripts, and chat history at any time from your dashboard.
• Correction — you can update your display name and email from the Settings page.
• Deletion — you can permanently delete your account at Settings → Delete account. Deletion cascades through your transcripts and chat history within the live database. Backups age out within seven days.
• Export — you can request a copy of your data by emailing privacy@episo.io. A self-service export endpoint is on our roadmap.
• Objection and restriction — if you are in the EU/UK, you may object to or request restriction of certain processing by contacting us.

We respond to verifiable requests within 30 days.

7. Security

We encrypt data in transit (HTTPS / TLS) and at rest at the storage layer. Passwords are bcrypt-hashed. Access to production infrastructure is restricted to the founder. Despite reasonable precautions, no system is perfectly secure; if a breach affects your data we will notify you without undue delay.

8. Children

The Service is not directed to children under 16. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced via email or an in-product notice. The “Last updated” date at the top of this page reflects the latest revision.

10. Contact

Questions about this policy or your data can be sent to privacy@episo.io.