This Privacy Policy explains how Podovo ("we", "us", or "our") collects, uses, shares, and protects information about you when you use our website at podovo.ai, our Wallet feature, and related services. By using our Services, you agree to the practices described in this policy.
Information You Provide Directly
When you register, join our waitlist, or use our Services, we may collect:
- Full name and email address
- Mobile phone number (used for SMS verification via our OTP system)
- Favourite podcast preferences
- Login credentials (email and password, or via Google Sign-In)
Financial Account Information via Plaid
Podovo uses Plaid Technologies, Inc. to enable you to connect your existing bank or credit/debit card accounts to our Wallet feature. When you choose to link a financial account:
- You interact directly with Plaid's secure Link interface
- Plaid may collect your financial institution credentials, account numbers, transaction history, and balance information on our behalf
- Podovo receives limited financial data from Plaid — institution name, account type, and transaction data needed to calculate and award points
- Podovo does not directly collect or store your bank login credentials
By connecting your financial account, you also agree to Plaid's Privacy Policy at plaid.com/legal/privacy-policy. Plaid's collection and use of your data is governed by their terms, not ours.
Information Collected Automatically
- IP address and approximate location
- Browser type, device type, and operating system
- Pages visited, time spent, and clickstream data
- Session tokens and authentication data stored in your browser's session storage
Information from Google Sign-In
If you sign in with Google, we receive your name, email address, and profile picture as permitted by your Google account settings and Google's OAuth policies.
02
HOW WE USE YOUR INFORMATION
| Purpose | Details |
|---|
| Provide Services | Enable wallet functionality, points tracking, podcast linking, and rewards redemption |
| Account Management | Create and manage your account, authenticate identity via OTP and Google Sign-In |
| Financial Connectivity | Connect your card via Plaid to track eligible spend and award points |
| Communications | Send verification codes, transactional notifications, and service updates |
| Security | Detect and prevent unauthorized access, verify phone numbers, monitor for suspicious activity |
| Analytics | Understand how our Services are used and improve features and experience |
| Legal Compliance | Meet legal obligations and respond to lawful requests from authorities |
| Waitlist | Contact you about our launch, product updates, and early access opportunities |
03
HOW WE SHARE YOUR INFORMATION
Podovo does not sell your personal information. We may share your information in the following limited circumstances:
Service Providers
- Plaid Technologies, Inc. — financial account connectivity and transaction data
- Twilio, Inc. — SMS delivery for phone number verification (OTP)
- Airtable — waitlist and user registration data management
- Vercel, Inc. — cloud infrastructure and API hosting
- Webflow, Inc. — website hosting and frontend delivery
- Google LLC — authentication services (Google Sign-In)
All service providers are contractually required to use your information only to provide services to Podovo and in accordance with applicable privacy laws.
Legal Requirements
We may disclose your information if required by law or in response to valid legal process such as a subpoena, court order, or government request. We will notify you of such requests where legally permitted.
Business Transfers
If Podovo is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email prior to your information becoming subject to a different privacy policy.
With Your Consent
We may share your information with third parties when you have given us explicit consent, such as connecting your account with podcaster brand partners to unlock rewards.
04
PLAID-SPECIFIC DATA DISCLOSURES
This section describes how Podovo handles data received through the Plaid API, as required by Plaid's developer policies.
Data Received from Plaid
- Financial institution name and account type
- Transaction history (merchant name, amount, date, category)
- Account balance information
- Account holder name as reported by the financial institution
Purpose Limitation
Data received from the Plaid API is used exclusively for:
- Identifying eligible purchases at podcast brand partner merchants
- Calculating and awarding Podovo points to your account
- Displaying your spending history and rewards within the Podovo Wallet
We do not use Plaid-sourced financial data for advertising, profiling, or any purpose unrelated to the core Podovo rewards service.
Data Retention — Plaid Data
At this stage of development, Plaid API responses are processed transiently and are not persistently stored beyond the active session. As our platform matures, data will be encrypted at rest using AES-256 and retained for no longer than 24 months from the date of collection, or until you delete your account, whichever is sooner.
Revoking Plaid Access
You may disconnect your financial institution at any time by contacting us at craig@podlabs.me. Upon disconnection, we will instruct Plaid to revoke the associated access token and delete any associated financial data within 30 days.
- Account information (name, email, phone): retained for the life of your account plus 12 months after deletion
- Waitlist data: retained until the waitlist programme ends or you request removal
- OTP verification codes: deleted immediately upon successful verification or expiry (5 minutes)
- Session tokens: expire automatically and are not persisted beyond your browser session
- Financial data from Plaid: see Section 4 above
- Analytics data: retained in aggregate, anonymised form indefinitely
To request deletion of your data, contact us at craig@podlabs.me.
- All data in transit is encrypted using TLS 1.2 or higher
- Phone verification codes (OTPs) are stored as HMAC-SHA256 hashes — never in plaintext
- OTP codes expire after 5 minutes and are invalidated immediately after use
- Our backend API enforces rate limiting and brute-force protection on all authentication endpoints
- We use Vercel's serverless infrastructure with automatic security patching and isolated execution environments
- Access to user data is restricted to authorised Podovo personnel on a need-to-know basis
No method of transmission over the internet is 100% secure. In the event of a breach that affects your rights, we will notify you as required by applicable law.
All Users
- Access the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Request deletion of your personal information
- Withdraw consent where consent is the legal basis for processing
- Disconnect your financial institution from Podovo at any time
California Residents (CCPA / CPRA)
- Right to know what personal information we collect, use, disclose, and sell
- Right to delete personal information we have collected from you
- Right to opt-out of sale or sharing of personal information (note: Podovo does not sell personal information)
- Right to non-discrimination for exercising your privacy rights
- Right to correct inaccurate personal information
- Right to limit use of sensitive personal information
To exercise California privacy rights, contact craig@podlabs.me with subject line "California Privacy Request".
EEA / UK Residents (GDPR)
- Right of access, rectification, and erasure
- Right to restrict or object to processing
- Right to data portability
- Right to lodge a complaint with your local supervisory authority
Our lawful bases include: performance of a contract, legitimate interests, consent, and legal obligation.
08
COOKIES & TRACKING TECHNOLOGIES
- Essential cookies: required for the website to function (authentication, session management)
- Analytics cookies: to understand how visitors interact with our site
- Preference cookies: to remember your settings and preferences
You can control cookies through your browser settings. We do not use cookies for cross-site advertising or behavioural profiling.
09
THIRD-PARTY LINKS AND SERVICES
Our Services may contain links to third-party websites, including podcast brand partners. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies independently.
Podovo's Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at craig@podlabs.me and we will delete it promptly.
11
CHANGES TO THIS PRIVACY POLICY
When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify registered users by email at the address associated with their account
- Display a prominent notice on our website for at least 30 days
Your continued use of our Services after the effective date constitutes acceptance of the updated policy.
For any questions, concerns, or requests regarding this Privacy Policy:
Podovo offers rewards and experiences (“Rewards”) through the platform. Rewards may include points, access to experiences, merchandise, digital content, or other benefits.
- Rewards, including points, have no cash value, are not transferable, and are not redeemable for cash unless explicitly stated.
- Users may earn rewards through specific purchases or using Podovo financial products.
- Podovo reserves the right to modify, suspend, or discontinue any rewards, promotions, or programs at any time without notice.
- Users are responsible for any applicable taxes associated with rewards.