PRIVACY POLICY FOR FLIGHTCAST

Last updated: February 8, 2026

OWNER AND DATA CONTROLLER

Flightcast, Inc
8581 Santa Monica Blvd #174
Los Angeles, CA 90069
United States

Owner contact email: [email protected]

This Privacy Policy describes how Flightcast, Inc (the "Owner," "we," "us," or "our") as the Data Controller, collects, uses, and shares your personal information when you use our podcast hosting and distribution platform at flightcast.com (the "Service").

Users are responsible for any third-party Personal Data obtained, published, or shared through the Service. When you upload podcast content containing voices, likenesses, or other personal information of guests or third parties, you are responsible for obtaining necessary permissions and complying with applicable privacy laws.

This document can be printed for reference by using the print command in the settings of any browser.

TABLE OF CONTENTS

1. Information We Collect
2. How We Use Your Information
3. How We Share Your Information
4. Third-Party Services and Integrations
5. Cookies and Tracking Technologies
6. Data Security
7. Data Retention
8. Your Rights and Choices
9. International Data Transfers
10. Children's Privacy
11. California Privacy Rights
12. GDPR Rights (European Users)
13. Changes to This Policy
14. Contact Us

1. INFORMATION WE COLLECT

1.1 Personal Information You Provide

Account Information:

• Email address
• Name
• Password (encrypted)
• Workspace and team names
• Payment information (processed securely by Stripe)

Podcast Content:

• Podcast titles, descriptions, and artwork
• Episode audio and video files
• Episode metadata (titles, descriptions, timestamps, chapter markers)
• Transcripts (generated or uploaded)
• Show notes and supplementary materials

Platform Connection Data: When you connect third-party platforms to distribute your podcast, we collect and store:

• OAuth access tokens and refresh tokens
• Platform account identifiers (YouTube channel IDs, Spotify show IDs, Apple Podcasts IDs)
• Platform-specific configuration settings

1.2 Information Automatically Collected

Usage Data:

• IP address
• Browser type and version
• Device information (operating system, device type)
• Pages visited and features used
• Time spent on pages
• Referring URLs
• Click data and navigation patterns

Analytics Data:

• Podcast and episode performance metrics
• Listener demographics (when available from platforms)
• Geographic data
• Engagement metrics (plays, downloads, completion rates)
• Traffic sources

Technical Data:

• Session IDs (encrypted and securely stored)
• Authentication tokens (encrypted)
• API usage logs
• Error logs and debugging information

1.3 Information from Third-Party Platforms

We integrate with platforms in two different ways:

OAuth-Authenticated Platforms (with explicit authorization):

When you explicitly authorize us via OAuth to access your accounts on platforms like YouTube and Spotify, we receive:

From YouTube (via YouTube API Services):

Flightcast uses YouTube API Services to provide YouTube integration features. When you connect your YouTube account, we access and store the following data:

• Channel information (name, ID, subscriber count)
• Video metadata and analytics
• Upload history and video performance data
• Playlist information and video listings
• OAuth access and refresh tokens (encrypted)

From Spotify:

• Show information (name, ID, follower count)
• Episode metadata and analytics
• Listener demographics and engagement data
• OAuth access and refresh tokens (encrypted)

RSS-Based Platforms (no account access):

For platforms that work via RSS feeds (Apple Podcasts, Google Podcasts, and other podcast directories), we do NOT have access to your account on those platforms. We only:

• Generate and serve your podcast's RSS feed
• Receive standard web request data when podcast apps/directories fetch your feed (IP addresses, user agents, timestamps)
• Track episode downloads via our hosting infrastructure (IP addresses, timestamps, geographic data)

We cannot access your Apple Podcasts Connect account, Spotify for Creators account (separate from Spotify OAuth above), or accounts on other RSS-based directories. We only provide the RSS feed that those platforms read.

2. HOW WE USE YOUR INFORMATION

We use the information we collect to:

2.1 Provide and Improve the Service

• Create and manage your account
• Host and distribute your podcast content
• Publish episodes to connected platforms (YouTube, Spotify, Apple Podcasts, etc.)
• Generate RSS feeds for podcast directories
• Process and transcode media files
• Generate transcripts using AI
• Create chapter markers and timestamps
• Generate AI-powered content (titles, descriptions, show notes)
• Create and manage podcast clips
• Insert and manage dynamic advertisements
• Aggregate analytics from multiple platforms
• Provide customer support

2.2 Analytics and Product Development

• Analyze usage patterns to improve our Service
• Develop new features and functionality
• Troubleshoot technical issues
• Monitor and prevent fraud and abuse

2.3 Communications

• Send service-related notifications
• Respond to your inquiries and support requests
• Send account and billing updates
• Provide product updates and feature announcements (with your consent)

2.4 Legal and Security

• Comply with legal obligations
• Enforce our Terms of Service
• Protect against security threats
• Investigate and prevent fraud or illegal activities

3. HOW WE SHARE YOUR INFORMATION

3.1 With Your Consent

We distribute your podcast content to the platforms you authorize, including:

• YouTube
• Spotify
• Apple Podcasts
• Other podcast directories and platforms you connect

3.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

Hosting and Infrastructure:

• Cloudflare (content delivery, security, Workers platform)
• Amazon Web Services (data storage and processing)

Payment Processing:

• Stripe (subscription payments and billing)

Media Processing:

• Coconut (video transcoding)
• AWS S3 (media storage)
• Cloudflare R2 (media storage and delivery)

AI and Transcription:

• OpenAI (transcription, content generation)
• OpenRouter (AI model access)
• Opus Pro (clip generation)
• RunPod (AI computation)

Analytics:

• Tinybird (analytics data processing)
• PostHog (product analytics)

Communication:

• Resend (transactional emails)

Platform APIs:

• YouTube API (video distribution and analytics)
• Spotify API (audio distribution and analytics)
• Apple Podcasts Connect (RSS distribution)
• Megaphone (legacy podcast host integration)
• Other podcast platform APIs as you connect them

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

3.4 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights or property
• Prevent fraud or security issues
• Protect the safety of our users or the public

3.5 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

4. THIRD-PARTY SERVICES AND INTEGRATIONS

4.1 Platform Integrations

We integrate with podcast distribution platforms in two distinct ways:

OAuth-Authenticated Integrations (YouTube, Spotify):

For platforms that support OAuth authentication, when you explicitly connect your account, you authorize us to:

• Access your account on those platforms via OAuth tokens
• Publish content on your behalf (videos, episodes)
• Retrieve analytics data from your account
• Manage episode metadata and settings
• Synchronize content status and performance metrics

Each OAuth platform has its own privacy policy:

• Google Privacy Policy
• Spotify Privacy Policy

YouTube API Services:

Flightcast uses YouTube API Services to enable YouTube integration features such as publishing videos, syncing analytics, and managing playlists. By using these features, you agree to be bound by the YouTube Terms of Service and the Google Privacy Policy.

When you connect your YouTube account, we collect and store: channel information (name, ID, subscriber count), video metadata (titles, descriptions, thumbnails, tags, categories), video analytics (views, likes, comments, audience retention), playlist information, and OAuth tokens. This data is used solely to provide the YouTube integration features within our Service.

Deleting Your Stored YouTube Data:

You may request deletion of your stored YouTube data at any time by:

• Disconnecting your YouTube account from Flightcast through your podcast settings within the Service, which will delete all stored OAuth tokens within 24 hours
• Contacting us at [email protected] to request deletion of all YouTube-related data associated with your account (including channel information, video metadata, and analytics data). We will process such requests within 30 days.
• Deleting your Flightcast account entirely, which will remove all data including YouTube-related data (subject to backup retention of up to 90 days)

Revoking Flightcast's Access to Your YouTube Data:

In addition to disconnecting within Flightcast, you can revoke Flightcast's access to your Google account data at any time by visiting the Google security settings page. Revoking access through Google will immediately prevent Flightcast from accessing your YouTube account, though previously stored data will be retained until you request its deletion as described above.

RSS-Based Distribution (Apple Podcasts, Google Podcasts, etc.):

For RSS-based podcast directories, we do NOT connect to or access your account on those platforms. Instead:

• We generate a standards-compliant RSS feed for your podcast
• You manually submit this RSS feed URL to podcast directories
• Those platforms read the public RSS feed to discover and display your episodes
• We track downloads when listeners access episodes through our hosting infrastructure
• We receive standard web server logs (IP addresses, user agents, timestamps) when your RSS feed is accessed

We cannot and do not access your Apple Podcasts Connect, Google Podcasts Manager, or other directory accounts. The RSS feed is a one-way public feed that those platforms read.

Important: For RSS-based platforms, any analytics or account management must be done directly on those platforms. We can only provide download statistics from our hosting infrastructure.

4.2 OAuth and Access Tokens

We store OAuth access and refresh tokens to maintain your connections to third-party platforms. These tokens are:

• Encrypted at rest
• Used only for authorized purposes
• Automatically refreshed as needed
• Deleted when you disconnect a platform

4.3 Revoking Platform Access

You can revoke our access to third-party platforms at any time by:

• Disconnecting the platform in your Flightcast settings
• Revoking access directly on the third-party platform (for YouTube/Google, visit Google's security settings page)
• Contacting our support team at [email protected]

5. COOKIES AND TRACKING TECHNOLOGIES

5.1 Types of Cookies We Use

Essential Cookies:

• Authentication and session management
• Security features
• Service functionality
• Transmitted securely over HTTPS

Analytics Cookies:

• Usage tracking
• Performance monitoring
• Feature usage analysis

Preference Cookies:

• User settings and preferences
• Interface customization
• Language preferences

5.2 Third-Party Cookies

Our service providers may use cookies for:

• Payment processing (Stripe)
• Analytics (PostHog, Tinybird)
• Content delivery (Cloudflare)
• AI processing (OpenAI, OpenRouter)

5.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit your ability to use some features of our Service.

5.4 Do Not Track

We currently do not respond to Do Not Track signals, as there is no industry standard for how to interpret them.

6. DATA SECURITY

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your information:

Encryption and Secure Connections:

• All connections to our Service use HTTPS with industry-standard SSL/TLS encryption
• All data transmitted between your browser and our servers is encrypted in transit
• Sensitive data is encrypted at rest
• Database connections use encrypted channels

Session Security:

• User sessions are secured using industry-standard methods
• Session cookies are configured with security best practices
• Sessions automatically expire after periods of inactivity
• Sessions are invalidated immediately upon logout

Authentication and Access Controls:

• Passwords are securely hashed using industry-standard methods
• Role-based access control for team members
• Secure API authentication
• Regular automated backups

6.2 OAuth Token Security

Platform OAuth tokens are:

• Encrypted using industry-standard encryption
• Stored separately from other user data
• Accessed only through secure, authenticated channels
• Automatically rotated when possible

6.3 Media File Security

Your podcast content is:

• Stored in secure cloud storage (AWS S3, Cloudflare R2)
• Transmitted over encrypted connections
• Access-controlled based on your distribution settings
• Backed up regularly

6.4 Security Limitations

While we implement reasonable security measures to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You acknowledge and accept these inherent risks when using the Service.

7. DATA RETENTION

7.1 Account Data

We retain your account information and podcast content for as long as your account is active or as needed to provide you services.

7.2 Podcast Content

• Active Content: Retained while your account is active and content is published
• Deleted Content: Removed from active storage within 30 days of deletion
• Backup Retention: May remain in backups for up to 90 days

7.3 Analytics Data

• Aggregated Data: Retained indefinitely for product improvement
• Individual User Data: Retained for up to 24 months unless deletion is requested

7.4 OAuth Tokens

• Retained while platform connection is active
• Deleted within 24 hours of disconnection

7.5 Payment Information

Payment data is processed and stored by Stripe according to their retention policies. We retain billing records for 7 years for tax and accounting purposes.

7.6 Legal Obligations

We may retain information longer if required by law or for legitimate legal purposes.

8. YOUR RIGHTS AND CHOICES

8.1 Access and Portability

You can:

• Access your account information through your dashboard
• Download your podcast content at any time
• Export your analytics data
• Request a copy of your personal information

8.2 Correction and Updates

You can update your account information, podcast metadata, and settings at any time through your dashboard.

8.3 Deletion

You can:

• Delete individual episodes or podcast content
• Delete your entire account
• Request deletion of specific personal information

To delete your account, contact us at [email protected].

8.4 Marketing Communications

You can opt out of marketing emails by:

• Clicking the unsubscribe link in any marketing email
• Updating your email preferences in your account settings

You cannot opt out of essential service communications (security alerts, billing notifications, etc.).

8.5 Platform Connections

You can disconnect third-party platforms at any time, which will:

• Stop new content distribution to that platform
• Delete stored OAuth tokens
• Remove access to platform analytics

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Location

Our services are hosted in the United States and data is processed globally through our service providers. If you access our Service from outside the United States, your information will be transferred to, stored in, and processed in the United States and other jurisdictions where our service providers operate.

9.2 European Users and Transfer Safeguards

For users in the European Economic Area (EEA), United Kingdom (UK), or Switzerland:

Transfer Mechanism:
When we transfer your personal data outside the EEA/UK/Switzerland, we rely on appropriate transfer mechanisms including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Service providers participating in recognized adequacy frameworks
• Other lawful transfer mechanisms as permitted by applicable law

Your Rights:
You have the right to obtain information about the safeguards we use for international transfers. Please contact us at [email protected] for details about specific transfers.

Data Protection Laws:
We comply with applicable data protection laws, including GDPR and UK GDPR. See Section 12 for specific GDPR rights.

10. CHILDREN'S PRIVACY

Our Service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately at [email protected].

11. CALIFORNIA PRIVACY RIGHTS

11.1 CCPA Rights

If you are a California resident, you have the right to:

• Know: Request disclosure of the personal information we collect, use, and share
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the "sale" of personal information (we do not sell your information)
• Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

11.2 Exercising Your Rights

To exercise these rights, contact us at [email protected]. We will verify your identity before processing your request.

11.3 Shine the Light

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

12. GDPR RIGHTS (EUROPEAN USERS)

12.1 Legal Basis for Processing

We process your personal information under the following legal bases:

• Contract Performance: To provide the Service you've subscribed to
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Consent: When you've provided explicit consent (e.g., marketing communications)
• Legal Obligations: To comply with laws and regulations

12.2 Your GDPR Rights

You have the right to:

• Access: Obtain confirmation of whether we process your personal data and receive a copy
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Restrict processing of your personal data
• Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement

12.3 How to Exercise Your Rights

Email us at [email protected] to exercise any of these rights. We will respond within one month as required by GDPR.

Any requests are free of charge and will be processed as early as possible. We may request additional information to verify your identity before fulfilling your request.

12.4 Data Protection Contact

For GDPR-related inquiries, contact us at [email protected].

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date
• Sending an email notification (for material changes)
• Displaying a prominent notice on our Service

Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact us at:

Flightcast, Inc
8581 Santa Monica Blvd #174
Los Angeles, CA 90069
United States

Email: [email protected]

ADDITIONAL INFORMATION

Who Has Access to Your Data

In addition to the Owner, your data may be accessible to certain persons involved with the operation of the Service, including:

• Technical and engineering staff
• Customer support staff

External parties that may access data as Data Processors include:

• Third-party technical service providers (hosting, CDN, transcoding)
• Payment processors (Stripe)
• Email service providers (Resend)
• Analytics platforms (Tinybird, PostHog)
• AI service providers (OpenAI, OpenRouter, Opus Pro)

The updated list of Data Processors may be requested from the Owner at any time.

System Logs and Maintenance

For operation and maintenance purposes, the Service and any third-party services may collect files that record interaction with the Service (System logs) or use other Personal Data (such as IP Address) for this purpose. These logs help us:

• Troubleshoot technical issues
• Debug errors and fix bugs
• Monitor basic service health

System logs are typically retained for up to 90 days.

Legal Action

Your Personal Data may be used for legal purposes by the Owner in court or in the stages leading to possible legal action arising from improper use of the Service or related Services. You acknowledge that the Owner may be required to reveal personal data upon request of public authorities or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Information Not Contained in This Policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document. We will respond to such requests within a reasonable timeframe.

DEFINITIONS AND LEGAL REFERENCES

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through the Service (or third-party services employed in the Service), which can include: IP addresses, browser type, device information, pages visited, time spent on pages, unique device identifiers, operating system, mobile network information, and other diagnostic data.

User

The individual using the Service who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Processor)

The natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of the Service. The Data Controller, unless otherwise specified, is the Owner of the Service (Flightcast, Inc).

Service

The podcast hosting and distribution platform provided by Flightcast, Inc as described in this privacy policy and at flightcast.com.

Cookies

Small sets of data stored in the User's browser that enable the Service to recognize return visitors and maintain session state.

Tracker

Tracker indicates any technology - e.g., Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User's device.

This privacy policy relates solely to the Service operated at flightcast.com, unless otherwise stated within this document.