Privacy

Privacy Policy

Last updated 18 May 2026

1. Who we are

PodPitchr is operated by S&H Creatives LTD, a company registered in England and Wales. For UK GDPR purposes, we are the data controller of the personal data described in this policy.

Contact for privacy enquiries: privacy@podpitchr.com.

2. What data we collect

We collect the following categories of personal data:

  • Account data — email address, password (hashed), display name. Collected at signup, required to provide the service.
  • Profile data — Instagram handle, bio, niches, achievements, voice samples (the captions you paste so the AI can mimic your writing style), business stage, target audience, preferred languages and regions, calendar URL, email signature.
  • Sending data — connected mailbox addresses and OAuth refresh tokens, or SMTP credentials you provide, used only to send pitches you initiate.
  • Pitch data — subject lines and bodies of pitches you draft and send, the opportunities you pitch to, send/open/click/bounce events from our email delivery provider, and replies that arrive on our domain via CC tracking.
  • Billing data — subscription tier, billing period, and a billing-provider customer identifier. We do not store full payment card details — these are held by our PCI-compliant payment provider.
  • Usage data — counts of pitches sent, searches run, email-finder runs per billing period, for quota enforcement.
  • Diagnostic data — basic server logs (timestamps, IP, status codes) for security and debugging. Retained 30 days.

3. How we use your data

We use your data to:

  • Provide the core service: draft AI pitches in your voice, match you to opportunities, send pitches from your connected mailbox or our shared sending domain.
  • Manage your subscription and process payments via our payment provider.
  • Track open / click / reply events so we can show you pipeline status, cancel follow-ups when a reply arrives, and suppress dead email addresses.
  • Communicate with you about your account, billing, and product updates.
  • Investigate abuse, comply with legal obligations, and protect the service.

Our lawful bases (UK & EU GDPR Article 6) are: performance of a contract(the bulk of processing — providing the service you signed up for), legitimate interests (improving the service, fraud prevention, basic analytics), consent (where you explicitly opt in, such as connecting your own mailbox), and legal obligation (record-keeping for tax and anti-money-laundering).

4. Who we share data with

We rely on a small number of trusted infrastructure and tooling providers. We share only the minimum data each provider needs to perform its function, under written data-processing agreements:

  • Database & authentication — hosts your account and pitch data on EU-region cloud infrastructure with row-level access control.
  • Application hosting — serves the application from edge locations worldwide.
  • Payment processing — processes subscriptions; receives your name, email, and card details (held by the provider, never by us).
  • Email delivery — receives the recipient address, subject, and body of each pitch you send via our shared domain, plus signup-confirmation and lifecycle emails.
  • AI inference — receives the prompt context (your profile, the opportunity, your voice samples) needed to draft each pitch. Our AI provider does not train its models on customer API data.
  • Mailbox APIs — when you connect your own mailbox, we send and read mail through its provider's API using your authorisation. Tokens are stored encrypted.
  • Opportunity catalogue — public podcast metadata only; no personal data is shared.
  • Contact-finding — for the find-host-email feature we send the host's public domain (not your data) to a third-party email-discovery service.

A current list of named subprocessors is available on request from privacy@podpitchr.com. We do not sell your data. We do not share your data for advertising. We do not let third parties scrape your pitches, replies, or contacts.

5. International transfers

Some of our processors operate in the United States. Where we transfer your data outside the UK/EEA, we rely on the UK International Data Transfer Agreement or the EU Standard Contractual Clauses, plus supplementary technical measures (encryption in transit and at rest).

6. How long we keep your data

  • Account + profile data: while your subscription is active, plus 30 days after cancellation, then deleted.
  • Pitch data (sent emails, replies): 12 months from send date, then anonymised aggregate retained for product analytics.
  • Billing records: 7 years (UK HMRC requirement).
  • Server logs: 30 days.

You can request earlier deletion at any time via the contact below; we will action it within 30 days unless we have a legal obligation to retain (e.g. tax records).

7. Your rights

Under UK GDPR / EU GDPR / California CCPA you have the right to:

  • Access the personal data we hold about you (data export).
  • Correct inaccurate data.
  • Delete your data (the 'right to be forgotten').
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time (e.g. disconnect a connected mailbox from Profile).
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local data protection authority.

To exercise any of these rights, email privacy@podpitchr.com. We respond within 30 days.

8. Security

We use industry-standard practices: TLS in transit, encrypted database at rest, encrypted OAuth refresh tokens, row-level access control so creators can only see their own data, signed webhooks, and PCI-compliant external payment processing. No system is perfectly secure; we will notify affected users and the ICO within 72 hours of any material breach as required by law.

9. Cookies

We use only essential cookies needed to keep you logged in (authentication session tokens). We do not use advertising or tracking cookies. If we ever add analytics, we will update this policy and request consent where required.

10. Children

PodPitchr is not directed at people under 18 and we do not knowingly collect data from minors. If you believe a minor has signed up, please email privacy@podpitchr.com and we will delete the account.

11. Changes to this policy

We will email registered users at least 14 days before any material change to this policy. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Questions about this policy or your data: privacy@podpitchr.com.

© 2026 PodPitchr · AI booker for creators