Privacy & cookies

Last updated: 2026-05-31 · Draft

Feedcaster turns the sources you choose into a short audio briefing. This page explains what we collect, the cookies we use, and your choices. We keep data to the minimum we need to run the service.

What we collect about you

• Account — your email address.
• Your setup — the interests, topics, sources, length and schedule you pick, and the pods you generate.
• Spotify import (optional) — if you connect Spotify, we read the shows you follow (read-only) to build your library. We don't post or change anything on Spotify.
• Usage analytics — product analytics in PostHog (EU-hosted). Before you make a cookie choice this runs anonymously with no cookies or device storage and with your IP discarded. If you accept Analytics, we link your session to your account and remember you across visits.

How we measure traffic without identifying you

Two cookieless measurement streams run for every visitor — consented or not — so we can tell which marketing campaigns bring people who actually use the product. Neither captures personal data or links to your account.

• Server-side aggregate counts — we log which pages get visited and from which marketing campaign in our own database. No cookies, no device storage, no account link. The only identifier is a hash of your IP + browser combined with a salt that rotates each day, so the value can't be threaded across days and can't be reversed to identify you. Lawful basis: legitimate interest (audience measurement, per CNIL guidance and GDPR Recital 49).
• Anonymous session recordings — visual playback of clicks, scrolls and navigation between pages, so we can see where visitors hesitate or drop off. Recordings are captured with every visible text node and every form input masked by default, so the playback shows the shape of your journey but never the words on the page, the text you typed, or anything that could identify you. The recording session lives in browser memory only; it isn't persisted with a cookie and isn't linked to your account. Lawful basis: legitimate interest (audience measurement); same scope as above.

Cookies & tracking

• Essential — always on. Sign-in/session and security; the service can't work without them.
• Analytics — optional. Product analytics (PostHog) and, if enabled, Google Analytics. Before consent this runs anonymously with no cookies or storage; accepting lets us store a cookie to recognise you across visits and link events to your account.
• Marketing — optional. Ads measurement (Google, Meta) so we can see which campaigns bring people who love the product. With your consent this can include sharing a hashed (irreversibly encoded) email with Meta or Google so they can match conversions back to your account there. We never share your email in plain text. Marketing tags don't fire at all until you accept.

Your choices

You can change your cookie choice any time via Cookie settings in the footer. We honour your browser's Global Privacy Control (GPC) signal as a Marketing opt-out.

• If you tap Reject, we don't store anything on your device and we don't run advertising tags. The two cookieless streams in the section above keep running because they don't identify you; everything else stops.
• If you accepted Analytics and later revoke, we erase the analytics data linked to you — including pre-signup events from sessions we connected to your account — and stop capturing.
• Deleting your account erases your account data and the analytics data linked to you. Anonymous data that was never linked to you may remain in aggregate, as it can't be traced back to you.

Who processes your data

We use trusted providers to run Feedcaster: Supabase (database, EU — Ireland), Fly.io (hosting, EU — Stockholm), Resend (email), Spotify (import, if you connect it), and processing for the briefings themselves (Google Gemini, edge-TTS). With your consent we also use PostHog (analytics, EU) and Google / Meta for analytics and ads measurement.

Where your data is stored & international transfers

Your account data, library and briefings are stored in the EU (database in Ireland, hosting in Sweden) and usage analytics on PostHog's EU infrastructure. Some providers (e.g. Resend for email and, with consent, Google and Meta) are based in the United States; where data is transferred outside the EU/EEA we rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses.

How long we keep it

We keep your account data and library for as long as your account is active. If you ask us to delete your account we remove your personal data within a reasonable period, except where we must keep limited records to meet legal obligations. Email verification codes are short-lived. Session-recording playbacks are retained per our analytics provider's defaults and never beyond what we need for audience-measurement purposes.

Your rights (EU/EEA)

Under the GDPR you can access, correct, export, or delete your data, object to or restrict processing, and withdraw consent at any time (without affecting prior processing). You can also lodge a complaint with your supervisory authority — in Sweden, the IMY (Integritetsskyddsmyndigheten). You can export or delete your data yourself anytime in Settings, or email hello@feedcaster.fm.

Your rights (US / California)

If you're a California resident, you have rights to know, delete, and correct your personal information, and to opt out of its "sale" or "sharing." We do not sell your personal information. We only share data with advertising partners (Google, Meta) for measurement if you grant Marketing consent, and we honor Global Privacy Control (GPC) browser signals as an opt-out. Use Cookie settings in the footer to change your choice.

Contact

Questions? hello@feedcaster.fm.