Privacy Policy

1. Controller

The controller within the meaning of the GDPR is:

Tim Niko Tegtmeyer
Kattenbrookstrift 59
30539 Hannover
Germany
Email: contact@podquery.ai

2. Data processing principles

We process personal data only to the extent necessary to provide a functional website and our services. Processing takes place only with the user's consent or where another legal basis under the GDPR applies.

3. Server logs

Our web server records the following access data on each request:

• Date and time of access
• URL accessed and HTTP status code
• Data volume transferred
• Referrer URL and browser user-agent

We do not store the end-user IP address in plaintext in our web-server logs and do not persist it in our database. For abuse mitigation (rate-limiting, brute-force protection) we process the IP address transiently: a hashed, non-reversible token is held in volatile cache for at most one hour, then automatically discarded. The token cannot be linked back to an individual.

Legal basis for this security processing: Art. 6(1)(f) GDPR in conjunction with Recital 49 (legitimate interest in network and information security). Web-server access logs are deleted after 30 days at the latest and are not combined with other data sources.

Actions performed by authenticated users are recorded in an audit log (date, action, affected resource). The IP address is captured in this audit log only for actions performed by our administrators — not for routine customer activity. The audit log is automatically purged after 90 days.

The server is hosted within the European Union.

4. Registration and user account

Using podQuery requires registration. We collect:

• Email address (required, used as login name)
• Password (stored exclusively as a hash, never in plain text)
• Registration timestamp

Legal basis: Art. 6(1)(b) GDPR (contract performance). Data is stored for the duration of the contractual relationship. After termination and expiry of statutory retention periods (max. 10 years for tax-relevant data), the data is deleted.

5. Subscription and payment processing (Mollie)

We use the payment service provider Mollie Payments B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands.

The following data is transmitted to Mollie when subscribing:

• Email address
• Payment instrument data (card, IBAN or PayPal — depending on chosen method)
• Transaction data (amount, date, status)

Mollie processes this data as a data processor under Art. 28 GDPR. Mollie's privacy policy: https://www.mollie.com/en/privacy.

6. Usage data

We process the following usage-related data:

• Number of podcast episodes processed per month
• API accesses and usage statistics
• Workspace status and configuration

Legal basis: Art. 6(1)(b) and Art. 6(1)(f) GDPR.

7. Podcast content, transcription and AI processing

RSS feeds and the transcriptions, summaries, and indexes created from them are processed and stored exclusively for the respective user account. One user's content is not accessible to other users. After account termination, all user-specific content and workspace data is deleted within 30 days.

For transcription, semantic indexing, and textual processing of episode content we use the following data processors under Art. 28 GDPR. For all US providers, EU Standard Contractual Clauses (SCCs) serve as the transfer basis pursuant to Art. 46(2)(c) GDPR.

• RunPod, Inc. (USA) — cloud GPU compute infrastructure for audio and AI processing. Privacy policy.
• Anthropic, PBC / Anthropic Ireland, Limited (USA / Ireland) — AI-assisted processing and analysis of episode text. Inputs and outputs are retained per Anthropic's standard retention for a maximum of 30 days; upon termination all customer data is deleted within 30 days. Anthropic DPA: data-processing-addendum; sub-processor list: trust.anthropic.com/subprocessors.
• OpenAI, L.L.C. (USA) — semantic embeddings for search. Privacy policy.

Audio files are not permanently stored at external providers; they are transmitted for processing and automatically discarded after processing, within each provider's retention window (max. 30 days, typically significantly shorter).

8. Cookies

We use only technically necessary session cookies required for login and secure session management. No tracking, advertising, or analytics cookies are used. Session cookies are automatically deleted when the browser is closed.

9. No sharing with third parties for advertising or sale

Personal data is not sold or shared with third parties for advertising purposes. Transmission to data processors occurs solely within the scope of the purposes described in sections 5 (payment processing) and 7 (AI and transcription services); any further transmission to third parties occurs only where legally required.

10. Your rights

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

To exercise your rights, contact us by email: contact@podquery.ai

11. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. You may contact the authority in your country of residence or the authority responsible for our location in Lower Saxony, Germany: www.lfd.niedersachsen.de

12. Data security

All data transmission between your browser and our server is encrypted via HTTPS (TLS).

Last updated: May 2026