Privacy Policy

1. Introduction

Project Chatter Podcast ("we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, listen to our podcast, or interact with our services.

This policy complies with the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal information is:

3. Information We Collect

3.1 Information You Provide

• Guest Applications: Name, email, phone, job title, company, LinkedIn profile, professional bio, headshot photo, suggested topics
• Contact Forms: Name, email, subject, message, inquiry type
• Newsletter Subscriptions: Email address, name (optional)
• Support/Donations: Information processed by Ko-fi (see their privacy policy)

3.2 Information Collected Automatically

• Usage Data: Pages visited, time spent, browser type, device type, operating system
• IP Address: Collected for security and analytics purposes
• Cookies: Small text files stored on your device (see Cookie Policy)
• Analytics: Google Analytics data (anonymized where possible)

3.3 Podcast Listening Data

When you listen to our podcast on third-party platforms (Spotify, Apple Podcasts, etc.), those platforms may collect data about your listening habits. Please refer to their respective privacy policies.

4. How We Use Your Information

We use your personal information for the following purposes:

• Guest Management: Process guest applications, schedule recordings, produce episodes
• Communication: Respond to inquiries, send newsletters, provide updates
• Website Functionality: Operate and maintain our website
• Analytics: Understand user behaviour and improve our content
• Legal Compliance: Comply with legal obligations and protect our rights
• Marketing: Send promotional content (with your consent)

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

• Consent: You have given explicit consent (e.g., newsletter signup)
• Contract: Processing is necessary for a contract (e.g., guest agreements)
• Legitimate Interests: We have legitimate business interests (e.g., analytics, security)
• Legal Obligation: Required by law (e.g., tax records)

6. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Supabase (database), Ko-fi (donations), ConvertKit (email), Google Analytics (analytics)
• Podcast Platforms: Spotify, Apple Podcasts, and other distribution platforms
• Legal Requirements: When required by law, court order, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

7. Data Retention

We retain your personal data for as long as necessary to:

• Guest applications: 2 years from submission or indefinitely if you appear on the podcast
• Contact inquiries: 1 year from last contact
• Newsletter subscriptions: Until you unsubscribe
• Analytics data: 26 months (Google Analytics default)
• Published podcast content: Indefinitely (publicly available)

8. Your Rights

Under GDPR, CCPA, and UK GDPR, you have the following rights:

To exercise your rights: Contact us using our contact form

You also have the right to lodge a complaint with your local data protection authority.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy.

You can control cookies through your browser settings and our cookie consent banner.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK and EU, including the United States (Supabase, Google Analytics). We ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Service providers' compliance with GDPR requirements

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• Encryption of data in transit (HTTPS/TLS)
• Secure database storage with access controls
• Regular security audits and updates
• Limited access to personal data (need-to-know basis)
• Secure file storage for headshots and documents

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email to registered users or through a prominent notice on our website.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us: