Privacy Policy

PodRandom is operated as an independent service. For the purposes of GDPR, the data controller is the operator of PodRandom, contactable at privacy@podrandom.com. If PodRandom is later operated by a registered legal entity, this page will be updated with that entity's name, address, and EU representative (if applicable). EU users may contact the operator at the email above to exercise any GDPR right described below.

• Account info: email, username, real name (private), age confirmation, country (optional).
• Profile data: avatar, bio, interests.
• Activity: sessions hosted/guested, hours live, ratings given and received, achievements unlocked.
• Reports: reports filed by you and against you.
• Technical: IP address (used for rate limiting and abuse prevention), browser/OS, basic device info.

We do not store video or audio. Conversations are peer-to-peer over WebRTC; the server never sees the media. Recordings, if made, are saved to the recording user's device only. Text-chat messages sent inside a session are stored briefly for moderation purposes (so we can investigate harassment reports); they are not used for advertising and are deleted along with the session when you delete your account.

• To provide the matching service and account features
• To enforce community guidelines and apply moderation actions
• To prevent fraud and abuse
• To send transactional email (verification, password reset, billing receipts)
• To compute aggregate, non-identifying analytics

We do not sell personal data.

• Performance of contract — operating your account
• Legitimate interest — fraud prevention, abuse moderation
• Consent — email marketing (only if you opt in)
• Legal obligation — CSAM reporting, lawful access requests

• Supabase — database, authentication, realtime signaling
• Vercel — application hosting and CDN
• Cloudflare — DNS, R2 object storage, optional anti-abuse
• Metered.ca — TURN relay (used only when peer-to-peer fails)
• Resend — transactional email
• Stripe / Paddle (when subscription tier is live) — payments
• hCaptcha — bot prevention on signup

• Account data: kept until you delete your account
• Session metadata: kept for 12 months for moderation purposes
• Reports: kept for 24 months
• IP logs: kept for 90 days for abuse investigation

You have the right to:

• Access the data we hold about you
• Correct inaccurate data
• Delete your account and associated data
• Export your data (data portability)
• Object to or restrict processing
• Lodge a complaint with a data protection authority

To exercise any of these, email privacy@podrandom.com.

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you specific rights regarding your personal information:

• Right to know — what personal information we collect, how we use it, and which categories of third parties we share it with.
• Right to delete — request deletion of personal information we hold about you.
• Right to correct — request correction of inaccurate personal information.
• Right to opt out of “sale” or “sharing” — under CPRA's broad definition, the use of analytics + marketing pixels (Meta Pixel, Google Analytics, GTM) for cross-context behavioral advertising counts as “sharing.” You can opt out at any time via /privacy/preferences. Toggling marketing or analytics off there is your CPRA opt-out.
• Right to limit use of sensitive information — we don't use sensitive personal information for any purpose other than providing the service you signed up for.
• Right to non-discrimination — exercising any of the above rights does not affect the price or quality of our service.

We do not sell personal information. To submit a request to know, delete, or correct, email privacy@podrandom.com with the subject line “CCPA request.” We respond within 45 days as required by statute.

We use essential cookies for authentication (Supabase session) and security. We do not use advertising or tracking cookies in v1.

The Service is not intended for users under 13. Accounts found to belong to users under 13 are deleted on discovery.

As required under 18 U.S.C. § 2258A, we report suspected child sexual abuse material to the National Center for Missing & Exploited Children (NCMEC). We cooperate with law enforcement requests.

We will announce material changes to this page with an updated “Last updated” date.

Email privacy@podrandom.com.