← Back to home

Privacy Policy

Last updated: 24 February 2026

1. Who we are

PodLot Studios ("we", "us", "our") is the data controller responsible for your personal data. Our registered address is in the United Kingdom. If you have questions about how we handle your data, please contact us at privacy@podlot.co.uk.

2. What data we collect

When you use our discovery form or services we may collect:

  • Full name, email address, phone number, and company name
  • Podcast concept details (show concept, target audience, goals, budget, timeline)
  • Booking and calendar information from Cal.com
  • Contract and signature data via BoldSign
  • Technical data such as IP address, browser type, and device information (collected automatically)

3. Lawful basis for processing

We process your personal data on the following legal bases under UK GDPR:

  • Consent – You give explicit consent via the discovery form checkbox before we process your data.
  • Contractual necessity – Processing is necessary to perform our podcast production services.
  • Legitimate interest – We may use technical data to maintain security and improve our services.

4. How we use your data

  • To arrange and conduct discovery calls
  • To provide podcast production services
  • To send contracts and process agreements
  • To send you marketing updates only if you opted in
  • To improve our services and website experience

5. Data sharing and third parties

We share your data only with the following processors, all of whom are bound by data processing agreements:

  • Supabase (database hosting) – EU region
  • Resend (transactional email delivery)
  • Cal.com (booking and scheduling)
  • BoldSign (electronic contract signing)
  • Vercel (website hosting)

We do not sell your personal data to third parties.

6. Data retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, typically for the duration of our business relationship plus 6 years for legal and tax compliance. Discovery form data from leads who do not proceed is deleted after 12 months.

7. Your rights under UK GDPR

You have the right to:

  • Access – Request a copy of the personal data we hold about you
  • Rectification – Request correction of inaccurate data
  • Erasure – Request deletion of your data ("right to be forgotten")
  • Restrict processing – Request we limit how we use your data
  • Data portability – Receive your data in a structured, commonly used format
  • Object – Object to processing based on legitimate interest
  • Withdraw consent – Withdraw consent at any time without affecting prior processing

To exercise any of these rights, email privacy@podlot.co.uk. We will respond within 30 days.

8. Cookies

We use only essential cookies required for the website to function (authentication session cookies). We do not use advertising or analytics cookies. No third-party tracking scripts are loaded without your consent.

9. Data security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), secure database hosting, access controls, and regular security reviews.

10. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.