← Back to home

Privacy Policy

Last updated: 24 February 2026

1. Who we are

PodLot Studios ("we", "us", "our") is the data controller responsible for your personal data. Our registered address is in the United Kingdom. If you have questions about how we handle your data, please contact us at privacy@podlot.co.uk.

2. What data we collect

When you use our discovery form or services we may collect:

  • Full name, email address, phone number, and company name
  • Podcast concept details (show concept, target audience, goals, budget, timeline)
  • Booking and calendar information when you schedule a discovery call via Google Calendar
  • Technical data such as IP address, browser type, and device information (collected automatically)

3. Lawful basis for processing

We process your personal data on the following legal bases under UK GDPR:

  • Consent – You give explicit consent via the discovery form checkbox before we process your data.
  • Contractual necessity – Processing is necessary to perform our podcast production services.
  • Legitimate interest – We may use technical data to maintain security and improve our services.

4. How we use your data

  • To arrange and conduct discovery calls
  • To provide podcast production services
  • To send you marketing updates only if you opted in
  • To improve our services and website experience

5. Data sharing and third parties

We share your data only with the following processors, all of whom are bound by data processing agreements:

  • Supabase (database hosting) – EU region
  • Resend (transactional email delivery)
  • Google (Calendar & Meet for scheduling discovery calls)
  • Vercel (website hosting)

We do not sell your personal data to third parties.

6. Data retention

We retain discovery survey data for up to 2 years, after which it is automatically anonymised so it can no longer identify you. If you go on to become a client, we keep the relevant records for the duration of our relationship plus 6 years for legal and tax compliance. You can ask us to delete your data sooner at any time — see “Your rights” below.

7. Your rights under UK GDPR

You have the right to:

  • Access – Request a copy of the personal data we hold about you
  • Rectification – Request correction of inaccurate data
  • Erasure – Request deletion of your data ("right to be forgotten")
  • Restrict processing – Request we limit how we use your data
  • Data portability – Receive your data in a structured, commonly used format
  • Object – Object to processing based on legitimate interest
  • Withdraw consent – Withdraw consent at any time without affecting prior processing

To exercise any of these rights, email privacy@podlot.co.uk. We will respond within 30 days.

8. Cookies

We use only essential cookies required for the website to function (a consent-preference cookie and an essential session cookie). For usage statistics we use Vercel Analytics, which is privacy-friendly and does not set tracking cookies. We do not use advertising cookies or third-party tracking scripts.

9. Data security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), secure database hosting, access controls, and regular security reviews.

10. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.