1. Introduction
Welcome to PodIt ("we," "our," or "us"). PodIt is a voice-first AI calendar assistant designed for families and groups to coordinate schedules seamlessly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").
By using PodIt, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: When you create an account, we collect your name, email address, phone number, and profile photo (optional).
- Authentication Data: If you sign in using third-party services (Google, Apple), we receive your basic profile information from those services.
- Calendar Data: Events, schedules, notes, locations, and time preferences you create within the app.
- Pod Information: Group names, descriptions, member relationships, and shared calendar data within your Pods (family/group calendars).
- Voice Data: When you use voice commands, your speech is processed to understand and execute your requests.
- Contact Information: With your permission, we access your device contacts to help you invite family and friends to Pods.
2.2 Information Collected Automatically
- Device Information: Device type, operating system, unique device identifiers, and mobile network information.
- Usage Data: How you interact with our Service, including features used, time spent, and navigation patterns.
- Log Data: IP address, browser type, access times, and referring URLs.
- Location Data: With your permission, approximate location for event suggestions and timezone detection.
2.3 Voice and Audio Data
Important: PodIt uses voice recognition to provide hands-free calendar management. When you use voice features:
- Audio is processed in real-time using Deepgram's speech-to-text technology
- Voice data is transmitted securely and processed to understand your commands
- We do not permanently store raw audio recordings
- Transcriptions may be temporarily retained to improve service quality
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our Service
- Process and respond to your voice commands using AI
- Create and manage your calendar events and Pods
- Send notifications about schedule changes, conflicts, and reminders
- Facilitate communication between Pod members
- Personalize your experience and provide relevant suggestions
- Detect and prevent fraud, abuse, and security issues
- Comply with legal obligations
- Analyze usage patterns to improve our AI assistant
4. AI and Machine Learning
PodIt uses artificial intelligence and machine learning technologies to:
- Natural Language Processing: Understand your voice commands and text inputs
- Intent Recognition: Determine what action you want to perform (create event, check schedule, etc.)
- Smart Scheduling: Suggest optimal meeting times based on Pod members' availability
- Conflict Detection: Automatically identify scheduling conflicts
Our AI is powered by OpenAI's GPT models. Your interactions help improve our understanding of scheduling requests, but we do not share personally identifiable information with AI providers for training purposes.
5. Information Sharing and Disclosure
We may share your information in the following circumstances:
- With Pod Members: Calendar events and availability are shared with other members of your Pods as you configure.
- Service Providers: We work with third-party companies to provide our Service:
- Supabase (database and authentication)
- Deepgram (speech-to-text processing)
- OpenAI (AI language processing)
- Vercel (hosting and serverless functions)
- Twilio (SMS notifications and invitations)
- Legal Requirements: When required by law, subpoena, or government request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
- With Your Consent: When you explicitly agree to share information.
We do not sell your personal information to third parties.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- All data transmission is encrypted using TLS/SSL
- Database access is protected by Row Level Security (RLS)
- Authentication tokens are securely stored and regularly rotated
- We use ES256 JWT tokens for secure API authentication
- Regular security audits and vulnerability assessments
However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. Data Retention
We retain your information for as long as your account is active or as needed to provide services. Specifically:
- Account Data: Retained until you delete your account
- Calendar Events: Retained until deleted by you or 2 years after the event date
- Voice Transcriptions: Temporarily retained for up to 30 days for service improvement
- Usage Logs: Retained for up to 12 months
Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
8. Your Rights and Choices
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Update inaccurate or incomplete data
- Deletion: Request deletion of your personal data
- Portability: Receive your data in a portable format
- Opt-out: Opt out of certain data processing activities
- Withdraw Consent: Withdraw previously given consent
To exercise these rights, contact us at privacy@podit.app.
Managing Permissions
- Microphone: Disable in device settings to stop voice features
- Contacts: Disable in device settings to stop contact-based invitations
- Notifications: Manage in app settings or device settings
- Location: Disable in device settings
9. Children's Privacy
PodIt is designed for family use and may be used by children under parental supervision. We do not knowingly collect personal information from children under 13 without parental consent. If you believe we have collected information from a child under 13, please contact us immediately at privacy@podit.app.
Parents can manage their children's accounts and data through the Pod administrative features.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses approved by relevant authorities
- Data processing agreements with all service providers
- Compliance with GDPR for EU users
- Compliance with CCPA for California residents
11. Third-Party Links and Services
Our Service may contain links to third-party websites or integrate with third-party services (such as Google Calendar). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending you an in-app notification or email for significant changes
Your continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
For data protection inquiries in the EU, you may also contact our Data Protection Officer at dpo@podit.app.
14. California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information held by businesses
- Right to opt-out of sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising CCPA rights
To exercise your CCPA rights, email privacy@podit.app with "CCPA Request" in the subject line.
15. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation including:
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
Our legal bases for processing include: consent, contract performance, legitimate interests, and legal obligations.