GDPR Compliance
Last updated: February 21, 2026
PodDebrief is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page explains your rights and how we comply.
Data Controller
PodDebrief is the data controller for personal data processed through poddebrief.com. We are based in the Netherlands and operate under EU data protection law.
Legal Basis for Processing
- Contract performance: Processing your email and account data to provide the PodDebrief service you signed up for.
- Legitimate interest: Service improvement, security monitoring, and basic analytics to improve the product.
- Consent: Marketing emails and optional communications (you can opt out at any time).
Your Rights Under GDPR
Right to Access
Request a copy of all personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Data Portability
Receive your data in a machine-readable format (JSON/CSV).
Right to Restrict Processing
Request that we limit how we use your data.
Right to Object
Object to processing based on legitimate interest.
Right to Withdraw Consent
Withdraw consent at any time where processing is consent-based.
Data Location
Your data is primarily stored in EU data centers:
- Database: Supabase (EU region)
- Audio files: Cloudflare R2 (EU West)
- Website: Vercel (edge network, EU primary)
Some processing (AI analysis, TTS generation) involves data transfer to US-based services (OpenAI, Anthropic). These transfers are covered by Standard Contractual Clauses.
Data Breach Notification
In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.
Exercising Your Rights
To exercise any of your GDPR rights, email hello@poddebrief.com with the subject “GDPR Request”. We will respond within 30 days.
Supervisory Authority
If you believe we are not handling your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.