GDPR Compliance

Last updated: February 21, 2026

PodDebrief is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page explains your rights and how we comply.

Data Controller

PodDebrief is the data controller for personal data processed through poddebrief.com. We are based in the Netherlands and operate under EU data protection law.

Legal Basis for Processing

  • Contract performance: Processing your email and account data to provide the PodDebrief service you signed up for.
  • Legitimate interest: Service improvement, security monitoring, and basic analytics to improve the product.
  • Consent: Marketing emails and optional communications (you can opt out at any time).

Your Rights Under GDPR

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Data Portability

Receive your data in a machine-readable format (JSON/CSV).

Right to Restrict Processing

Request that we limit how we use your data.

Right to Object

Object to processing based on legitimate interest.

Right to Withdraw Consent

Withdraw consent at any time where processing is consent-based.

Data Location

Your data is primarily stored in EU data centers:

  • Database: Supabase (EU region)
  • Audio files: Cloudflare R2 (EU West)
  • Website: Vercel (edge network, EU primary)

Some processing (AI analysis, TTS generation) involves data transfer to US-based services (OpenAI, Anthropic). These transfers are covered by Standard Contractual Clauses.

Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.

Exercising Your Rights

To exercise any of your GDPR rights, email hello@poddebrief.com with the subject “GDPR Request”. We will respond within 30 days.

Supervisory Authority

If you believe we are not handling your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.