Privacy Policy.

Privacy Policy

Last updated: Jun 01, 2026 5:57 PM

We value your privacy very highly. Please read this Privacy Policy carefully before using the https://podpair.co website (the “Website”) operated by Feel Good Fox Ltd, a(n) Private Company Limited By Shares formed in England, with a registration number of 11986394 (“us, we, our”) as this Privacy Policy contains important information regarding your privacy and how we may use the information we collect about you. Feel Good Fox Ltd is registered with the UK Information Commissioner's Office (ICO) under registration number ZC116479.

Your access to or use of the Website is conditional upon your acceptance of and compliance with this Privacy Policy. This Privacy Policy applies to everyone, including but not limited to visitors, users and others, who wish to access or use the Website.

By accessing or using the Website, you agree to be bound by this Privacy Policy. If you disagree with any part of this Privacy Policy, you do not have our permission to access or use the Website.

What information we collect and store

We collect and store any and all information that you enter on this Website. We collect and store the following information about you:

How we process your information

PodPair operates two distinct categories of processing, each with different purposes and legal bases under UK GDPR. The way we process your information depends on whether you are a member or a waitlist signup.

Member processing (paying guests, approved podcasters). For members, we process your information to deliver the PodPair matching service: identifying compatible matches, communicating about match opportunities, processing payments, and managing your subscription. The legal bases include performance of a contract (Article 6(1)(b) UK GDPR — for service delivery, transactional email, and billing), consent (Article 6(1)(a) — for marketing email, where you have opted in), legitimate interests (Article 6(1)(f) — for security, fraud prevention, dispute defensibility, and operational logging), and legal obligation (Article 6(1)(c) — for tax record retention as required by HMRC).

Waitlist processing (waitlist signups for sectors that have not yet launched). For waitlist signups, we process a more limited set of information for two specific purposes: to notify you when your selected industry sector launches on PodPair, and to analyse aggregate signups to prioritise which sectors to launch next. The legal bases are consent (Article 6(1)(a) UK GDPR — for sector-launch notification, with re-consent prompted at 12 months) and legitimate interests (Article 6(1)(f) — for the aggregate demand-signal analysis). We have conducted a Legitimate Interests Assessment confirming the demand-signal processing is proportionate. The assessment is documented and available to the supervisory authority on request.

Waitlist processing is not the same as member processing. Waitlist signups have not entered a contractual relationship with PodPair — there is no subscription, no service delivery, and no payment processing. Your UK GDPR rights (access, rectification, erasure, and the others described below) apply identically to waitlist data and to member data; only the legal basis for processing differs between them.

With whom we share your personal information

We share the following personal information with the following categories of third parties:

Cookies

A cookie is a small piece of data sent from a website and stored on your device by your browser. This Website sets cookies. Please visit our Cookie Policy to learn more about what cookies we set, why we set them, and how to change your cookie settings.

Children's privacy

This Website is intended for use by a general audience and does not offer services to children. Should a child whom we know to be under 18 send personal information to us, we will use that information only to respond to that child to inform them that they cannot use this Website.

Information retention

PodPair retains personal information for the periods described below. Different categories of data are retained for different periods because they serve different purposes and are subject to different legal obligations.

Active member profile and account data. Member profile data, account credentials, communication preferences, and operational records associated with active members are retained for the duration of your membership.

Cancelled member profile data. When you cancel your membership, your profile data and operational records are retained for 12 months from the cancellation date. After 12 months, your data is automatically deleted from PodPair's systems. The 12-month window allows for any post-cancellation queries (refunds where applicable, dispute resolution, post-cancellation administration) to be handled cleanly. If you wish to return to PodPair after cancellation, you can re-onboard via standard signup. The legal basis for retention during this 12-month window is legitimate interests (Article 6(1)(f) UK GDPR — service continuity and dispute defensibility) and storage limitation under Article 5(1)(e). We have conducted a Legitimate Interests Assessment confirming this processing is proportionate. The assessment is documented and available to the supervisory authority on request.

Tax and payment records. Records of subscription payments, invoices, refunds, and other financial transactions are retained for seven years to comply with our obligations under the Finance Act 2008, the Taxes Management Act 1970, the Value Added Tax Act 1994 and the VAT Regulations 1995. The legal basis is legal obligation under Article 6(1)(c) UK GDPR. This retention period applies regardless of whether your membership is active or cancelled, because the obligation is to retain the financial records, not to maintain the underlying account.

Waitlist signups. If you have signed up to the waitlist for a sector that has not yet launched on PodPair, your data is retained for up to 24 months. We will prompt you to re-consent at the 12-month point; if you re-consent, your data is retained for the full 24 months from the original signup. If you do not respond to the re-consent prompt within a reasonable window (typically 60 to 90 days), we will treat the lack of response as a withdrawal of consent and delete your waitlist data. The legal basis for waitlist retention is consent under Article 6(1)(a) UK GDPR.

Incident Log. PodPair maintains an internal Incident Log recording operational events such as disputes between members, complaints, no-shows for scheduled recordings, and content disputes. This record is essential for dispute defensibility, operational review, and platform safety. We retain Incident Log entries for seven years from the date of the incident. The legal basis is legitimate interests under Article 6(1)(f) UK GDPR. We have conducted a Legitimate Interests Assessment confirming this processing is proportionate. The assessment is documented and available to the supervisory authority on request.

If you have any entries in our Incident Log, the personal identifiers in those entries (your name, email address, and similar identifying fields) will be anonymised on deletion of your account. The factual record of those incidents is preserved for the remainder of the seven-year retention window — this is necessary to maintain the integrity of operational records and to defend any disputes that may arise involving other parties to those incidents. Other parties' records within the same incident entries are not affected by your erasure request.

Transactional and operational logs. System-level logs from our service providers (such as authentication events from Supabase, email dispatch records from Resend, and workflow execution logs from Make) are retained for 13 months. These logs are operational records used for security monitoring, fraud prevention, and debugging.

Marketing email suppression list. If you have unsubscribed from PodPair's marketing email, we retain your email address and the unsubscribe timestamp for 6 months. This minimal record is retained solely to ensure we honour your unsubscribe request and do not accidentally re-add you to marketing lists. After 6 months, this record is deleted.

Data subject request records. Records of requests you make to exercise your UK GDPR rights (access, rectification, erasure, restriction, portability, objection) are retained for seven years. This retention demonstrates our compliance with our obligations under UK GDPR if challenged or audited. The legal basis is legitimate interests (Article 6(1)(f) — compliance demonstrability) and legal obligation (Article 6(1)(c) — where the underlying request relates to a legal obligation we are demonstrating).

Direct marketing

We use the information that we collect about you for direct marketing purposes. Direct marketing is the act of selling products or services directly to consumers rather than through retailers. Please see the “Your rights” section below for more information regarding exercising your privacy rights related to direct marketing.

Email tracking. PodPair sends transactional and operational emails (such as account verification, password reset, match notifications, and billing notifications) through our email service provider, Resend. These emails contain a small tracking element that records when an email is opened and whether links within it are clicked. We use this information to confirm successful delivery, identify deliverability issues, and improve the quality of our email service. The legal basis for this tracking is legitimate interests under Article 6(1)(f) UK GDPR. We have conducted a Legitimate Interests Assessment balancing operational need against the reasonable expectation of email privacy. The assessment is documented and available to the supervisory authority on request. PodPair-side tracking data is retained for 13 months consistent with our transactional log retention policy. Resend's own retention of delivery metadata is governed by their privacy policy.

Categories of email PodPair sends. PodPair sends three categories of email, each with a different legal basis and different rights for you as the recipient.

Transactional and service email includes account verification, password reset, match notifications, billing notifications, cancellation confirmations, and similar emails that are necessary for delivering the PodPair service. The legal basis is performance of a contract under Article 6(1)(b) UK GDPR. You cannot unsubscribe from transactional and service email without terminating your PodPair membership, because these emails are an essential part of the service we provide.

Optional email — communications you can opt in to receive — includes newsletters, sector-launch announcements (for waitlist signups), beta nurture content, and similar communications. The legal basis is your consent under Article 6(1)(a) UK GDPR — you opt in to marketing email separately at signup or via your member account. You can unsubscribe from marketing email at any time, either via the unsubscribe link in any marketing email or by contacting us at hello@podpair.co. Unsubscribing from marketing email does not affect your subscription, your access to PodPair, or your transactional and service email.

Operational and platform processing covers internal email and log retention used for security monitoring, fraud detection, service quality measurement, and operational record-keeping. This is not customer-facing email, but it does involve processing of email-related data for the purposes described. The legal basis is legitimate interests under Article 6(1)(f) UK GDPR. We have conducted a Legitimate Interests Assessment confirming this processing is proportionate. The assessment is documented and available to the supervisory authority on request.

Your rights

Depending upon where you reside‚ you may have the following rights with regard to your personal information:

Exercising your rights

You may exercise the rights specified above by submitting a consumer request to:

PodPair (Feel Good Fox Ltd)
Data Protection Contact
hello@podpair.co
Ground Floor, 108-112 Main Road, Sundridge, Sevenoaks, Kent, TN14 6ES, United Kingdom
United Kingdom
https://podpair.co

We will need to verify your identity prior to effectuating your request and may ask you to provide personal information to do so.

We will respond to most consumer requests within 30 days of receipt. However, some requests may take longer. We will notify you in writing if we need more time to respond. We have the ability to deny your request(s) if certain exceptions in the law apply. If we do deny your request, we will provide you with the reasons for such denial.

Location of data processing

All data processing activities undertaken by us take place in United Kingdom.

Third-party websites

This Website may contain hyperlinks to websites operated by parties other than us. We provide such hyperlinks for your reference only. We do not control such websites and are not responsible for their contents or the privacy or other practices of such websites. It is up to you to read and fully understand their Privacy Policies. Our inclusion of hyperlinks to such websites does not imply any endorsement of the material on such websites or any association with their operators.

Transferring data

We may transfer your personal information for processing to The United States. PodPair uses the following US-based service providers in delivering the service: Stripe (payment processing), Resend (transactional email), Airtable (CRM/operational records), BoldSign (e-signature for guest release agreements), Vercel (website hosting and edge), and Twilio (telephony/voicemail). This means that your information may be processed outside of your country of residence and it may be accessible to law enforcement and national security authorities of that country and jurisdiction.Please note that we use standard contractual clauses, additional safeguards, and adequacy decisions to transfer data.

Questions

If you have any questions about this Privacy Policy, please contact us at hello@podpair.co.

Third-party service providers

PodPair uses the following third-party service providers to deliver the service. Each provider processes personal data on our behalf under a written data processing agreement, and processes only the categories of data necessary for their function:

Supabase — database and authentication. Location: European Union (Germany). Data shared: all member account data including identifying information.

Stripe - payment processing. Location: United States and European Union. Data shared: payment information, billing address, and identifying information necessary for billing. Stripe processes payment data on our behalf under a written data processing agreement and is certified to PCI-DSS Level 1. Transfer safeguard: standard contractual clauses with the UK Addendum.

Resend — transactional email delivery. Location: United States. Data shared: email address, name, and the content of transactional and operational emails. Transfer safeguard: standard contractual clauses with the UK Addendum.

MailerLite — marketing email delivery. Location: European Union (Lithuania). Data shared: email address, name, and marketing preferences for members and waitlist signups who have opted in.

Make — workflow automation. Location: European Union. Data shared: operational data flows between systems including identifying information.

Airtable — customer relationship management and operational records. Location: United States. Data shared: identifying information, account manager notes, and incident log records. Transfer safeguard: standard contractual clauses with the UK Addendum.

Vercel — website hosting and edge delivery. Location: United States (with global edge nodes). Data shared: request logs including IP address, user agent, and session data. Transfer safeguard: standard contractual clauses with the UK Addendum.

Tally — form submission processing. Location: European Union. Data shared: form data per session, including responses to onboarding, depth profile, and waitlist forms.

Twilio - voicemail processing and storage. Location: United States. Data shared: phone number and contents of voicemail. Transfer safeguard: standard contractual clauses with the UK addendum.

BoldSign — electronic signature for guest release agreements. Location: United States. Data shared: member name, email, and podcast metadata necessary for executing the release agreement. Transfer safeguard: standard contractual clauses with the UK Addendum.

Termageddon and Usercentrics — legal documentation hosting and cookie consent management. Locations: United States (Termageddon) and European Union (Usercentrics). Data shared: cookie consent state and limited request metadata. Transfer safeguard: standard contractual clauses with the UK Addendum where applicable.

Google Workspace — internal productivity tools (email, documents) used by the PodPair team. Location: United States. Internal use only; member data is not routinely sent to Google Workspace except where members directly contact PodPair via email. Transfer safeguard: standard contractual clauses with the UK Addendum.

We review this list periodically and update it when our service providers change. The current version of this list is always available in this Privacy Policy.