Privacy Policy
Last updated: June 12, 2026
This Privacy Policy explains how Yedapo ("Yedapo," "we," "us," or "our"), based in Tel Aviv, Israel, collects, uses, shares, and protects personal data when you use the Yedapo website, applications, and related services (the "Service"). For the purposes of the EU/UK General Data Protection Regulation (GDPR), Yedapo is the data controller of your personal data. By using the Service, you acknowledge the practices described in this Policy.
1. Information We Collect
Account Information
When you create an account, we collect your email address and display name through our authentication provider (Supabase). We use this information to provide, secure, and personalize the Service.
Payment & Subscription Information
When you purchase a paid subscription, our payment processors (which may include Lemon Squeezy, Apple, or Google) collect and process your payment details and handle the transaction. Yedapo does not receive or store your full payment-card number. We retain limited billing records such as subscription status, plan, transaction identifiers, and the country associated with the purchase.
Usage Data
We collect anonymized usage analytics through PostHog, including pages visited, features used, and general interaction patterns, as well as technical data such as device type, browser, and approximate region derived from your IP address. This helps us understand and improve the Service. You can opt out of analytics through the cookie-consent preferences.
Podcast & Content Preferences
We store your subscriptions, follows, saved episodes, listening progress, and generated summaries to provide a personalized experience. This data is associated with your account.
Notification Data
If you enable notifications, we store the identifiers needed to deliver them, such as your email address, Telegram chat ID, WhatsApp number, or push-notification device token, along with your notification preferences.
Support & Communications
When you contact us, we collect the information you provide (such as your email address and the contents of your message) to respond to and resolve your request.
2. How We Use Your Information
- Provide, operate, maintain, and secure the Service;
- Personalize your experience (subscriptions, follows, saved content, recommendations);
- Process payments and manage your subscription;
- Send notifications and service communications you have opted into;
- Improve the Service through anonymized analytics and product research;
- Enforce rate limits, usage quotas, and our Terms of Service;
- Detect, prevent, and address fraud, abuse, and security incidents;
- Comply with legal obligations and respond to lawful requests.
3. Automated Processing & AI
The Service uses automated systems and third-party artificial-intelligence providers to generate summaries, highlights, and related analytical materials from publicly available podcast and video content. This automated processing operates on the underlying content and does not make legal or similarly significant decisions about you. Your personal account data is not sold to, or used to train the foundation models of, these AI providers as part of providing the Service. The accuracy limitations of AI-generated content are described in our Terms of Service.
4. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:
- Contract: account creation, subscription management, and service delivery — processing necessary to provide the Service you have requested.
- Consent: analytics cookies and optional marketing — processed based on your explicit opt-in, which you can withdraw at any time.
- Legitimate Interests: security, fraud prevention, and service improvement — balanced against your rights and freedoms.
- Legal Obligation: retaining billing records and responding to lawful requests as required by law.
5. Third-Party Service Providers
We share personal data with the following service providers (sub-processors) only as necessary to operate the Service. Each acts under contractual confidentiality and data-protection obligations:
These providers are subject to their own privacy policies. In particular, please review the YouTube Terms of Service and the Google Privacy Policy. Separately, the Service draws on public content sources such as podcast directories, indexes, and RSS feeds; those sources are described in our Terms of Service and do not receive your personal data.
6. YouTube API Data
When you connect your Google account, we access your YouTube subscriptions via the YouTube Data API and store your OAuth tokens securely to maintain the connection. You can disconnect YouTube at any time from Settings, which deletes your stored tokens and associated YouTube data. Our use and transfer of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to train generalized AI/ML models, and we do not sell Google user data.
7. Cookies & Tracking
We use cookies and local storage for:
- Essential: authentication session and theme preference;
- Analytics: PostHog tracking (opt-out available via cookie consent);
- Performance: Vercel Speed Insights.
You can manage your preferences at any time through the cookie-consent banner or your browser settings. We honor recognized opt-out signals where required by law.
8. Data Retention
We retain your account data for as long as your account is active and as needed to provide the Service. Generated summaries and transcripts are cached as shared, non-personal resources to improve performance for all users and are not tied to your identity. Billing and transaction records are retained as required by tax and accounting law (typically up to 7 years). When you delete your account, we delete or anonymize your personal data as described on our Data Deletion page, subject to limited legal-retention exceptions.
9. Your Rights (GDPR & CCPA/CPRA)
Depending on your location, you may have the right to:
- Access: request a copy of your personal data;
- Correction: request correction of inaccurate data;
- Deletion: request deletion of your personal data;
- Portability: receive your data in a portable format;
- Restriction & Objection: restrict or object to certain processing;
- Withdraw consent: withdraw consent at any time where processing is based on consent;
- Opt-out: opt out of analytics and marketing;
- Non-discrimination: exercise your rights without penalty.
To exercise these rights, contact us at [email protected] or use the self-service tools on our Data Deletion page. We may need to verify your identity before fulfilling a request. You may authorize an agent to act on your behalf where the law permits.
10. California Residents (CCPA/CPRA)
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. Under the California Consumer Privacy Act, as amended by the CPRA, you have the right to know what personal information we collect, to request deletion and correction, and to limit certain uses, and the right not to be discriminated against for exercising these rights. To exercise these rights, contact us at [email protected].
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (HTTPS), secure authentication, and access controls. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
12. International Data Transfers
Your data may be transferred to and processed in the United States, the European Union, Israel, and other countries where we and our service providers operate. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses and adequacy decisions (Israel benefits from an EU adequacy decision) to protect your data during such transfers.
13. Children's Privacy
The Service is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children below the applicable age. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.
14. Data-Breach Notification
In the event of a personal-data breach that is likely to result in a risk to your rights, we will notify affected users and the relevant supervisory authority without undue delay, and within 72 hours where required by GDPR.
15. Right to Lodge a Complaint
If you are in the EEA or UK, you have the right to lodge a complaint with your local data-protection supervisory authority if you believe your personal data has been processed unlawfully. We would appreciate the opportunity to address your concerns directly first.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service and updating the "Last updated" date above. Your continued use after changes take effect constitutes acceptance of the updated Policy.
17. Contact
For questions about this Privacy Policy or to exercise your rights, contact us at [email protected].
See also: Terms of Service, Subscription Terms, and Data Deletion