Privacy Policy for Podcasters | Respect Your Audience & Their Data

In a nutshell: what kind of privacy policy for podcasters do you need to use?

This is not legal advice, just discussion of the GDPR and CCPA, and how they affect online publishers
Check the privacy policies of companies you work with (such as your media host, website host, analytics provider, and monetization site)
Overcast, the listening app, shows privacy data for listeners: other listening apps should consider this
Add a cookie compliance widget to your site
Mention privacy concerns in your mailing list

As you’re making, promoting and/or monetizing your podcast, you’ll have to deal with users’ personal data. Whether this is a curated mailing list, or download stats, this information is important to you, and precious to marketers. It’s so precious, in fact, that now there are legal policies which affect how companies can store and use personal data.

What does this mean, for you ‘o podcaster, my podcaster? If you drop a hint that a Twitter influencer listens to your podcast, will you be clapped in irons and thrown into the deepest dungeon? Fear not. In this article, I’m going to talk about privacy policies for podcasters, and how you can take a few simple steps to comply with big data laws.

A Tale of Two Privacy Policies

Please note that this article is not, in any way, shape, or form, legal advice, or even a substitute for legal advice. I am not an attorney, nor do I pretend to be one. I’m simply going to tell you what I’ve researched, so that you can use that as a base for your own research. Speak to a lawyer to make sure you get this right!

The CCPA

The California Consumer Privacy Act went into effect in January of 2020. This act will probably be used as a template for other states in the US to draft their own data privacy laws. It applies to any company operating in California that:

makes more than $25K in revenue
gathers data on 50,000 users or more
makes more than half of its income from user data.

For California residents, the CCPA provides the right to:

know what data companies gather,
refuse to provide that data and/or to have that data deleted,
sue, if a company doesn’t take adequate steps to prevent a breach in data privacy.

If you use a website from any company based in California (such as publisher Condé Nast), you’re more than likely to see a popup banner with a button reading, “do not sell my personal information,” or something similar. This can include cookies. The information websites track can go to a third party vendor, such as Google AdSense. The result is, say for example, you look up companies that sell dog food, and then use the same browser to look at a site with embedded ads, you might see ads for dog food.

The data gathered can refer to things like IP addresses and personal preferences. This particular privacy policy generates a lot of notice because so many businesses in the tech industry are based in California.

The General Data Protection Regulation is a EU policy, which took effect in May of 2018. The UK has its own data protection act, which is mostly the same as the GDPR. The CCPA, in many ways, is based on this policy. Essentially, companies with more than 250 employees have to:

document what personal data they’re keeping, how they’re storing it, and why
prevent data breaches
in the case of large companies that use personal data as most of their business, they have to hire a data protection officer
provide a specific and clear “positive opt-in” for users, so that they can consent.

This brings us back to the “this website uses cookies” popup, or a popup that requires your consent before continuing.

What Does This Mean for Privacy Policies for Individual Podcasters?

Your podcast might have a small audience, but its reach is global. Even if your home location doesn’t have strict laws about privacy policies, your audience could be in a place which does. If you seek out sponsorship, your sponsors might choose whether or not to work with you, based on your adherence to privacy collection standards. It’s best to err on the side of caution. Here are some ways to implement a privacy policy for podcasters.

Tools You Use

You might work on your podcast alone, or with fewer people on your staff than it takes to play basketball. However, you might use services (i.e., a media host, website host, or podcast directory) of companies that are big enough for these privacy laws. It’s best to check their privacy policies, and see how they comply with data protection laws.

Spotify, for example, has a dashboard for podcasters which displays more user data than most. It shows age and gender identification, along with geographic region. They have a clear policy about how they gather and use data. Are these companies’ policies your responsibility? Again, I’m not an attorney, nor do I play one on tv. It’s never a bad idea to read the terms and conditions and privacy policies of the companies whose services you use. Please don’t settle in to read these while driving or operating heavy machinery.

Media Hosting Services

Your media host (where your podcast’s files live) will have its own privacy policy, and of course it’s worth your time to read. Not only should you know what audience data they collect, and what they do with it, but you should know how they can help you respect your audience’s data privacy.

Captivate, for example, have a great feature called “Full Transparency Mode.” Enable this, and it places a short statement at the end of your show notes for each episode. It lets your audience know which third-party analysis tools are used within your podcast.

Libsyn recently announced that podcast creators will be able to add their own prepends (a URL that’s a prefix to your media URL), when they want to have a third party company track their download stats. Prior to rollout, Libsyn contacted third party data tracking companies, and asked them to comply with the CCPA and GDPR. Companies who wouldn’t agree to partner with Libsyn to ensure compliance, are not supported by Libsyn. So, if you host with Libsyn, and use Podtrac to track listener demographics, you can add the prepend within the Libsyn dashboard.

Your media host wants to keep your business, and for your podcast to succeed. They don’t want to have data breaches, or for your audience to lose confidence in your podcast. Read their privacy policies, and follow your media host’s company newsletter, podcast, or social media to keep up to date with changes.

Listening Apps

Listening apps can help carry the weight of accountability, and show listeners what’s happening with their data. In September of 2020, Overcast started a beta test of a feature showing the relevant privacy information for each podcast. It’s unobtrusive and convenient. A link in each podcast’s page lets listeners tap on it to see what’s happening with their data. It’s right under the title.

It takes the user to a page within Overcast that shows what host they use, and any dynamic ad insertion. or third-party tracking. This is how the podcast can track the user across the Internet. Click on those links, and it takes you to the privacy policy pages for those companies.

Rob Walch, VP of podcaster relations for Libsyn, pointed out on a recent episode of their podcast The Feed, that this is a big deal, particularly for “mental health podcasts and privacy podcasts which are tracking their listeners, and that is just wrong.” His analogy was, “George McFly, in the tree, with binoculars, spying on the girl getting dressed. Yes. It is that creepy, and wrong.” Clearly, more listening apps can help users make smart choices about their privacy, and hold podcasters and data companies accountable.

privacy policy for podcasters - respect your audience and their data

Chart Analytics

Your podcast hosting service can show you different kinds of stats, including download numbers by country. However, it can’t show you data from podcast listening apps. For example, if you live in the US, you only see reviews and rankings from the US version of Apple Podcasts by default. This is where a chart-analytics service such as My Podcast Reviews, Podkite, or Chartable, can be helpful.

Chart-analytics services can show your podcast’s reviews from Apple Podcasts in other countries. They can show your podcast’s ranking on foreign Apple Podcast or Spotify charts. Your podcast could be ranked at #246 in its category in the US, but in another country, your podcast could be in the top 10 on the same day. Good to know, right? Right!

The privacy policies of some chart-analytics companies can be incredibly specific. In some cases, they can use your data (how many downloads, where they come from, and so on), unless you contact them to opt out. However, policies such as the GDPR and the CCPA require that you opt in to sharing your data (and, in the aggregate, your audience’s).

For example, some of these chart analytics companies provide an option for you to link to social media profiles. The flow of data, in those cases, goes both ways. Not only could a company tell your social media profile that your podcast ranks at #5 in the Health and Wellness charts, the company could also retrieve information about you that you have made available to those social networking services. That includes information about your contacts on those social networking services. As I read this, it seems that by linking your social media profile, you opt in to share that data.

Chart-analytics services can be incredibly helpful when it comes to planning and promoting your show. The information they provide can bolster your confidence and help you add value to your podcast. It’s worth it to check through their privacy policies carefully, and learn what data they use, and how.

Websites That Use Cookies

Website providers have their own privacy policies, for cookies and data collection. WordPress (for example) uses cookies. When you’re making your podcast web site, WordPress puts the responsibility on the site designer to add a widget or plugin that lets the user consent to the use of cookies. Here are two possible ways to do this. You can:

A secure website has a good privacy policy and data protection for its users.

Use WordPress’ Cookie & Consents Banner Widget. You can customize this a bit. You can type in your own message, and you can let your user consent by either clicking the button, scrolling, or after a set length of time.
Download and install a cookie consent plugin, such as Complianz. It can be configured for your home region. This plugin also blocks iFrames (inline frames that allow an external webpage to pop up on a document. iFrames are vulnerable to privacy problems…).

Mailing and Monetization Lists

If you’re using an email list management tool, check its privacy policies for the latest information. If you maintain your mailing lists manually, you definitely want to tell the recipients what you’re going to do with their email addresses. Best case scenario is to tell them that you won’t sell, rent, or trade their data, and keep your promise. An easy way to deal with this is to include it in the signature file when you compose the email.

Sometimes you might use a service like Patreon to monetize your show, and rely on their privacy policies, but export the backer data to a spreadsheet so that you can mail merchandise to your backers. Or, maybe you have a live show or event, and get people to sign up for your mailing list on paper. If it were me, I’d keep any and all lists to myself.

Ultimately, information means money. As podcasting grows, the ways that data gets transmitted and used become more, let’s say, interesting.

What Can Podcasters Do to Protect Data Privacy?

You might feel that you’re not “big” enough to make a difference, whether you follow legal privacy standards or not. But, taking the extra steps makes you seem more professional to sponsors and your audience. In general, it’s best to work with companies who have ethical data practices, and follow local laws. You can stick to good principles by keeping private any contact lists you may have generated. Again, this isn’t intended to be a comprehensive examination of how to implement good privacy policies. These are pointers to guide you to being smart and ethical with your audience’s data.

Podcasting is a medium that’s always changing and growing. It’s a big endeavor to keep up with new technology and ideas. Podcraft Academy has comprehensive courses, with exercises and downloadable resources, to help you with all aspects of podcasting. Also, you can always get help in our weekly Live Q&A sessions. We’re here to help you get your voice out into the world, and make a positive impact.

Cookie	Duration	Description
_hjAbsoluteSessionInProgress	1 hour	Hotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie.
tph_hp_filter	365 days	Stores which filters you have enabled in our Hosting Picker Chooser tool for user convenience.
tph_news_sign_up	365 days	Determines if the "Get weekly podcast industry insights like this straight to your inbox" banner is shown.
tph-article-feedback-submitted	365 days	Checks whether you submitted feedback to an article. If you did, we will no longer show you that section to avoid spam & user confusion.
wp-wpml_current_language	session	WordPress multilingual plugin sets this cookie to store the current language/language settings.

Cookie	Duration	Description
_ce.gtld	session	Crazyegg sets this cookie to identify the top-level domain.
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.n
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_hjRecordingEnabled	session	Hotjar sets this cookie when a Recording starts and is read when the recording module is initialized, to see if the user is already in a recording in a particular session.
_hjSession_*	1 hour	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.
cebs	session	Crazyegg sets this cookie to trace the current user session internally.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
last_pys_landing_page	7 days	PixelYourSite plugin sets this cookie to manages the analytical services.
last_pysTrafficSource	7 days	PixelYourSite plugin sets this cookie to manage the analytical services.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
prism_*	1 month	Active Campaign sets this cookie to track and store interactions.
pys_first_visit	7 days	PixelYourSite plugin sets this cookie to manage the analytical services.
pys_landing_page	7 days	PixelYourSite plugin sets this cookie to manages the analytical services.
pys_session_limit	1 hour	PixelYourSite plugin sets this cookie to manage the analytical services.
pys_start_session	session	PixelYourSite plugin sets this cookie to manage the analytical services.
pysTrafficSource	7 days	PixelYourSite plugin sets this cookie to manage the analytical services.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
ckid	never	Adara yield sets this cookie to deliver advertisements tailored to user interests on other websites and track transactions
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
scribd_ubtc	10 years	Scribd sets this cookie to gather data on user behaviour across several websites and maximise the relevancy of the advertisements on the website.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_ce.clock_data	1 day	Description is currently not available.
_ce.clock_event	1 day	Description is currently not available.
_ce.irv	session	Description is currently not available.
_ce.s	1 year	Description is currently not available.
_CEFT	1 year	No description available.
_hjIncludedInSessionSample_271830	1 hour	Description is currently not available.
cebsp_	session	Description is currently not available.
memberful_tracking_params	never	No description available.
pbid	6 months	Description is currently not available.
VISITOR_PRIVACY_METADATA	6 months	Description is currently not available.

Privacy Policy for Podcasters | Respect Your Audience & Their Data