Privacy Policy

Last updated: June 10, 2026

Red Panda Club records podcast audio. This page explains, in plain words, what data we handle, why, how long we keep it, and how to exercise your rights. We run on EU infrastructure and follow the GDPR.

What we collect

• Account data: your email address. That's the whole account: there are no passwords.
• Recordings: the audio tracks you and your guests record, the merged mixes we produce from them, and the guest's display name if they provide one.
• Billing data: handled by Stripe. We store your Stripe customer and subscription identifiers; we never see or store card numbers.
• Technical data: standard web server logs (IP address, request path, timestamp) for security and debugging. Sign-in links are excluded from logs. We use one session cookie (rpc_session) strictly for keeping you signed in.

We use no analytics, no advertising trackers and no third-party cookies.

Why we process it

• To provide the service (contract): accounts, recording, merging, downloads, emails like sign-in links and guest invites.
• To keep the service safe (legitimate interest): rate limiting, abuse prevention, and a Cloudflare Turnstile check on the login form.
• To comply with the law (legal obligation): invoicing and accounting through Stripe.

Your recordings

Recordings belong to you. We process them only to store, merge and deliver them back to you, nothing else. We don't listen to them, analyse them, share them or use them to train anything. As the host, you are responsible for telling your guests they are being recorded and for complying with the recording-consent laws that apply to you.

During a session your browser also keeps a temporary local safety copy (IndexedDB) so a crash can't lose the take; it lives only on your device and is cleaned up automatically within 7 days.

How long we keep things

• Recordings: Starter plan, 14 days; Pro and Network, until you delete them. You can delete any session (or all of them) from the app at any time, which removes the files immediately.
• Temporary upload chunks: deleted right after a successful merge.
• Sign-in links: valid for 15 minutes, single-use, purged shortly after expiry.
• Sessions: 30 days, renewed while you use the app; expired sessions are purged daily.
• Account: until you ask us to delete it.

Who we share data with

Only the processors needed to run the service:

• Hetzner (Germany/EU): servers and storage.
• Stripe: payments and invoicing.
• Resend: transactional email (sign-in links, invites).
• Cloudflare Turnstile: bot protection on the login form only.

We never sell data, and we never share recordings with anyone.

Security

All traffic is encrypted with TLS. Sign-in tokens and session identifiers are stored only as cryptographic hashes, guest links use unguessable tokens, and the service runs with hardened, least-privilege configuration.

Your rights

Under the GDPR you can request access, correction, deletion, portability, or object to processing. Deleting recordings and sessions is self-service in the app; for anything else (including full account deletion), use the contact form in your account page or reply to any email we've sent you. We answer fast. You can also lodge a complaint with your local data protection authority.

Changes

If we make material changes to this policy we'll email account holders before they take effect.