Privacy Policy

Last updated: 26 February 2026
Effective date: 26 February 2026

This Privacy Notice for Internal Cast LLC (doing business as Internal Cast) ("we," "us," or "our") describes how and why we collect, store, use, and share ("process") your personal information when you:

  • Visit our website at https://www.internalcast.com or any linked site
  • Use the Internal Cast platform — an audio communication tool that converts text into AI-generated private podcast updates, with role-based access and user engagement analytics
  • Download and use our mobile applications (iOS/Android)
  • Interact with us via marketing, events, or other communications

If you disagree with our policies or practices, please do not use our Services. For questions or concerns, contact us at team@internalcast.com.

1. Data Controller and Data Processor

Internal Cast LLC acts as the Data Controller for account-level data of workspace administrators and team members (such as names, email addresses, and billing information). This means we determine the purposes and means of processing this personal information.

For content uploaded by customers — including text, scripts, and audio — Internal Cast acts as a Data Processor, processing such data solely on behalf of and under the instructions of the customer (the Data Controller). Details of this processing relationship are described in our Data Processing Agreement.

2. Information We Collect

2.1 Personal Information You Provide

We may collect personal details you voluntarily provide, such as:

  • Name, email address, organization
  • Account registration details and team membership
  • Content you submit (e.g. text for podcast generation)
  • Payment information (processed securely by Stripe)
  • Support requests, surveys, event participation

2.2 Information Collected Automatically

When you use our Services, we may automatically collect:

  • IP address (anonymized where applicable)
  • Browser type and version
  • Device type, operating system, and app version
  • Pages viewed, in-app screens visited, and timestamps
  • Playback events: play, pause, seek, completion, listening duration
  • Error and crash logs (for debugging and reliability)

2.3 Special Categories of Data

We do not intentionally collect or process any special categories of personal data, such as information about health, political opinions, religious beliefs, trade union membership, sexual orientation, or biometric/genetic data. If you voluntarily provide such information within content uploaded or generated using our Services, you do so at your own discretion, and such data will be processed only as technically necessary to operate the Service. We strongly discourage users from uploading or including such information.

2.4 Voice Synthesis & Cloning

If you use our voice cloning features, the resulting voice models are private. They are accessible only to your organization and are not shared with other customers or used to improve any global voice libraries.

Consent. The Client (Organization) is solely responsible for obtaining all necessary legal consents from any individual whose voice is being cloned.

Internal Cast acts as a technical intermediary and does not monitor or verify the ownership of uploaded voice samples unless required by law.

3. How We Use Your Information

We process information to:

  • Provide, operate, and maintain our Services
  • Authenticate users and manage secure access
  • Track playback progress and show episode analytics
  • Improve performance and user experience
  • Detect, prevent, and address technical issues or fraud
  • Communicate important updates, announcements, and respond to inquiries
  • Comply with legal obligations

3.1 Automated Decision-Making and AI Processing

Some features of Internal Cast rely on automated processing provided by specialized third-party AI sub-processors, including AI-based voice synthesis, transcription, and language understanding. These processes are not used to make decisions that produce legal or similarly significant effects on users. The AI systems operate under human oversight and are designed solely to deliver core service functionality, such as generating voice or transcribing content.

Our AI sub-processors process data strictly via API. We ensure through our agreements that customer content is not used to train the providers' foundation models. Data is used only to generate the output (text or voice) requested by the user.

We do not perform profiling for advertising, scoring, or behavioral analysis purposes. Any future introduction of automated decision-making affecting user rights will be subject to explicit user consent and transparent disclosure.

4. Legal Basis for Processing (GDPR)

We process personal information under the following legal bases:

  • Performance of a contract — account creation, authentication, service delivery
  • Legitimate interest — analytics, service improvement, capacity planning, and security monitoring
  • Consent — when you opt-in to marketing communications or provide optional data

5. Analytics & Tracking Technologies

  • Vercel Analytics: collects anonymous, aggregated usage statistics (page views, region, device type)
  • Playback Analytics: events like play/pause/seek/progress are logged to understand engagement and improve UX
  • Crash Reporting: if Sentry or equivalent is enabled, device info, OS version, and stack traces may be collected to diagnose issues

We do not engage in behavioral advertising or cross-site tracking.

5.1 Analytics and Listening Metrics

We collect limited and anonymous analytics data related to how invited users interact with audio content within the Internal Cast platform. This includes playback actions (such as play, pause, progress milestones, completion, and seek events), device type, and basic session information.

This data is processed solely for the purpose of providing playback statistics and engagement insights to the workspace administrators who manage internal content. No personally identifiable information (such as names, email addresses, or IP addresses) is stored or shared with third parties.

The analytics functionality is powered by Google Analytics 4, configured in a privacy-friendly mode (with anonymized IPs and without user tracking across sites). These analytics are used exclusively for internal reporting, product improvement, and service reliability purposes.

Each workspace administrator or user who creates audio content on the Internal Cast platform is responsible for managing access to their published episodes. If an episode link is shared publicly outside the intended private group, playback analytics will still be collected for technical and statistical purposes, but Internal Cast is not responsible for the distribution or public availability of that content.

Analytics data for publicly shared or distributed episodes remains anonymous and is processed solely for aggregate reporting, platform reliability, and technical performance monitoring.

Internal Cast does not use analytics for advertising or audience profiling, even when episodes are publicly available. All analytics data, including anonymized IP information, is processed in accordance with applicable privacy regulations (such as GDPR).

5.2 Google Analytics Configuration

We use Google Analytics 4 in a privacy-friendly configuration without cookies, ad personalization, or client storage. All IP addresses are anonymized before processing and Google Signals are disabled. This setup allows us to measure basic website performance without tracking or identifying visitors.

5.3 Firebase Analytics (App Telemetry)

Internal Cast mobile apps use Firebase Analytics (Google LLC) to collect anonymous playback and engagement metrics. All analytics are configured in non-personalized mode — ad personalization, Google Signals, and IDFA tracking are disabled.

We explicitly set:

Analytics.setConsent([
    .adStorage: .denied,
    .adUserData: .denied,
    .adPersonalization: .denied
])

Data collected includes:

  • playback events (audio_start, audio_pause, audio_seek, audio_progress, audio_complete)
  • episode ID, playback position, and duration
  • app version, OS version, and device type
  • anonymous session timestamp (no IP or user ID)

This telemetry is used solely to improve playback performance and reliability. No behavioral profiling, cross-app tracking, or advertising use occurs. Users can disable analytics anytime in the app settings under “Send Anonymous Analytics.” Firebase processes this data under Google’s Data Processing and Security Terms and Standard Contractual Clauses (SCCs).

Firebase telemetry retention. Firebase telemetry is retained in aggregated form for up to 14 months, consistent with Google’s default retention settings, after which data is automatically deleted or aggregated. No identifiable user data is stored.

6. Cookies and Similar Technologies

We do not use cookies for analytics or advertising.

Session data and authentication tokens may be stored locally (browser sessionStorage, localStorage, or secure storage on device) to maintain login sessions.

7. Mobile App Permissions

Our iOS and Android apps may request access to:

  • Network – to stream audio and sync data
  • Local storage – to temporarily cache episode artwork or metadata
  • Push notifications – optional, used to notify about new episodes or updates
  • Microphone – required if the user chooses to record audio updates directly within the app

You can control or revoke these permissions in your device settings at any time.

8. Data Security

We apply appropriate technical and organizational measures to protect personal data, including:

  • Hosting on secure, SOC 2-compliant cloud infrastructure
  • HTTPS/TLS encryption in transit
  • Encrypted storage where applicable
  • Role-based access control and optional two-factor authentication
  • Signed or tokenized audio URLs with limited validity

9. Sharing Your Information

We do not sell or rent personal information to third parties.

We may share data with:

  • Infrastructure and hosting providers — for secure hosting, content delivery, and deployment, under contractual agreements with data processing terms
  • Specialized third-party AI sub-processors — for text summarization, script generation, and voice synthesis, under strict API-only agreements that prohibit the use of customer content for model training
  • Payment processors — for secure payment handling (see below)
  • Legal authorities — when required by law

A complete list of sub-processors and their roles is available upon request by contacting team@internalcast.com.

Payment Processing (Stripe):
Stripe processes payments as an independent data controller under their own Privacy Policy. We never store full credit card numbers.

10. Public Links & Tokenized Access

When you share an episode, a signed or tokenized URL may be generated.

These links have limited validity and can be revoked by administrators to protect privacy.

11. Data Retention and Deletion

We retain your personal data only for as long as necessary to provide our Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

  • Account data: retained until you request deletion or close your account
  • Playback analytics / usage data: typically retained 90 days in aggregated form
  • Crash logs: retained only as long as needed for troubleshooting
  • Support tickets and email correspondence: retained for up to 12 months unless required longer for dispute resolution
  • Financial records: billing details, invoices, and tax information may be retained for up to 7 years as required by applicable law

When you delete your account or request deletion:

  • Active personal data is deleted or anonymized from active databases within 30 days of a valid request.
  • Encrypted backup copies are permanently erased within 90 days.

During the retention period, any preserved data is protected under the same security and confidentiality measures described in this Policy. Data deletion from all systems is not instantaneous due to technical limitations and the presence of distributed backups.

12. Your Rights

If you are located in the EEA, UK, or California, you have the right to:

  • Access, correct, delete, or restrict processing of your personal data
  • Withdraw consent where processing is based on consent
  • Request data portability
  • Opt-out of sale of personal data (we do not sell personal data)
  • Not face discrimination for exercising these rights

Requests can be sent to team@internalcast.com. We will respond within 30 calendar days of receipt. If additional time is required due to complexity or volume, we may extend by up to 30 days with advance notice.

To protect your privacy, we may request identity verification before processing your request (for example, confirmation via your registered email address). Requests that cannot be verified may be rejected with an explanation.

Certain data cannot be deleted immediately due to legal requirements (such as financial records retained for tax compliance) or technical reasons (such as encrypted backups). In such cases, we will anonymize the data so it can no longer be associated with any identifiable user. For specific retention timelines, see Section 11.

Our Data Processing Agreement is available at https://www.internalcast.com/data-processing-agreement/.

13. Children's Privacy

Our Services are not intended for individuals under 18.

If we discover that we have inadvertently collected personal data from a minor under 18, we will delete it as soon as possible.

14. International Transfers

To provide our Services, we may use infrastructure and AI sub-processors located in the United States and other global jurisdictions. We use Standard Contractual Clauses (SCCs) and robust encryption to ensure that your data receives an equivalent level of protection regardless of where it is processed.

Copies of the relevant transfer safeguards may be requested by contacting us at team@internalcast.com.

15. Changes to This Policy

We may update this Privacy Policy from time to time.

For material changes, we will notify users by email, in-app notice, or website announcement at least 30 days prior to changes taking effect.

16. Contact Us

For privacy-related questions or to exercise your rights, contact:
Email: team@internalcast.com
Address: Internal Cast LLC, Wyoming, USA

If you have questions, concerns, or complaints regarding how we handle your data, you may contact us at team@internalcast.com.

If you reside in the European Economic Area (EEA) or the United Kingdom and believe that our processing of your personal data infringes applicable law, you have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first, and we will do our best to resolve the issue promptly.

Supervisory Authority contacts for EU/UK residents are listed at: