Last Updated: September 10, 2025
Artelax Inc. (“Artelax”) provides this statement to explain how Podwist complies with the European Union General Data Protection Regulation (GDPR) and related data protection obligations.
Artelax Inc. is the data controller for personal data collected through Podwist. Contact: [email protected].
We process minimal personal data: primarily your email address obtained via Google Sign-In. We also process anonymized analytics data (anonymized IP, device and usage data) via PostHog. We do not collect or store profile pictures or other Google profile fields unless you explicitly provide them in-app.
We collect the minimum data necessary to operate: only user email is retained as a personal identifier. Analytics data is anonymized and used only to improve the Service. We do not process personal data for unrelated purposes.
All user personal data is stored on secure servers located in the European Union; no personal data is stored in Turkey. Analytics are processed in Frankfurt, Germany (PostHog). We use appropriate contractual safeguards and technical measures with processors to ensure adequate protection for data transfers within the EEA.
We implement technical and organizational measures appropriate to the risk, including AES-256 encryption at rest, TLS for data in transit, two-factor authentication (2FA) for accounts where applicable, end-to-end encryption for sensitive flows where feasible, access controls, and routine security testing.
Data subjects may exercise their GDPR rights (access, rectification, erasure, restriction, objection, portability, withdraw consent) by contacting [email protected]. We will verify identity, handle requests promptly, and in any event within 30 days unless complexity requires extension in accordance with GDPR.
We do not perform automated decision-making that has legal or similarly significant effects on data subjects. The Service uses AI for content conversion (transcription, summarization, TTS) but not to make autonomous decisions about individuals.
Users are responsible for the content they submit for conversion. If a rights holder provides notice to [email protected] asserting infringement, we will remove the infringing converted content and all associated stored data from our EU servers within 7 days and prevent re-uploading of the same infringing asset.
For data protection inquiries or to exercise your rights contact: [email protected]. If necessary, you may lodge a complaint with the relevant supervisory authority in your country or with the Turkish Personal Data Protection Authority (KVKK).
We maintain records of processing activities, regularly review technical and organizational measures, conduct risk assessments, and ensure that processors we use adhere to GDPR obligations.
This GDPR Compliance Statement should be read together with our full Privacy Policy and Terms of Service.