Privacy Policy
Last updated July 18, 2026
AuthentiCast helps podcasters, audiobook producers, and audio-drama creators detect when their work is copied or re-uploaded without permission. This policy explains what data we collect, how the detection actually works, and the choices you have. We've written it in plain language on purpose.
1. Who we are
AuthentiCast ("AuthentiCast", "we", "us") provides an audio content-authenticity and theft-detection service. You can reach us any time at [email protected]. This policy covers the AuthentiCast marketing site, the customer dashboard, and the AuthentiCast API.
2. Information we collect
Account information
- Your email address (used to sign in and to send account and detection notifications)
- Your name or account/display name
- Authentication data managed by our infrastructure provider (Supabase) — including a hashed password if you sign up with email, or a provider identifier if you sign in with Google
- API keys you generate (we store a one-way hash and a short non-secret prefix, never the full key after it's shown to you once)
Audio you submit
When you add a track to your catalog or run a check, you provide audio — either as an uploaded file or as a public URL we fetch. We process that audio to compute an acoustic fingerprint (a compact numeric signature). We store the fingerprint, its duration, and a reference label you choose (for example an episode name). We do not retain the original audio file after fingerprinting, and the fingerprint is not a reconstructable copy of your audio.
Content sources you ask us to watch
If you set up a "content source," you give us the titles and creator/show names you want us to watch for. We use these as search terms for the automated sweep described in Section 3.
Detection results
We store the matches we find for your account — what was matched, where, a similarity score, and when — so you can review them in your dashboard.
Billing information
Payments are processed by Stripe. We store a Stripe customer identifier, your plan, prepaid credit balance, and a record of purchases and renewals. We never receive or store your full card details — those go directly to Stripe.
Usage & technical data
- API and dashboard usage (which operations you call and how often, for metering and limits)
- Standard request metadata such as IP address (used for rate-limiting and abuse prevention) and server logs
3. How our detection works (and what that means for data)
Detecting stolen audio requires us to look beyond your own account. This is the part of our service most different from an ordinary app, so we want to be explicit about it.
AuthentiCast operates automated crawlers that scan publicly available sources to build a shared reference corpus and to look for possible unauthorized copies of customer audio:
- Legitimate audio hosts — podcast RSS feeds, Archive.org, and similar public catalogs. We fetch enough of each file to compute a fingerprint, which is added to a shared corpus.
- Known piracy / file-sharing sources — public listing and search pages of sites associated with pirated audio. We fingerprint publicly reachable audio there for the same corpus. We do this to detect theft on our customers' behalf; we never host, distribute, or re-share any pirated material.
- YouTube and TikTok title sweep — for the specific titles and creator names you ask us to watch, we search public results. This sweep is text only — titles, handles, and URLs. We do not download, stream, or fingerprint any media from YouTube or TikTok.
The reference corpus (fingerprints from crawled hosts and piracy sources) is shared across all AuthentiCast customers — that shared library is what makes detection work. Your own catalog fingerprints, your content sources, and your match results are private to your account and are never shared with other customers.
4. How we use your information
- To provide the service — fingerprint your audio, run checks, and surface matches
- To run the automated sweeps for the content sources you configure
- To send you notifications — match alerts, and account/billing emails (payment failed, renewal, cancellation, approaching your usage limit)
- To meter usage, enforce plan limits, and process billing
- To prevent abuse, secure the service, and comply with law
We do not sell your personal information, and we do not use your audio or matches to train models for unrelated purposes.
5. Third-party services
- Stripe — payment processing and billing. Governed by stripe.com/privacy.
- Resend — delivery of our transactional and alert emails. Your email address is shared with Resend to send you those messages.
- Supabase — our hosting, authentication, and database provider, where account data, fingerprints, and match records are stored.
- Public sources we crawl — described in Section 3. We only access publicly reachable pages and files.
6. Cookies & local storage
The dashboard uses your browser's local storage to keep you signed in. We do not use third-party advertising or cross-site tracking cookies.
7. Data sharing & disclosure
We share personal data only: with the service providers above so they can perform their function; when required by law or valid legal process; to protect the rights, safety, and property of AuthentiCast, our customers, or the public; and in connection with a merger, acquisition, or sale of assets (you'll be notified). We never sell your data.
8. Data retention
We keep your account data, fingerprints, and match results for as long as your account is active. You can export your data or close your account at any time from the dashboard. When you close your account we deactivate it (stopping all processing and billing); we may retain limited records as required for legal, tax, or fraud-prevention purposes. To request full deletion of your personal data, email [email protected].
9. Your rights (GDPR & CCPA)
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to not be discriminated against for exercising these rights. You can access and export most of your data yourself from the dashboard, or contact us at [email protected] and we'll respond within the time your law requires.
10. Security
We use encryption in transit, hashed passwords and API keys, scoped access to each customer's own data, and reputable infrastructure providers. No system is perfectly secure, but we work to protect your data and to limit what we collect in the first place.
11. Children's privacy
AuthentiCast is a business tool intended for creators and companies, and is not directed to children. We do not knowingly collect personal information from anyone under 16.
12. Changes to this policy
We may update this policy as the service evolves. We'll change the "last updated" date above and, for material changes, notify you by email or in the dashboard.
13. Contact us
Questions about privacy or your data? Email [email protected].