Privacy Policy for YourPods Last Updated: May 2, 2026
A Secret Company, LLC (“we,” “us,” or “our”) respects your privacy and is committed to protecting it. YourPods supports three distinct modes of operation, each with different data handling characteristics. This Privacy Policy describes how data is handled in each mode.
By using YourPods, you agree to the terms outlined in this policy.
1. Account Types & Data Handling
YourPods offers three ways to use the app. You choose how your data is handled based on the account type you use.
1.1 Local Account (No Sync — Default)
If you do not sign in to any sync service, YourPods operates in fully local mode.
- All data (subscriptions, downloads, playback progress, queue, settings) is stored exclusively on your device.
- Data is encrypted by the iOS/macOS operating system using standard device passcode protection.
- We have zero access to this data. Nothing is transmitted to our servers.
- No account or email address is required.
- We do not collect personal information, track usage, or use third-party analytics SDKs or advertising networks.
This is the Zero-Knowledge mode described in our original privacy pledge. It remains fully available and is the default experience.
1.2 Self-Hosted gPodder Sync (External Server)
YourPods allows you to synchronize your subscriptions and playback state using a self-hosted Nextcloud server with the gpodder-sync application, or any gPodder v2-compatible server.
- User-Controlled Infrastructure: Synchronization occurs exclusively between your device and your designated server URL. You control where your data is stored.
- Data Transmitted to Your Server: Subscription URLs, episode playback actions (play, pause, delete, position), and a device identifier.
- No Intermediary: This data traffic does not pass through A Secret Company, LLC’s servers. We are technically unable to intercept or view this data.
- Credentials: Your server credentials (username, password, or authentication tokens) are stored in the iOS/macOS Keychain and are only transmitted to your specified server for authentication.
We are not responsible for the security, availability, or privacy practices of your self-hosted server. See Section 4 for third-party liability details.
1.3 YourPods Sync Account (Our Cloud Service)
YourPods Sync is a cloud synchronization service operated by A Secret Company, LLC. When you create a YourPods Sync account, your data is stored on our servers.
What we collect and store:
| Data Category | What’s Stored | Purpose |
|---|---|---|
| Account | Email address, hashed password (via Firebase Authentication) | Account creation, login, password recovery |
| Subscriptions | Podcast feed URLs | Library sync across devices |
| Playback State | Episode URL, playback position, timestamp, completion status | Resume listening on any device |
| Queue | Ordered list of episode URLs with metadata | Up Next sync |
| Settings | Listening profiles, per-podcast playback preferences | Preference sync |
| Groups | Library folder names and podcast assignments | Organization sync |
| Listening Stats | Play/skip/complete events with timestamps and durations | Personal listening analytics |
| Account Tier | Sync or Pro subscription status | Feature access |
What we do NOT collect:
- Audio content or episode files (these are fetched directly from podcast publishers)
- Device identifiers beyond what is needed for sync
- Location data
- Contacts, photos, or any other device data
- Third-party analytics or advertising data
Where your data is stored:
- Our servers are hosted on DigitalOcean infrastructure located in the United States.
- Account authentication is provided by Google Firebase Authentication.
- All data is transmitted over HTTPS/TLS encryption.
YourPods Pro (paid tier) additional data:
If you upgrade to YourPods Pro, we additionally store:
- An auto-generated app password for gPodder bridge access (hashed, not stored in plaintext).
- gPodder v2 protocol sync data used by third-party clients you connect.
2. Account Credentials
Depending on your account type:
- Local Account: No credentials required. No account exists.
- Self-Hosted gPodder: Credentials are stored in the iOS/macOS Keychain and transmitted only to your server. We never see them.
- YourPods Sync: Your email and password are managed by Firebase Authentication (a Google service). Passwords are hashed and salted; we do not have access to your plaintext password. See Firebase’s privacy documentation for details.
3. Podcast Host Interactions (All Account Types)
When you stream or download an episode, or refresh a podcast feed, the App makes a direct network connection to the podcast publisher’s server.
- Data Transmitted: Your IP address and the App’s User Agent string are visible to the podcast host.
- Privacy Note: We do not control how podcast publishers handle your IP address. We recommend reviewing the privacy policies of the specific podcasts you subscribe to.
4. Privacy Preserving Playback (P3)
YourPods offers an optional feature called “Privacy Preserving Playback” (P3) that removes known third-party tracking redirects and dynamic ad insertion (DAI) services from podcast episode URLs before your device initiates playback or downloads. When P3 is enabled, your device connects directly to the podcast’s audio hosting server, bypassing intermediary analytics and advertising services.
P3 is available to all users, regardless of account type (Local, gPodder, or YourPods Sync).
4.1 How P3 Works
Many podcast episode URLs include multiple layers of tracking redirects. For example, a single episode URL may route through analytics services such as Podtrac, Chartable, and Podsights before reaching the actual audio file. Each service in the chain logs your IP address, device information, and download event.
P3 performs on-device URL cleaning — it parses the episode URL locally and extracts the direct CDN URL (the actual audio file) without making any network requests to the tracking services. P3 currently blocks 20 tracking and DAI services across 32 domains.
4.2 Data Processing
- Data Collected: None. P3 does not collect, transmit, or store any user data.
- Processing Location: On-device only. All URL parsing and cleaning happens locally using a static pattern-matching engine. No network requests are made as part of the cleaning process.
- No Proxy or VPN: YourPods does not operate any proxy, VPN, or intermediary server in connection with P3. Your device connects directly to the podcast’s audio host.
4.3 What P3 Blocks
When P3 is active for a podcast:
- Your device connects directly to the podcast’s audio CDN.
- Your device does not connect to any of the blocked tracking or DAI services — not even a DNS lookup is initiated for their domains.
- Known analytics query parameters (such as UTM parameters) are stripped from URLs. Non-tracking parameters (authentication tokens, CDN signatures) are preserved.
When P3 is inactive (the default), episode URLs are used as provided by the podcast’s RSS feed, and your device follows the full redirect chain as normal.
4.4 P3 User Controls
- P3 is disabled by default. You must explicitly opt in via Settings → Playback → P3.
- You may override the global setting on a per-podcast basis through each podcast’s Listening Profile settings.
- For YourPods Sync and Pro users, your P3 preference is synced across devices as part of your app settings. For gPodder sync users, P3 preferences remain device-local (the gPodder protocol does not support settings sync).
5. Third-Party Services
5.1 Firebase Authentication (YourPods Sync Only)
YourPods Sync accounts use Google Firebase Authentication. Firebase may collect limited technical data as described in Firebase’s privacy documentation.
5.2 Crisp Chat (Account Portal Only)
The account management portal at account.yourpods.app uses Crisp for live chat support. When you initiate a support conversation while logged in, your email address is shared with Crisp to provide context to support agents. See Crisp’s privacy policy for details.
5.3 RevenueCat (Subscription Management)
If you subscribe to YourPods Pro, your subscription is managed by RevenueCat. RevenueCat processes your purchase through Apple’s App Store. See RevenueCat’s privacy policy for details. We receive a subscription status (active/expired) and your anonymous app user ID — we do not receive your payment details.
5.4 Self-Hosted Servers
If you use self-hosted gPodder sync, you are solely responsible for:
- The security, maintenance, and configuration of your server.
- Ensuring your server complies with applicable data protection laws.
- The reliability of the gPodder sync API implementation on your server.
To the maximum extent permitted by applicable law, A Secret Company, LLC disclaims all liability for data loss, corruption, or synchronization errors resulting from third-party services; security breaches or unauthorized access to your personal server; and service interruptions caused by third-party software.
6. Apple Standard Data
Apple Inc. may collect limited, anonymized technical data (such as crash reports or installation metrics) depending on your device’s privacy settings (Settings > Privacy > Analytics & Improvements). This data is aggregated and does not identify you personally to us.
7. Your Data Rights (GDPR / CCPA / WA State)
Your data rights depend on your account type:
| Right | Local Account | Self-Hosted gPodder | YourPods Sync |
|---|---|---|---|
| Access | Data is on your device | Data is on your server | Export via account portal |
| Export | N/A | Managed by your server | JSON export at account.yourpods.app |
| Deletion | Delete the app | Managed by your server | Full account deletion at account.yourpods.app |
| Correction | Edit locally | Managed by your server | Update via account portal or app |
YourPods Sync account deletion:
- You may delete your account at any time through
account.yourpods.app. - Upon deletion, all your data (subscriptions, playback, queue, settings, stats) is permanently and irreversibly removed from our servers.
- A minimal retention record (hashed email address, account tier, and deletion date) is retained for 3 years as required by Washington State record-keeping laws. This record cannot be used to identify you or reconstruct your data.
8. App Permissions
The App may request access to certain iOS/macOS features. You can revoke these permissions at any time in iOS/macOS Settings, though this may limit functionality.
- Network Access: Required to download feeds/episodes and to sync with your server or YourPods Sync.
- Background App Refresh: Used to update feeds and sync data while the App is in the background.
- Notifications: (Optional) Used to alert you of new episodes or download completions.
9. Children’s Privacy
The App is not intended for children under the age of 13. We do not knowingly collect information from children. If you are a parent or guardian and believe your child has created a YourPods Sync account, please contact us at support@asecretcompany.com and we will promptly delete the account.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our App or legal requirements. If we make material changes, we will notify you through the App or our website. Your continued use of the App after such changes constitutes acceptance of the new policy.
11. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
A Secret Company, LLC
Vancouver, Washington, USA
Email: support@asecretcompany.com
Website: https://asecretcompany.com/