Safeguarding your data

Data in transit

All transactions relating to personal personal information are performed over SSL. This means communication between all parties involved is encrypted, using standards-compliant encryption algorithms (eg SHA-256).

Data at rest

Passwords you supply to this website are one-way encrypted (meaning they cannot be decrypted). Social media accounts you connect to your Podiant account are encrypted using two-way encryption, and a strong cryptographic key.

To protect your data, we do not disclose the specific encryption methods used.

All transactions relating to personal personal information are performed over SSL. This means communication between all parties involved is encrypted, using standards-compliant encryption algorithms (eg SHA-256).

Financial records

We do not keep financial details. Our payment provider (Stripe) provides a mechanism to access your debit or credit card for specific, stated purposes (all transactions will appear on your bank or credit card statement with the name “Podiant”), and for the processing of refunds. We store a token which represents your debit or credit card, and cannot use that token for any purpose out-of-scope of the services Podiant provides.

In the event of a breach

Data breaches are unlikely, but not impossible. In the event of a breach (in which data we hold about you is exfiltrated from our data centre), we will first take the following remedial steps, and also do everything in our power to discover the nature of the breach, and how the information was obtained, so that we can prevent further such breaches.

In the event that social media account information (API access tokens) are leaked, we will contact each affected user and request that they disallow access of the Podiant app to their connected social media accounts.

In the event that the social media account encryption key is leaked, we will remove our current suite of social media apps (thus disconnecting those accounts) and create new social media apps that users may use to connect their accounts to our service.

In the event that encrypted passwords are leaked, we will contact affected users and request that they change their password.

Should the above happen and the secret key used to encrypt passwords is revealed, we will generate a new key, thus invalidating all current passwords, and contact each Podiant user - regardless of whether they were affected by the breach - requesting that they use our “Forgotten password” page to obtain a new password.

In the event that Stripe subscription tokens are leaked (and only if our live Stripe API key is also leaked), we will generate a new Stripe API key pair, thus invalidating the old pair. (Stripe subscription IDs can only be used with a valid Stripe secret API key).

In the event that API credentials are leaked that would allow users to upload, update or delete content stored at our host’s object store (this includes audio files and images uploaded via our service), these API credentials will be invalidated and new keys obtained.