rede · legal

Privacy

Last updated: May 25, 2026

Rede is a multi-tenant platform for podcasts, shows, and the people who appear on them. This page tells you, in plain language, what we collect, what we do with it, and what we don’t do with it.

Short version, in two doctrines we built the platform on:

  • Knowledge crosses tenants freely; people do not. Public Q&A content can be cited across the network. Your contact details, internal notes, and personal records cannot.
  • We don’t use your data to predict, rank, or recommend. No engagement-maximizing algorithms. No behavioral ad targeting. No selling personal data to third parties.

1. What we collect

1.1 Account data

When you sign up, we collect your email address, a name you choose, and (optionally) an avatar image. Authentication is handled by Clerk; the same data lives in their system. We use it to identify you across the network and to send you transactional email (welcome notices, notifications you opted into, security alerts).

1.2 Identity profile

If you build a media kit, your Identity profile holds the professional materials you choose to share: bio, social links, professional photos, the shows you’ve guested on. You own this record. You can edit or delete it at any time from your /me page.

1.3 Show / tenant data

If you run a show on Rede, your tenant workspace holds the Q&A you author, the guests you book, your show pages, and operator notes. Each tenant’s workspace is isolated from every other tenant’s — operators of Show A cannot see the workspace of Show B.

1.4 Submissions from the public

When someone uses the “Ask” form on a show’s public page, we collect their submission text, optional contact details, and limited technical metadata (IP-prefix hash, bot-protection signals) used to filter spam and abuse. The IP-prefix is salted with a monthly-rotated key and never stored as a plain IP.

1.5 Logs and operational data

Standard web-app logs: request paths, response codes, error traces, cron-job outcomes. These are retained for operational debugging and are not used to profile individual users.

2. What we do with it

We use the data to operate the platform. That means: signing you in, delivering the features you use, emailing you transactional notices, generating AI-assisted briefings you opt into, scanning content for legally prohibited material (see §4), and producing the cross-tenant public surfaces (citations, public answers) that are part of the product.

We don’t sell your data. We don’t share it with advertisers, data brokers, or anyone outside the operational vendors listed in §6.

3. Cross-tenant visibility

Each record on Rede carries a sharing_scope — currently private (tenant-only) or public (visible across the network and to the open web).

  • Public Q&A is indexed by search engines and may be cited by other shows on Rede. That’s the network effect we built.
  • Private records are visible only to operators of the authoring tenant. They never appear in cross-tenant search, citations, or RSS.
  • Your Identity profile (media kit) is private to you and to the shows you explicitly grant access to. It is never indexed or surfaced to other tenants without your action.
  • Tenant-private notes about you (a producer’s shorthand on a past appearance, for example) are tenant- internal. You don’t see them; other tenants don’t see them.

4. Content safety scanning

Rede scans uploaded media and submitted content for two narrow categories that have no legitimate place on the platform:

  • Child sexual abuse material (CSAM) — detected via Microsoft’s PhotoDNA hash-matching service. Confirmed matches are reported to the National Center for Missing & Exploited Children (NCMEC) per U.S. law (18 U.S.C. § 2258A).
  • Credible threats of imminent violence — detected by pattern matching against three signals (named target + literal-harm method + concrete timeframe). All three must be present.

Every flagged match goes to a human-review queue first. No automated reporting, no automated deletion. The full doctrine (what gets scanned, what doesn’t, the human-review gate, the no-mission-creep posture) is part of the platform’s architecture, not an internal policy that can be quietly changed.

5. AI-assisted features

Some features generate AI summaries (host briefings, keyword extraction) from already-public content you authored. These run through a managed gateway with zero data retention. We don’t train models on your data. Briefings are cached and regenerated only when source content changes — we don’t re-run the model on every page view.

6. Sub-processors

The vendors we rely on to operate Rede:

  • Clerk — authentication + user identity storage
  • Vercel — hosting + edge network + AI Gateway
  • Postgres (managed) — application database
  • Cloudflare R2 — media file storage
  • Resend — transactional email delivery
  • Microsoft PhotoDNA — CSAM hash matching (no content stored on their side; only the hash is compared against their database)
  • NCMEC CyberTipline — required statutory reporting channel for confirmed CSAM matches

7. Your rights

You can:

  • Access the data we hold about you — email us and we’ll send a full export.
  • Correct inaccuracies through your /me page (for your Identity) or your tenant workspace (for content you authored).
  • Delete your account — email us to request deletion. Tenant-owned records you authored (your show’s Q&A) belong to the tenant and remain unless the tenant owner deletes them; your portable Identity profile is deleted with your account.
  • Object to specific processing (e.g. opt out of optional briefing generation) through your account settings.
  • Withdraw consent at any time for processing based on consent.

EU/UK users have additional rights under GDPR. We comply with the same baseline globally; jurisdiction-specific procedures are handled by email request.

8. Cookies

We use a small number of strictly necessary cookies: authentication session (Clerk), a media-kit verification cookie when you verify your email on a media kit, and Vercel analytics where deployed. No third-party tracking, no ad cookies. The site works without consent-gated cookies because we don’t set any.

9. Children

Rede is not directed at children under 13 (or 16 in the EU where applicable). We don’t knowingly collect data from them. If you believe a child has signed up, email us and we’ll delete the account.

10. Changes to this policy

We’ll update this page when the platform’s data handling changes. The “Last updated” date at the top reflects the current revision. Material changes will be announced via email to active accounts.

11. Contact

Questions about privacy, GDPR requests, or anything else on this page: hello@isrede.fm.