Privacy Policy
Last updated: 4 July 2026
This Privacy Policy explains how Turnstac Technologies Limited (“Turnstac”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you use Aurio — our podcast, clips, and AI-recap application and website (together, the “Service”). We are the data controller for the personal data described here. We are committed to handling your data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using the Service, you acknowledge the practices described in this policy.
Who we are
The Service is operated by Turnstac Technologies Limited, a company registered in England and Wales. If you have any questions about this policy or how we handle your data, you can contact us at contact@turnstac.com.
For the purposes of UK data protection law, Turnstac Technologies Limited is the “controller” responsible for your personal data.
Information we collect
Account information. When you create an account, we collect your email address, a securely hashed password, and an optional display name. If you sign in with Apple or Google, we receive a limited identifier and, where you permit it, your email address and name from that provider. We never receive or store your Apple or Google password.
Content you create. We collect the content you choose to share on the Service, including episode comments (“Tweet on Pod”), replies, likes, bookmarks, and messages you send in watch-party chat.
Usage and playback data. To provide features such as “Continue Listening” and personalised recommendations, we collect information about how you use the Service — for example, the podcasts, episodes, and clips you play, your playback progress, and content you follow or interact with.
Device and technical data. We automatically collect certain technical information when you use the Service, such as device type and operating system, app version, general diagnostic and performance data, IP address, and advertising identifiers (where applicable). This helps us keep the Service secure, diagnose problems, and improve reliability.
Support communications. If you contact support or raise a case, we collect the information you provide in your message so we can respond and keep a record of the issue.
How we use your information
To provide and operate the Service — creating and authenticating your account, delivering podcast and clip content, saving your playback progress across devices, and enabling comments and watch parties.
To personalise your experience — generating recommendations and surfacing content we think you will find relevant based on your listening and interaction history.
To communicate with you — sending transactional messages such as email-verification codes, password-reset links, in-app notifications, and responses to your support requests. We do not send marketing email.
To keep the Service safe and lawful — detecting and preventing fraud, abuse, and objectionable content, enforcing our Terms of Service, and protecting the rights and safety of our users.
To improve the Service — understanding how features are used, fixing issues, and developing new functionality.
To show advertising — where the Service displays ads, we and our advertising partners may use limited data to serve and measure them (see “Third-party services” below).
Legal bases for processing
Under UK GDPR we rely on the following legal bases. Contract: to create your account and provide the features you request. Legitimate interests: to secure, maintain, analyse, and improve the Service, and to prevent abuse — balanced against your rights and freedoms. Consent: where required, for example for certain advertising or device identifiers; you can withdraw consent at any time. Legal obligation: where we must process data to comply with the law.
Third-party services
We use trusted third parties to run the Service. These include: Amazon Web Services (cloud hosting and infrastructure, including our servers, databases, and image delivery, primarily in the London (eu-west-2) region); Amazon Simple Email Service (sending transactional email such as verification and password-reset messages); Apple and Google (sign-in, where you choose to use it); and Google AdMob (advertising, where ads are shown). We also retrieve podcast and clip content from third-party feed and media providers.
These providers process data on our behalf as processors, or as independent controllers for their own purposes (for example, ad networks). We only share what is necessary for each service to function, and we require appropriate safeguards where data is transferred outside the UK, such as standard contractual clauses or an adequacy decision.
Your rights
Under UK data protection law you have the right to: access the personal data we hold about you; ask us to correct inaccurate or incomplete data; ask us to delete your data; restrict or object to certain processing; request a portable copy of data you provided to us; and withdraw consent where we rely on it. You will not be subject to solely automated decisions that produce legal or similarly significant effects.
To exercise any of these rights, contact us at contact@turnstac.com. We will respond within the time limits required by law. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority, at ico.org.uk — though we would appreciate the chance to address your concerns first.
Account deletion
You can permanently delete your account and its associated data at any time from Account → Delete account within the app or website, or by contacting us at contact@turnstac.com. Deletion is permanent and removes your profile, comments, and related data, subject to any limited retention we are legally required or permitted to keep (see “Data retention”).
Data retention
We keep your personal data only for as long as necessary to provide the Service and for the purposes described in this policy. Account and content data is retained while your account is active and deleted when you delete your account, except where we must retain limited information to comply with legal obligations, resolve disputes, prevent abuse, or enforce our agreements. Diagnostic and log data is kept for a limited period and then deleted or anonymised.
Security
We take appropriate technical and organisational measures to protect your data, including encryption of data in transit, hashing of passwords, encrypted connections to our data stores, and access controls that limit who can view your information. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.
Children’s privacy
The Service is not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at contact@turnstac.com and we will take steps to delete it. Where required by local law, a higher age threshold for consent may apply.
International data transfers
We are based in the UK and primarily process data in the UK and the European Economic Area. Where data is transferred to, or accessed from, other countries — for example by our service providers — we ensure an appropriate safeguard is in place, such as an adequacy decision or standard contractual clauses, so that your data continues to receive an equivalent level of protection.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you within the Service. We encourage you to review this page periodically.
Contact us
If you have any questions, requests, or complaints about this Privacy Policy or how we handle your personal data, please contact us at contact@turnstac.com. Turnstac Technologies Limited, registered in England and Wales.