GDPR Related Product Updates

Today, May 25, 2018, the European Union is enacting the General Data Protection Regulation, GDPR, which is a sweeping reform aimed at ensuring that EU citizens personally identifiable data are being managed properly by all businesses.

When it comes to podcasting there isn’t a whole lot of Personally Identifiable Information that is collected.  As you know there are never email addresses, names, or phone numbers collected from your podcast subscribers.  The only potentially personally identifiable information that is ever collected is in the Statistics or Analytics platforms in the form of IP addresses.

Your IP address is a sort of digital address of your computer (and internet connection) online. This is considered PII under GDPR and as such is something that we have taken steps to anonymize in both the Seriously Simple Stats add-on plugin module as well as in the Castos Analytics platform.

As there are 2 separate products that we maintain that have visibility to podcast listeners’ IP addresses we’ll walk through how these are managed independently.  In both cases though we are following the same anonymization approach that Google uses to deitentify their Google Analytics data.

Seriously Simple Stats

In the Seriously Simple Stats add-on plugin there are a few pieces of information that are collected each time a listener accesses a file in your podcast RSS feed.  These are:

  • Date and time of the request
  • User Agent – i.e. which type of browser, operating system, podcast app, etc. makes the request
  • IP address
  • File that is requested

Neither the date/time, User Agent, or File that is requested are considered to be Personally Identifiable Information, and as such there’s nothing that needs changing there.

The IP address has historically been stored in your WordPress database directly, and as of v1.2.1 of the Seriously Simple Stats plugin the last octet (the digits after the last ” . “) of a listener’s IP address will be anonymized.  For example instead of “151.101.65.121” it will store just “151.101.65.0”  This anonymization will occur before the IP address is stored in your WP database, so you (and your website) will no longer store any personally identifiable information about podcast listeners.

The IP address is used to differentiate Listeners from just Listens in the Seriously Simple Stats display of any given episode, and leaving the IP address like this will retain this level of specificity about your podcast audience.

As part of the upgrade process to v1.2.1 for existing users of the plugin there will also be an anonymizing function that will occur on your WP database for these existing IP addresses.  When you upgrade to v1.2.1 of the Seriously Simple Stats plugin you will be prompted to make an update to the stats database table which will perform the same removal of the last octet of all of the IP addresses that are stored in the table for Seriously Simple Stats.

Performing this update, and updating the plugin to version 1.2.1 will make all of your existing podcast stats information compliant with GDPR.

Castos Analytics

Castos Analytics, which is found in the web application dashboard for all Castos hosting customers, collects some similar data to that found in the Seriously Simple Stats plugin module.  This includes:

  • Date and time of the request
  • User Agent – i.e. which type of browser, operating system, podcast app, etc. makes the request
  • IP address
  • File that is requested
  • File transfer size

We have previously applied the same principle of IP address anonymization to the Castos Analytics database.  In this way we store only anonymized IP addresses (in the exact same manner described above), so there is no personally identifiable data retained by Castos of your podcast or its listeners.

Updates to Privacy Policy and Terms of Service

As well as ensuring that no personally identifiable information is collected about your podcast listeners for either Seriously Simple Stats or Castos Analytics we have taken this opportunity to revise our Terms of Service and Privacy Policies.  We encourage you to review both documents so that you are well acquainted with your privacy rights, the data we collect, the third party tools we use, and information about the security of our services.

If you have any questions about Castos or Seriously Simple Stats in terms of the types of data that is collected, and your rights to that data please feel free to contact us at hello@castos.com

Share with a friend!