Effective Date: January 1st, 2026
Last Updated: April 1st, 2026
Podio.xyz, Inc. (“Spokn,” “we,” “us,” “our”) provides a software platform that enables Internal Communications, HR, and People teams at organizations to create, edit, share, and manage employee-generated short-form videos. This Privacy Policy explains how we collect, use, share, and protect personal data in connection with the Spokn platform and our website.
This Privacy Policy covers:
• Our website at spokn.com (the “Website”).
• The Spokn application used by our customers’ personnel to create, edit, manage, and share videos (the “Platform”).
• Videos and related content created, uploaded, or shared through the Platform.
Spokn is not responsible for the privacy practices of third-party websites or services that may be linked from the Platform or Website. The terms governing use of the Platform are set out in our Terms of Use.
Spokn serves two different types of relationships, and our role under data protection laws differs accordingly:
- When our customers use the Platform to process personal data of their employees or other individuals, Spokn acts as a processor (or “service provider”). The customer is the controller of that personal data and determines how and why it is used. Individuals whose data is processed on the Platform by a Spokn customer should generally direct privacy rights requests to their employer or the organization that provided them access. The terms governing that processing are set out in our Data Processing Agreement (DPA) with the customer.
- When we collect personal data directly from Website visitors, prospective customers, or personnel of customers acting on behalf of the customer (for example, for account management, billing, or support), Spokn acts as a controller of that data. This Privacy Policy explains how we handle that data.
From customers and their personnel (controller capacity)
When an organization evaluates, purchases, or administers the Spokn Platform, or when personnel of a customer interact with us directly, we may collect:
• Contact and account information: name, work email, job title, company name, phone number.
• Authentication information: login credentials or single sign-on (SSO) identifiers, depending on how access is configured.
• Billing and commercial information for customer contacts responsible for procurement or finance.
• Communications with Spokn (sales inquiries, support tickets, feedback).
• Platform usage information associated with administrative users (for example, login timestamps, administrative actions, feature usage).
From Website visitors (controller capacity)
When you visit our Website, we automatically collect:
• Cookie and similar tracking data, where permitted by your consent preferences.
• Device and log information: IP address, device type, operating system, browser type, referring URL, pages viewed, session duration.
• Any information you voluntarily submit through forms (for example, demo requests, newsletter sign-ups, event registrations).
On behalf of customers (processor capacity)
When our customers use the Platform, personal data is processed as a result of their use. This may include:
• Identifying information of the customer’s personnel who sign in to create or manage content, such as name, work email, employer, and role.
• Video and audio content that customers or their personnel record, upload, edit, or share through the Platform, including images, voices, and likenesses of individuals who appear in that content.
• Transcripts, captions, and translations generated from video and audio content.
• Metadata associated with content (for example, title, description, tags, creation date, sharing settings).
• Usage and engagement information generated through use of the Platform.
The specific data processed on behalf of a customer is determined by the customer’s configuration and use of the Platform. Spokn is intentionally designed to minimize the collection of personally identifiable information beyond what is necessary to operate the Platform.
The Platform includes a consent mechanism that requires individuals to affirmatively acknowledge the customer’s chosen consent form (which may be the customer’s own form or a standard consent form provided by Spokn) before submitting content. The customer, as controller, remains responsible for determining whether the consent obtained is sufficient under applicable law for its intended use of the Platform.
As a controller, we use personal data collected directly from customers, their personnel, and Website
visitors to:
• Provide, secure, and improve the Website and Platform.
• Create and manage customer accounts.
• Respond to inquiries and provide customer support.
• Communicate with customers and prospective customers about the Platform, including service updates, product news, events, and marketing content, subject to applicable consent and opt-out rights.
• Analyze how the Website and Platform are used in order to improve our services.
• Comply with legal obligations, enforce our terms, and protect our rights and the rights of others.
As a processor, we use personal data only for the purposes set out in our agreement with the customer,
including:
• Operating the Platform and delivering the features the customer has configured.
• Generating captions, translations, and audio/video enhancements using AI subprocessors (see “AI processing” below).
• Providing analytics and reporting to the customer on their own Platform usage.
• Providing technical support and resolving issues identified by the customer.
• Meeting security, availability, and legal obligations related to the service.
We do not sell personal data, we do not share personal data with advertising networks, and we do not
use personal data processed on behalf of our customers for advertising purposes or to train third-party
AI models.
The Platform uses artificial intelligence (“AI”) to provide features such as:
• Automatic caption generation from spoken audio in uploaded videos.
• Translation of captions into multiple languages.
• Audio and video quality enhancement, including background noise reduction and improvements to clarity and lighting.
To deliver these features, we share relevant video and audio content with third-party AI service providers acting as subprocessors. These AI subprocessors are subject to the following controls:
• Customer content shared with AI subprocessors is used only to perform the specific processing task requested through the Platform.
• Automated processes remove customer content from AI subprocessors once the associated task has been completed, minimizing the window during which customer content is retained outside of PODIO.XYZ, INC.’s own systems.
• We select AI subprocessors whose applicable terms do not permit the use of customer content to train their underlying models.
The current list of AI subprocessors is maintained in our Data Processing Agreement.
Where data protection laws require us to identify a legal basis for processing personal data for which Spokn is the controller (such as the EU and UK General Data Protection Regulations), we rely on the following bases as applicable:
• Contract: where processing is necessary to provide the Platform or Website to you, or to take steps prior to entering a contract.
• Legitimate interests: including operating and improving the Website and Platform, securing our services, preventing fraud and abuse, and conducting marketing to prospective and existing customers, provided these interests are not overridden by your rights and interests.
• Consent: for certain optional processing activities, such as non-essential cookies or marketing communications where consent is required. You can withdraw consent at any time without affecting the lawfulness of processing conducted before withdrawal.
• Legal obligation: where processing is necessary to comply with applicable law.
Where Spokn processes personal data on behalf of a customer, the customer is responsible for identifying the appropriate legal basis for that processing.
We share personal data with:
• Service providers and infrastructure subprocessors, including hosting, storage, logging, monitoring, analytics, customer support, communications, and payment processing providers, each of which processes personal data on our behalf under written agreements.
• AI subprocessors, as described in “AI processing” above.
• Our customers, for personal data we process on their behalf. Access is made available to the customer and its authorized users in accordance with the Platform’s configuration.
• Professional advisors, such as lawyers, auditors, and accountants, where necessary for legitimate business purposes.
• Authorities and other parties for legal reasons, where we believe in good faith that disclosure is necessary to comply with a legal obligation, protect the rights, property, or safety of Spokn, our customers, or others, or to respond to lawful requests by public authorities. We will limit disclosure to what we reasonably believe is necessary and consistent with applicable law.
• Buyers or prospective buyers in connection with a sale, merger, reorganization, or similar transaction. We will require such parties to honor the commitments in this Policy or provide reasonable notice before your personal data becomes subject to different terms.
We do not share personal data with advertising networks, and we do not use personal data to serve third-party advertisements.
Spokn is headquartered in the United States, and our service providers may operate in other countries.
When we transfer personal data across borders, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms. Specific transfer details applicable to data processed on behalf of customers are available in our Data Processing Agreement.
We retain personal data for as long as it is needed to provide the Platform and Website, operate our business, comply with legal obligations, resolve disputes, and enforce our agreements.
For personal data processed on behalf of a customer, retention is governed by the customer’s configuration of the Platform and the terms of the customer agreement. When a customer ends its Spokn subscription or instructs us to delete customer data, we delete or return that data in accordance with the agreement and applicable law.
Website analytics data, marketing contact data, and similar information collected in our controller capacity are retained for the period necessary to achieve the purpose for which they were collected or as required by applicable law.
Depending on where you are located and which laws apply, you may have some or all of the following
rights in relation to your personal data:
• Access and portability: to obtain a copy of the personal data we hold about you.
• Rectification: to correct inaccurate or incomplete data.
• Deletion: to request deletion of your personal data, subject to certain exceptions.
• Restriction and objection: to restrict or object to certain processing.
• Withdrawal of consent: where we rely on consent, to withdraw that consent at any time.
• Complaint: to lodge a complaint with a data protection authority in your jurisdiction.
If you are an individual whose personal data is processed by Spokn on behalf of a customer (for example, an employee of a Spokn customer), your privacy rights are generally exercised through the customer, which acts as the controller of that data. We will support our customers in responding to such requests in accordance with our agreement with them.
To exercise rights with respect to data for which Spokn is the controller, please contact us using the details at the end of this Policy. We will respond within the timeframes required by applicable law.
Exercising these rights is free of charge; we may ask for additional information to verify your identity.
We maintain administrative, technical, and physical safeguards designed to protect personal data against loss, unauthorized access, disclosure, alteration, and destruction. These include single sign-on (SSO) support, controls attested to under SOC 2 Type II, encryption of data in transit and at rest, access controls, logging and monitoring, and regular security testing. Our Information Security Policy describes these controls in more detail and is available to customers on request.
No system is entirely secure. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly if you suspect unauthorized use of your account.
The Spokn Platform is intended for workplace use by adults and is not directed to children. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take reasonable steps to delete that data.
Our Website uses cookies and similar technologies for essential site operation, analytics, personalization, and marketing. You can manage your cookie preferences through the cookie banner on our Website. Strictly necessary cookies cannot be disabled, but other categories can be accepted or declined according to your preferences.
We may update this Privacy Policy from time to time. If we make material changes, we will notify customers and Website users as appropriate — for example, by posting a notice on the Website, emailing customer contacts, or through the Platform. The “Last Updated” date at the top of this Policy indicates when it was most recently revised. We encourage you to review this Policy periodically.
If you have questions about this Privacy Policy or our privacy practices, or if you wish to exercise any of the rights described above, you can contact us at:
privacy@getspokn.com
