1. Data we collect
Roast stores account identity, Stripe-linked billing references, session records, onboarding inputs, profile corrections, policy acceptances, forwarded email metadata, raw source artifacts, normalized text, generated scripts, generated audio, export jobs, deletion requests, and internal audit events.
2. Forwarded content processing
When you forward mail into Roast, the product may store the raw .eml source and a normalized plaintext version.
3. AI and public-web research
Roast may combine first-party onboarding inputs with AI generation and public-web research to personalize output. Outputs are AI-generated and may contain errors. You may review and correct your profile data at any time.
4. How we use data
Roast uses your data to authenticate you, bill you, receive forwarded content, generate podcast episodes, personalize output, deliver private feeds and audio, provide support, investigate failures, and enforce the Acceptable Use Policy.
5. Retention
Raw email and normalized text: 90 days. Profile artifacts: 180 days. Generated scripts, metadata, and audio: account lifetime plus 365 days. Export bundles: 7 days. Audit events: 365 days.
6. Deletion and export
Roast provides asynchronous export tooling and owner-reviewed deletion requests.
7. Sharing
Roast uses processors including Stripe, Cloudflare, Postmark, PDL, Exa, and external AI providers. Roast does not publish your private feed or source content publicly by default.
8. Security and private URLs
Your feed URL and audio URLs are capability-style URLs. Keep the feed private. If it leaks, rotate it from the billing/app surface.
9. Contact
For privacy questions or rights requests, email support@roast.fm.