This Privacy Policy explains what information Pika collects, why we collect it, how we use it, and what rights you have over it. We've written it in plain English because privacy policies should be readable.
We will never sell your personal information. Not now, not ever.
We collect only what we need. If we don't need it to provide the service, we don't collect it.
You're in control. You can access, or delete your data at any time.
When you create an account we collect your email address, display name, and a unique handle. If you sign in with Apple, Apple provides us with a permanent unique identifier tied to your Apple ID, and optionally your name and an email address. Apple may provide a private relay address rather than your real email — in that case we never see your actual address. We receive your name and email only on first sign-in; Apple does not share them again on subsequent logins. We store the Apple-assigned identifier to recognise your account. We use this information only to create and maintain your account and authenticate you.
We store which podcasts you subscribe to, which episodes you've played, your playback position and completion status for each episode, episodes you've saved, and your download history. This is the core data that makes Pika work — syncing your library across devices and picking up where you left off.
We store the genres you select to personalise podcast recommendations. You can update these at any time in Settings.
When you sign in, we issue a session token that is stored on your device and on our servers. We record when the token was last used and when it expires. Tokens are invalidated when you sign out.
When you use the app, we log your IP address at sign-in and during account activity. We use this for security purposes — detecting suspicious access and preventing abuse.
If you contact us by email or through the in-app feedback tool, we retain that correspondence to respond to you and improve the service.
We do not use your data to serve third-party advertising.
We share your information only in the following circumstances:
We use a small number of trusted third-party companies to help operate Pika — cloud hosting, crash reporting, and analytics. These providers access your data only to perform services on our behalf and are bound by confidentiality agreements. They may not use it for their own purposes.
We may disclose information if required by law, court order, or government request. Wherever possible, we will notify you before disclosing your data unless we are legally prohibited from doing so. We require a valid warrant, subpoena, or court order before complying with law enforcement requests from U.S. authorities. International requests require a mutual legal assistance treaty or equivalent process.
If Pika is acquired or merges with another company, your data may transfer to the new entity. We will notify you before that happens and your rights under this policy will be preserved.
We may share aggregated, anonymised statistics (e.g. "most listened-to genres") that cannot be used to identify you.
We never sell your personal data. We never share it with advertisers.
The Pika website uses cookies to keep you logged in and remember your preferences. We do not use third-party advertising cookies.
The app uses device identifiers and local storage for similar purposes. You can clear this data by uninstalling the app or clearing app data in your device settings.
We do not respond to Do Not Track signals at this time, as there is no consistent industry standard for doing so.
We keep your data for as long as your account is active. Specifically:
If your account is inactive for an extended period (365 days on the free tier), we may delete it after giving you advance notice.
We take reasonable and industry-standard measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No service is 100% secure, and we cannot guarantee that unauthorised access will never occur.
If you discover a security vulnerability, please disclose it responsibly to contact@thepika.app before making it public. We commit to working with you in good faith to address it promptly.
Depending on where you live, you have the following rights over your personal data. To exercise any of them, email contact@thepika.app. We will respond within 30 days and will not discriminate against you for making a request.
In addition to the above, you have the right to restrict processing, object to automated decision-making, and lodge a complaint with your local data protection authority.
The legal bases we rely on for processing your data are: performance of a contract (to provide the service you signed up for), legitimate interests (security, fraud prevention, improving the service), and consent (where you've explicitly opted in to something).
California residents have the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of its sale (we don't sell it, but the right exists). You may also designate an authorised agent to make requests on your behalf.
If we decline a request, you may appeal by replying to our response email. If you remain unsatisfied, you may contact your local data protection authority or state attorney general.
Pika is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have done so, we will delete it promptly. If you believe we have collected information from a child under 13, please contact us at contact@thepika.app.
Pika is operated from the United States. If you access the service from outside the US, your data may be transferred to and processed in the US or other countries where our service providers operate.
For users in the EU and UK, we rely on Standard Contractual Clauses approved by the European Commission to ensure your data receives adequate protection when transferred internationally.
The app integrates with third-party services including podcast directories and Sign in with Apple. These services operate under their own privacy policies, which we encourage you to review. We are not responsible for their data practices.
Podcast content is provided by third-party publishers. Any data you submit to a podcast's own website or app is governed by their privacy policy, not ours.
We may update this policy from time to time. When we make material changes, we will notify you via email or an in-app notice at least 30 days before the changes take effect. The date at the top of this page reflects when the policy was last updated.
Your continued use of Pika after the effective date constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy or how we handle your data, we're happy to help.
Email us at contact@thepika.app
This Privacy Policy was derived from policies by 37signals and Automattic, both of whom publish their policies for adaptation. We're grateful for their commitment to transparent, plain-English legal documents.