Privacy Policy

Effective date: September 20, 2025

Who we are

Epodos Media (“we,” “us,” “our”) operates the website at epodosmedia.com. We provide publishing services through the Epodos Publishing Lab.

Data Controller: Epodos Media • hello@epodosmedia.com

What personal data we collect and why we collect it

Contact and project forms

When you submit a form (e.g., “Request a Quote / Free Consult”), we collect the fields you provide such as name, email, organization, selected services, project details, word count, audience, timeline, optional budget and message. We process this data to respond to your request and prepare a quote. The legal basis is contract (to take steps at your request) and our legitimate interests (running a professional services business).

We may also collect technical metadata (IP address, user agent, referrer/page URL) for spam prevention and abuse monitoring (e.g., reCAPTCHA, honeypot). We use a transactional email service to deliver confirmations and notifications.

File submissions via Dropbox File Request (optional)

If you choose to upload a sample chapter via our Dropbox File Request link, your file is sent directly to our Dropbox account and does not pass through WordPress. Dropbox may process file metadata (filename, size, upload time) and—if you provide it—your name and email. We ask you to avoid including sensitive personal information in manuscript files.

Retention for uploads: We aim to review and quote promptly; we periodically delete uploaded samples, generally within 180 days unless a project is active or we are legally required to retain them longer. You can request deletion at any time (see “Your rights”).

Comments and media

If comments are enabled and you leave a comment, we collect the data shown in the comment form along with your IP address and browser user agent to help spam detection. If you upload images publicly, avoid EXIF location data—site visitors can download and extract location data from images.

Analytics and performance

We may use privacy-respecting analytics and performance tooling (for example, Google Analytics or equivalent) to understand page performance, measure conversions, and improve the site. These tools may set first-party or third-party cookies and collect pseudonymous usage data (pages visited, browser type, approximate location). You can control cookies in your browser and, where offered, via our cookie preferences.

Cookies

Our site may use necessary cookies (for core functions like security), preference cookies (to remember choices), and analytics cookies (to improve the site). If you log in (for staff or clients), login cookies persist for convenience per WordPress defaults. You can clear or block cookies in your browser; some features may not function without them.

Embedded content from other websites

Articles or pages may include embedded content (e.g., videos, images, posts). Embedded content behaves as if you visited the other website directly. Those sites may collect data about you, use cookies, and monitor your interaction with the embedded content, including tracking if you have an account and are logged in to that service.

Who we share your data with

We share personal data only with service providers who help us operate the site and deliver services, under appropriate data-processing terms. Typical providers include: website hosting, caching/CDN, email delivery, spam prevention (e.g., reCAPTCHA), analytics, scheduling (for consult calls), and file storage (Dropbox File Request). We do not sell your personal data.

How long we retain your data

Form submissions: We retain the content of form submissions in our email records and (if enabled) within WordPress for up to 180 days, unless a project is active or a longer retention is required for legal, accounting, or security reasons.

Comments: If comments are enabled, comments and their metadata may be retained indefinitely to recognize and approve follow-ups automatically.

Account data: If a login is created (e.g., for collaborators), profile information is stored until the account is removed. Site administrators can view and edit this information.

What rights you have over your data

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To make a request, contact hello@epodosmedia.com. We may need to verify your identity. These rights are subject to exemptions and may not apply to anonymized or aggregate data.

EU/EEA/UK visitors: Where GDPR/UK GDPR applies, our legal bases include contract, legitimate interests, consent (for optional communications), and legal obligations. You may lodge a complaint with your local supervisory authority.

California residents: We do not sell personal information. You may request access or deletion of your personal information as described above. We will not discriminate against you for exercising your rights.

Where we store and process your data

Our site is hosted with reputable providers and may use services that process data in the United States, the European Union, or other jurisdictions. Where data is transferred internationally, we rely on appropriate safeguards (such as standard contractual clauses) where required by law.

How we protect your data

We use HTTPS (TLS) to encrypt data in transit; apply the principle of data minimization; restrict access to need-to-know personnel; and review providers for security practices. No method of transmission or storage is 100% secure; we cannot guarantee absolute security, but we strive to protect personal data using reasonable measures.

Children’s privacy

Our services and forms are intended for adults (authors, educators, organizations). We do not knowingly collect personal information from children under 13 through our forms. If you believe a child has provided us personal information, contact us and we will delete it.

How to contact us

Questions about this policy or your data rights? Email hello@epodosmedia.com.

Changes to this policy

We may update this policy to reflect changes to our practices or legal requirements. We will post the updated policy on this page with a new effective date.

Manuscript Confidentiality & Intellectual Property

We treat manuscripts, sample chapters, artwork, and related materials as confidential. We use your content only to evaluate, quote, and deliver services you request. You retain all rights to your work unless a separate, signed agreement states otherwise. We do not disclose manuscripts to third parties except vetted service providers bound by confidentiality and data-processing terms, or where required by law.

AI & Automation Tools (Transparency)

We may use responsible automation to support production (e.g., typography checks, accessibility tagging, file validation, metadata analysis). When language suggestions or artwork are assisted by AI tools, human review remains required before delivery. We do not train third-party AI systems on your manuscripts or images. If you prefer a “no-AI assistance” workflow, tell us and we will note it in your project scope.

Portfolio Use (Opt-in)

With your written permission, we may display final covers/interiors we designed in our portfolio and social channels for promotional purposes. This is optional and does not apply to unpublished manuscripts or classroom materials unless you consent.

Payments & Invoicing

We do not store full payment card details on our servers. Payments are processed by Stripe/PayPal under their security and privacy terms. We retain invoice and transaction records for accounting and compliance (typically 7 years).

Third-Party Services We Use

To operate our website and deliver services, we rely on providers that may process limited personal data on our behalf, including: hosting/CDN, site analytics, spam prevention (e.g., reCAPTCHA), email delivery, scheduling (Calendly), file storage (Dropbox File Request), and productivity (e.g., Google Workspace). For publishing operations, we may work with retail/distribution platforms such as KDP and IngramSpark under client-owned accounts you control. We require appropriate confidentiality and data-processing protections from these providers.

Data Retention (At-a-Glance)

  • Quote/Contact forms: up to 180 days unless a project proceeds or law requires longer.
  • Uploaded samples (Dropbox File Request): generally deleted within 180 days unless a project is active.
  • Project files & deliverables: retained for the life of the project and for a reasonable archive period (typically 2 years) to support re-exports and corrections, unless you request deletion sooner.
  • Contracts & invoices: typically 7 years for legal/accounting.
  • Backups and logs: short lifecycle per provider (usually 30–90 days).

School & Classroom Data

Our services and forms are intended for adult educators and organizations. We do not request or store student personal information. If a classroom project involves learner work or feedback, we ask clients to de-identify data before sharing or to route any student submissions directly to the school’s systems. We follow data minimization and will delete any inadvertently received student data upon notice.

International Transfers

Depending on your location and the location of our providers, your data may be processed outside your country (e.g., the United States or the European Union). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for cross-border transfers.

Your Choices & Opt-Outs

You may request access, correction, deletion, or export of your personal data by emailing hello@epodosmedia.com. For optional marketing emails, you can unsubscribe at any time via the link in the message. To opt out of analytics or advertising cookies, adjust your browser settings and (where available) use our cookie preferences. If you prefer a no-AI workflow on your project, tell us before work begins.

Security & Incident Response

We use TLS (HTTPS), access controls, and provider due diligence to protect data. If we learn of a data incident affecting your personal information, we will assess impact promptly and notify you and/or regulators as required by applicable law.

Do Not Sell or Share (California)

We do not sell personal information. If we use advertising or analytics cookies that constitute “sharing” under California law, you can opt out via our cookie preferences or by contacting us at hello@epodosmedia.com. We honor Global Privacy Control (GPC) signals where feasible.

Data Processing Agreements

For clients subject to GDPR/UK GDPR or similar laws, we can provide a Data Processing Addendum (DPA) covering project-specific processing, confidentiality, and deletion on request.