Privacy Security and Stored Data

Published on

This document explains what data Selfhost Podcasting stores and what optional integrations may share with third parties.

Data Stored by the Base Plugin

The plugin stores podcasts as a WordPress custom post type:

sh_podcasting_pod

It stores episodes as:

sh_podcasting_epi

Podcast and episode fields are stored as WordPress post meta.

Examples:

  • Podcast slug.
  • Description.
  • Cover art URL and attachment ID.
  • Website URL.
  • Language.
  • Categories.
  • Author and owner details.
  • Episode media URL.
  • Episode duration.
  • Episode transcript URL.
  • Episode metadata.
  • Integration settings.
  • Background job errors.

WordPress REST API Restriction

The plugin restricts public REST API access to its podcast, episode, and category endpoints. Only administrators can access those REST endpoints.

S3 Credential Storage

When S3 bucket storage is enabled, credentials are encrypted before storage.

Encryption uses WordPress authentication keys and salts. If those salts change, saved credentials may need to be re-entered.

Third-Party Analytics Prefix

If an analytics prefix is enabled, listener media requests pass through the configured analytics provider.

That provider may process request metadata such as:

  • Requested media URL.
  • IP-derived information.
  • User agent.
  • Referrer.
  • Request time.
  • Range headers.

Disclose this in your privacy policy.

Cloud Storage Providers

If S3 bucket storage is enabled, media files are uploaded to the configured provider.

The provider may process:

  • Audio file content.
  • Object names.
  • Bucket names.
  • Account identifiers.
  • Request logs.
  • Access credentials.
  • Operational metadata.

Disclose your storage provider in your privacy policy.

Pro Private Podcasting Data

The Pro module creates custom database tables for private podcasting:

  • wp_shp_tokens
  • wp_shp_subscribers
  • wp_shp_access_grants
  • wp_shp_episode_usage

The table prefix may differ if your WordPress database prefix is not wp_.

Private podcasting can store:

  • Subscriber name.
  • Subscriber email.
  • Email hash.
  • WordPress user ID.
  • Access token selector.
  • Hashed token secret.
  • Encrypted token secret.
  • Token status.
  • Token expiry.
  • Feed access count.
  • Episode access count.
  • Last used date.
  • Access grant source.
  • E-commerce source references.
  • Per-episode usage counts.

Private Feed URLs

Private feed URLs contain access tokens. Treat them like passwords.

Administrators should revoke or regenerate tokens if:

  • A URL is shared with the wrong person.
  • A subscriber loses access.
  • A membership or order is refunded or cancelled.
  • A broad access leak is suspected.

Email Notifications

The Pro module can send token lifecycle emails through WordPress mail. These emails may include private feed URLs.

Make sure your email delivery provider is appropriate for sending private access links.

Data Retention

The plugin does not decide your legal retention policy. Site owners should decide how long to keep:

  • Podcast and episode metadata.
  • Subscriber records.
  • Token records.
  • Usage history.
  • Background job logs.

Use database backups and deletion practices that match your privacy obligations.