Privacy Policy
Last Updated: June 2026
1. Introduction
Guesterra (“Guesterra”, “we”, “us”, or “our”) is a human-guided podcast outreach strategy platform. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our website, platform, application, and related services (collectively, the “Platform”).
Guesterra is a brand operated by Norrin Radd, a company registered in the Republic of Serbia. For the purposes of applicable data protection laws, Norrin Radd is the data controller of your personal data.
We are committed to protecting your privacy and handling your data transparently and lawfully. This Privacy Policy is incorporated into our Terms of Service by reference.
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at [privacy@guesterra.co] or at the address provided in Section 17.
2. What Data We Collect
We collect data necessary to provide, operate, secure, support, and improve the Platform.
2.1 Data You Provide Directly
Category
Examples
Account Data
Name, email address, company or agency name, login method, account role, subscription status.
Client Profile Data
Information about the person or brand being pitched, including name, bio, expertise, company details, links, positioning, talking points, target audience, and related profile information.
Campaign Data
Campaign name, angle, topic, positioning direction, outreach goals, and answers to campaign questionnaires.
Pitch and Email Content
Pitch templates, subject lines, follow-up drafts, email body text, merge fields, and any edits or customizations you make.
Connected Inbox Authorization
Data needed to connect your Gmail account and allow Guesterra, through Unipile or another email integration provider, to provide email sending and reply tracking features.
Strategy Call Data
Information shared during strategy calls, booking details through scheduling tools, and related notes or communications.
Communications
Messages you send to us for support, inquiries, feedback, refund requests, privacy requests, or other purposes.
2.2 Data Collected Automatically
Category
Examples
Usage Data
Pages visited, features used, actions taken, time spent, clicks, workflow progress, and feature engagement within the Platform.
Device and Log Data
IP address, browser type and version, operating system, device type, referring URLs, timestamps, server logs, and error or crash logs.
Event Data
Structured events emitted for analytics and lifecycle emails, such as user_registered, inbox_connected, subscription_activated, campaign_created, outreach_sent, payment_failed, and usage_threshold_reached. Event properties may include plan type, account type, referral source, usage metrics, and feature engagement.
2.3 Data From Third-Party Sources
Source
Examples
Podcast Data Providers, expected to include Podscan or equivalent providers
Podcast names, descriptions, host names, contact emails, categories, topics, language, recent episode data, website or social links, audience estimates, listener ranges, popularity indicators, and other provider-supplied metadata.
Payment Provider, expected to be Paddle
Subscription status, payment status, plan type, invoice or receipt references, refund status, chargeback status, and transaction metadata. We do not store full credit card numbers.
Affiliate Platform, expected to be Tolt
Referral ID, affiliate ID, click ID, conversion status, and commission-related metadata, tracked through cookies and referral parameters.
Authentication Providers, such as Google
Basic profile information, such as name, email address, and profile picture, when you sign in with Google OAuth.
2.4 Data We Do Not Intentionally Collect
We do not intentionally collect or store:
full inbox content outside Guesterra-created or Guesterra-managed threads;
emails unrelated to your outreach campaigns;
full credit card or payment instrument data;
Google account passwords;
unnecessary sensitive personal data;
personal data of children under 18.
You should not submit sensitive personal data unless it is strictly necessary for your use of Guesterra and you have a lawful basis to do so.
Sensitive personal data may include health data, patient data, biometric data, government identification numbers, political opinions, religious beliefs, racial or ethnic origin, trade union membership, criminal records, or similar protected data.
3. Gmail Integration and Email Data
Guesterra sends outreach emails through your connected Gmail account, using Unipile or another email integration provider. This section explains what we access and why.
3.1 What We Access
When you connect your Gmail account, you authorize us, through Google OAuth and Unipile or another email integration provider, to:
Permission or Data
Purpose
Send emails on your behalf
To send Initial Outreach, Follow-Ups, and manual outbound replies that you create, approve, schedule, or manually send.
Read Guesterra-created or Guesterra-managed email threads
To detect replies, identify bounces where available, display email threads in your Guesterra inbox view, classify replies using AI, draft suggested replies, and update campaign statuses.
Access basic profile information
To identify and display your connected sending account within the Platform.
Process connection metadata and OAuth tokens
To maintain the Gmail connection and provide authorized email-related features.
3.2 What We Do Not Access
We do not intentionally:
read, scan, index, analyze, or store your general inbox content;
access emails unrelated to Guesterra-created or Guesterra-managed threads;
access your drafts, spam folder, trash, or archived emails outside campaign threads for product purposes;
access your Google Contacts, Calendar, Drive, or other Google services unless a future feature asks for separate permission and you grant it;
delete your emails;
send emails without your approval, configuration, or action.
3.3 How We Process Inbox Data
Email providers and integration providers, including Unipile, may technically transmit broader webhook data, metadata, or event signals.
Guesterra uses server-side filtering to retain only data related to Guesterra-created or Guesterra-managed threads. Any unrelated data is discarded and not stored, except transiently where technically necessary to receive, filter, route, or discard provider events.
3.4 Google API Services User Data Policy
Guesterra’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
We use Google user data obtained through Gmail scopes only to provide and improve user-facing features that are prominent in Guesterra’s interface, such as email sending, reply detection, inbox view, reply classification, suggested replies, and campaign analytics.
We do not sell Google user data.
We do not use Google user data for serving advertisements, including retargeting, personalized advertising, or interest-based advertising.
We do not use Google user data to train AI models.
We do not transfer Google user data except as necessary to provide or improve user-facing Platform features, to service providers bound by appropriate confidentiality and data protection obligations, for security purposes, to comply with applicable law, or as part of a merger, acquisition, or sale of assets where the successor is bound to honor these limitations.
Human access to Gmail data is limited to situations where you ask us to access specific data for support, where access is necessary for security, abuse investigation, debugging, or where access is required to comply with law. In all such cases, access is restricted to the minimum data reasonably required.
3.5 Your Control
You can revoke Guesterra’s access to your Gmail account at any time:
through your Google Account security settings, usually under third-party apps with account access;
through Platform controls where available;
by contacting us.
Revoking access will disable email sending, Follow-Ups, reply tracking, inbox view, reply classification, suggested replies, and related email-based features.
4. AI Processing
Guesterra uses artificial intelligence and large language models provided by OpenAI, Anthropic, or similar providers for assistive features.
4.1 What AI Features Do
AI Features may process the following inputs to generate Output:
AI Feature
Inputs Processed
Pitch template generation
Client profile answers, campaign answers, pitch style selection, internal prompt instructions.
Subject line generation
Campaign angle, pitch content, podcast metadata.
Pitch validation
Generated pitch text, validation rules, formatting checks.
Podcast fit scoring and rationale
Client or campaign profile, podcast metadata, recent episode data.
Search parameter generation
Client or campaign answers, internal prompt instructions.
Follow-up drafting
Original pitch text, campaign context, sequence settings.
Reply classification
Inbound reply text, original pitch, thread context.
Suggested reply drafting
Original pitch, inbound reply text, campaign or client context, thread history, and AI classification.
4.2 How AI Data Is Handled
AI providers process only the data necessary to provide AI features for your specific requests and Platform workflows.
AI Output is generated automatically and may be inaccurate, incomplete, misleading, or require human review.
You remain responsible for reviewing all AI-generated Output before use.
AI providers do not use your User Content or email content to train their general foundation models where supported by the applicable provider’s terms, settings, and contractual arrangements.
4.3 Human-Guided, Not Autonomous
AI Features are assistive only.
AI does not make decisions on your behalf, send emails independently, book podcast appearances, or act autonomously.
You remain in control of strategy, approval, and sending.
5. Podcast Data
5.1 Source
Podcast Data is obtained from third-party podcast data providers, currently expected to be Podscan or an equivalent provider, and from publicly available or business sources.
Guesterra does not own the underlying podcast catalogue.
5.2 What Data May Be Displayed
Depending on provider availability, Podcast Data may include:
podcast names;
descriptions;
host names;
contact emails;
categories;
topics;
language;
recent episode titles and descriptions;
website links;
social links;
audience estimates;
listener ranges;
popularity indicators;
publishing frequency;
other provider-supplied metadata.
5.3 No Guarantee of Accuracy
We do not guarantee the accuracy, completeness, freshness, or availability of Podcast Data.
Podcast Data is provided by third parties and may be incomplete, outdated, inaccurate, unavailable, duplicated, or subject to provider limitations.
5.4 Data Subject Rights for Podcast Hosts
If you are a podcast host, guest, producer, or other person whose information appears in Guesterra, you may contact us at [privacy@guesterra.co] to request access to, correction of, or removal of your information, subject to verification of your identity and any applicable legal grounds for retention.
If the data comes from a third-party provider, we may direct you to that provider or pass the request to them where appropriate.
6. Affiliate and Referral Program
6.1 Affiliate Tracking
Guesterra may operate an affiliate program through Tolt or another designated affiliate platform.
When a visitor arrives through an affiliate link, affiliate cookies and referral parameters may be set to attribute signups and conversions.
Data collected may include:
referral ID;
affiliate ID;
click ID;
partner ID;
signup attribution;
conversion status;
commission information;
payout status;
fraud or chargeback-related metadata.
6.2 Affiliate Portal
Affiliate partners may access an external affiliate portal provided by Tolt or another affiliate platform.
Affiliate partners do not receive access to customer campaigns, inboxes, replies, analytics, or Platform internals through the affiliate portal.
6.3 Cookie Policy
Affiliate tracking cookies are disclosed in our Cookie Policy.
Cookie duration is expected to be approximately 30 days unless otherwise configured.
7. Analytics and Lifecycle Emails
7.1 Analytics Provider
Guesterra uses PostHog or an equivalent analytics provider for product analytics, event tracking, and lifecycle email workflows.
7.2 What Events Are Tracked
We emit structured events for analytics and lifecycle email purposes.
Events may include account creation, subscription activation, campaign creation, outreach sending, payment events, usage metrics, feature engagement, and similar product interactions.
7.3 What PostHog Receives
Event properties may include:
user ID;
account type;
plan or subscription status;
referral source;
feature usage metrics;
activity timestamps;
lifecycle events.
Core product records, such as campaigns, pitches, email content, and replies, remain in our primary database and are not stored in PostHog as the system of record.
7.4 Lifecycle Emails
We may use PostHog or an equivalent provider to send lifecycle emails, such as onboarding tips, usage reminders, feature announcements, and subscription-related notifications.
You may opt out of non-essential lifecycle emails using the unsubscribe link in those emails.
8. How We Use Your Data
We use your personal data for the following purposes:
Purpose
Legal Basis, EEA/UK where applicable
To create and manage your account
Performance of a contract
To provide Platform features, including campaign creation, podcast discovery, AI-assisted drafting, email sending, reply tracking, and analytics
Performance of a contract
To process payments through our payment provider
Performance of a contract
To send outreach emails and Follow-Ups from your Connected Inbox, as approved by you
Performance of a contract
To provide AI-assisted features, including pitch generation, scoring, classification, and reply suggestions
Performance of a contract
To track affiliate referrals and calculate commissions
Performance of a contract / Legitimate interest
To send service-related communications, such as billing, security, product updates, and policy changes
Performance of a contract / Legitimate interest
To provide support and respond to inquiries
Performance of a contract / Legitimate interest
To improve, secure, and maintain the Platform, using aggregated or de-identified data where possible
Legitimate interest
To detect and prevent abuse, fraud, spam, and security incidents
Legitimate interest
To send marketing and promotional communications, with consent where required
Consent / Legitimate interest
To comply with legal obligations
Legal obligation
To establish, exercise, or defend legal claims
Legitimate interest / Legal obligation
Where we rely on legitimate interest, we balance that interest against your rights and freedoms.
You may object to processing based on legitimate interest at any time, as described in Section 11.
9. How We Share Your Data
We do not sell, rent, or trade your personal data.
We share data only as necessary with the following categories of recipients.
9.1 Service Providers and Subprocessors
9.1 Service Providers and Subprocessors
Provider
Purpose
Data Shared
Unipile
Email integration, sending, receiving, webhook processing
OAuth tokens, campaign-related email threads, sender and recipient metadata.
Gmail OAuth, Gmail sending and related email features
OAuth tokens, email content of Guesterra-managed threads, basic profile information.
Podscan or equivalent
Podcast data provider
Search queries, filters, podcast identifiers, and related query metadata.
Paddle
Payment processing and Merchant of Record
Name, email, subscription details, payment status, invoice or receipt references. Full card data is handled by Paddle.
Tolt or equivalent
Affiliate tracking and partner portal
Referral IDs, click IDs, conversion data, affiliate contact details.
PostHog or equivalent
Product analytics and lifecycle emails
Event data, user ID, plan type, usage metrics, activity timestamps.
OpenAI / Anthropic or equivalent
AI/LLM processing
Client or campaign answers, podcast metadata, pitch text, Guesterra-managed email thread content, internal prompts, only as needed for AI features.
Vercel or equivalent
Hosting and deployment
Account data, usage data, and technical data needed for hosting operations.
Supabase or equivalent
Database, authentication, storage
Platform data, including account, campaign, email, and usage data.
Inngest or equivalent
Background job and workflow processing
Campaign data and email data as needed for Follow-Up scheduling and related workflows.
Calendly or equivalent
Strategy call scheduling
Name, email, call booking metadata.
9.2 Legal and Safety
We may disclose data:
to comply with applicable law, regulation, legal process, or governmental request;
to enforce our Terms of Service and investigate potential violations;
to detect, prevent, or address fraud, security, spam, abuse, or technical issues;
to protect the rights, property, or safety of Guesterra, our users, recipients, third-party
9.3 Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, transfer to a new Guesterra entity, or transfer of the Guesterra business, your data may be transferred as part of that transaction, subject to the same protections described in this Privacy Policy or other protections required by law.
10. Data Retention
10.1 General Retention Policy
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable law.
Category
Retention Period
Account data
While the account is active, plus a reasonable period thereafter for legal and operational purposes.
Client and Campaign data
While the account is active, plus up to 90 days after account deletion or termination, unless a longer period is required by law or necessary for legal claims, security, or dispute resolution.
Sent outreach and replies
While the account is active, plus up to 90 days after account deletion or termination, unless a longer period is required by law or necessary for legal claims, security, or dispute resolution.
AI Output and classifications
While the associated Campaign data is retained.
OAuth tokens
Until revoked by you, disconnected, or account deletion, subject to technical and security retention needs.
Payment and subscription records
As required for accounting, tax, payment, chargeback, and legal purposes, typically 7 to 10 years depending on applicable law.
Affiliate attribution data
While relevant for commission calculation, fraud prevention, chargeback handling, and legal retention purposes.
Analytics events
As configured in PostHog or equivalent analytics provider, typically up to 2 years.
Support communications
For the duration of the inquiry plus a reasonable period for operational, legal, or support history purposes.
Server logs
Up to 90 days, or longer for security investigations, abuse prevention, legal claims, or technical issues.
10.2 Deletion After Account Termination
When you request deletion of your account, we will delete or anonymize your personal data within 90 days, except for data we are legally required or permitted to retain.
Examples may include payment records, tax records, security logs, dispute records, fraud prevention records, and records needed to establish, exercise, or defend legal claims.
10.3 Agency Member Removal
When an Agency Member is removed, their access is immediately terminated.
Their data remains under the Agency Account and is retained according to the Agency Account’s lifecycle, unless the Agency Owner requests deletion and deletion is legally and technically available.
10.4 Read-Only Access vs. Deletion
Read-only access after cancellation is not the same as data deletion.
Data is retained during the read-only period and deleted or anonymized in accordance with this section after the applicable retention period expires.
11. Your Rights and Choices
11.1 Rights for All Users
Depending on your location, you may have the following rights:
Right
Description
Access
Request a copy of the personal data we hold about you.
Correction
Request correction of inaccurate or incomplete data.
Deletion
Request deletion of your personal data, subject to legal retention obligations.
Portability
Request your data in a structured, machine-readable format.
Restriction
Request restriction of processing in certain circumstances.
Objection
Object to processing based on legitimate interests.
Withdraw Consent
Withdraw consent where processing is based on your consent.
Complaint
Lodge a complaint with your local data protection authority.
Where legally required, we will recognize and honor browser-based opt-out preference signals, such as Global Privacy Control, GPC, as a request to opt out of the sale or sharing of personal data for cross-context behavioral advertising.
To exercise your CCPA/CPRA rights, contact us at privacy@guesterra.co.
We may verify your identity before processing your request.
You may designate an authorized agent to make a request on your behalf, where permitted by law.
We will not discriminate against you for exercising your privacy rights.
11.2 Additional Rights for EEA, UK, and Switzerland Users
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights listed above under applicable data protection laws, including GDPR, UK GDPR, and Swiss FADP.
Our legal bases for processing are identified in Section 8.
To exercise your rights, contact us at [privacy@guesterra.co].
We will respond within the timeframe required by applicable law, typically 30 days.
You may also have the right to lodge a complaint with your local supervisory authority:
EEA: your Member State’s data protection authority;
UK: Information Commissioner’s Office, ICO, at www.ico.org.uk;
Switzerland: Federal Data Protection and Information Commissioner, FDPIC.
11.3 Additional Rights for California Residents
If you are a California resident, you may have the following rights under the California Consumer Privacy Act, CCPA, and California Privacy Rights Act, CPRA:
Right
Description
Right to Know
Request information about the categories and specific pieces of personal data we have collected about you, the sources, the purposes, and the categories of third parties with whom we have shared it.
Right to Delete
Request deletion of your personal data.
Right to Correct
Request correction of inaccurate personal data.
Right to Opt Out of Sale or Sharing
We do not sell or share personal data, as those terms are defined under California law, for cross-context behavioral advertising. We do not have actual knowledge of selling or sharing personal data of consumers under 16.
11.4 Marketing Opt-Out
You may opt out of receiving marketing and promotional communications at any time by:
clicking the “unsubscribe” link in our emails;
contacting us at privacy@guesterra.co.
Opting out of marketing does not opt you out of essential service communications, such as billing, security, legal, account, or policy updates.
11.5 Cookie Controls
Most browsers allow you to manage cookies through browser settings.
Please refer to our Cookie Policy for more information about the cookies we use and how to manage them.
12. Data Security
We implement reasonable technical and organizational measures to protect your personal data, including:
HTTPS for data in transit;
encryption at rest for sensitive credentials and OAuth tokens where technically supported;
access controls;
user and Agency Member data isolation;
least-privilege admin access where practical;
server-side filtering for inbox data;
provider webhook verification where available;
password hashing where email/password login is implemented;
secure OAuth token storage;
reasonable logging and monitoring for security and operational purposes.
However, no method of transmission over the Internet or method of electronic storage is 100 percent secure.
We cannot guarantee absolute security.
You are responsible for protecting your account credentials, devices, Connected Inbox, and access to your account.
13. International Data Transfers
13.1 Data Processing Locations
Guesterra is operated from Serbia.
Your personal data may be processed on servers located in the United States, the European Union, the United Kingdom, Serbia, or other locations where our service providers operate.
13.2 Transfer Safeguards
Where personal data is transferred from the EEA, UK, Switzerland, Serbia, or another jurisdiction to countries that have not been recognized as providing an adequate level of data protection, we rely on appropriate safeguards where required.
These may include:
Standard Contractual Clauses approved by the European Commission;
the UK International Data Transfer Addendum, where applicable;
equivalent mechanisms as applicable;
data processing agreements with service providers.
13.3 Data Processors Abroad
Our service providers listed in Section 9.1 may process data in various jurisdictions.
We take reasonable steps to ensure that appropriate data transfer mechanisms are in place where required by applicable law.
14. Children’s Privacy
Guesterra is intended only for users who are at least 18 years old.
Our website, platform, and services are not directed to children or minors, and we do not knowingly collect personal data from anyone under the age of 18.
If we become aware that a person under 18 has provided us with personal data, we will take reasonable steps to delete such information promptly, unless we are legally required to retain it.
If you believe that a person under 18 has provided us with personal data, please contact us at privacy@guesterra.co.
15. Third-Party Links and Services
The Platform may contain links to third-party websites or services, such as scheduling tools, social media, external resources, podcast websites, or payment provider pages.
This Privacy Policy does not apply to those third-party services.
We encourage you to review their privacy policies before using them.
We are not responsible for third-party privacy practices, security, content, or policies.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
If we make material changes, we will notify you by email to the address associated with your account, by a prominent notice on the Platform, or by another reasonable method before or when the changes become effective, where required by law.
Your continued use of the Platform after the effective date of the updated Privacy Policy means you acknowledge the updated Privacy Policy.
If you do not agree, you must stop using the Platform and cancel your subscription.
17. Contact Us
For questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, contact us at:
Guesterra
Operated by: Norrin Radd
Email: privacy@guesterra.co
Support: support@guesterra.co
Registered address: insert registered address in Serbia
Registration number: insert registration number
If you have a complaint and are unsatisfied with our response, you may have the right to contact your local data protection authority.