What is EasyCast Studio?

EasyCast Studio is a browser-based podcast studio with AI transcription, audio cleanup, and built-in Podcast 2.0 RSS hosting. It replaces a stack of separate tools with a single platform.

How does EasyCast compare to Riverside and Descript?

EasyCast adds automatic silence and filler-word removal, AI-generated show notes, and built-in RSS hosting. It records directly in the browser via WebRTC and gives live transcription during the session.

Can I record podcasts remotely with guests?

Yes. Solo and one-on-one guest recording is fully supported. Multi-guest sessions with separate per-participant tracks are in beta.

Is there a free podcast recording option?

Yes. The free plan includes 30 minutes of audio per month with AI transcription. Paid plans start at $29/month.

Legal

Data Processing Agreement

Last updated: 2026-05-04

1. Scope

This Data Processing Agreement (“DPA”) supplements the EasyCast Studio Terms of Service and applies whenever EasyCast Studio (“Processor”) processes Personal Data on behalf of a Customer (“Controller”) in the course of providing the EasyCast Studio service. Capitalized terms not defined here have the meaning given in the EU General Data Protection Regulation (GDPR) and the UK GDPR.

2. Subject matter and duration

The Processor processes Personal Data only on documented instructions from the Controller and only for the duration of the Controller’s active subscription, plus a 30-day data retention window after cancellation, after which Personal Data is deleted or anonymized.

3. Categories of data and data subjects

Account holders: name, email, hashed password or OAuth identifier, billing details (handled by Stripe).
Recording participants: audio, video, transcripts, and metadata supplied by the Controller in the course of using the recording feature.
Listeners: IP address and user agent for the purpose of RSS feed delivery and basic abuse prevention.

4. Security measures

Encryption in transit (TLS 1.2+) for all customer-facing endpoints.
Encryption at rest (AES-256) for the database and object storage via Supabase.
Role-based access controls (Postgres Row Level Security on every customer-data table).
Hashed API keys (SHA-256) stored at rest.
Secrets managed via environment variables; no plaintext secrets in source control.
Restricted production access via SSH key only, with two-factor authentication on supporting accounts.

5. Subprocessors

The Processor uses the following Subprocessors. We will give the Controller at least 30 days’ notice before adding or replacing any Subprocessor that has access to Personal Data.

Subprocessor	Purpose	Region	Privacy
Supabase	Postgres database, authentication, object storage, realtime.	United States (us-east) — configurable per project	Policy ↗
Stripe	Subscription billing, invoicing, payment method storage.	United States, Ireland, Australia	Policy ↗
Deepgram	Speech-to-text (live + file transcription).	United States	Policy ↗
OpenAI	AI-generated show notes, FAQs, titles, clip suggestions.	United States	Policy ↗
Anthropic	AI-generated long-context content tasks (Claude API).	United States	Policy ↗
Resend	Transactional and notification email delivery.	United States	Policy ↗
ElevenLabs	Optional voice cloning + dubbing (off by default).	United States	Policy ↗
Twilio	Optional WebRTC TURN credentials for guest recordings.	United States, Ireland	Policy ↗
Fly.io	Render worker for clip and audiogram generation.	Global edge — primary region iad (Ashburn, VA)	Policy ↗
GitHub	Source code hosting, CI, automated deploys.	United States	Policy ↗

6. International transfers

Where Personal Data is transferred outside the European Economic Area or the United Kingdom, the transfer is governed by the European Commission’s Standard Contractual Clauses (Module 2 or Module 3 as applicable) and the UK International Data Transfer Addendum, executed with each Subprocessor.

7. Data subject rights

The Processor will assist the Controller in responding to data subject access, rectification, erasure, restriction, portability, and objection requests within five business days of receipt. Requests can be sent to support@easycaststudio.com.

8. Breach notification

The Processor will notify the Controller without undue delay, and in any event within 72 hours, of becoming aware of a Personal Data breach affecting the Controller’s data.

9. Audit rights

The Processor will, on reasonable notice, make available to the Controller all information necessary to demonstrate compliance with this DPA and Article 28 of the GDPR.

10. Termination

On termination of the Controller’s subscription the Processor will delete or return all Personal Data within 30 days, save where retention is required by applicable law (for example, retained billing records under tax legislation).

11. Contact

Questions about this DPA can be sent to support@easycaststudio.com.