COMPLIANCE · CONSENT · PROVENANCE

The legal page enterprise buyers actually read.

Every hour we license is backed by a signed, individually-named, individually-revocable model-training release. Not a Terms-of-Service amendment. Not implied consent. Not “we’ll figure it out later.” This page is how we prove it.

Request the legal pack →Email legal@aipodcast.io

EU AI Act Art. 53 ready · GDPR & UK GDPR · CPRA · BIPA · C2PA · IP indemnification in standard MSA

100%

Of audio backed by signed model-training releases

1 day

Revocation logged in the consent vault

5 days

Customers notified of revocation

15 days

Audio fully removed from catalog

7 yrs

Consent vault retention beyond catalog lifetime

Compare

How we compare to the alternatives.

Every box on the table below is something an enterprise legal reviewer will check. Most speech-data sources fail more than half of them.

	aipodcast	Scraped web audio	Open datasets	Generic crowd vendors
Signed model-training release per speaker	✓	✕	~ Varies	~ Often vague
Speakers individually named & contactable	✓	✕	~	✕
Right-to-revoke handled, with downstream notification	✓	✕	✕	~
Per-file provenance manifest	✓	✕	✕	~
Commercial generative-AI training expressly permitted	✓	✕	~ Read the license	~
Commercial deployment of trained models permitted	✓	✕	~	~
GDPR Art. 6 lawful basis documented	✓	✕	~	~
GDPR Art. 9 explicit consent for biometric/voice data	✓	✕	✕	✕
CPRA & California consumer rights aligned	✓	✕	~	~
EU AI Act Art. 53 transparency ready	✓	✕	✕	✕
C2PA-compatible provenance manifests	✓	✕	✕	✕
BIPA / Illinois biometric privacy compliant	✓	✕	✕	~
IP indemnification in standard MSA	✓	✕	✕	~

How it works

The four pillars of our consent model.

⌁

1. The release every speaker signs

Every speaker signs a written, named release before any audio enters our pipeline.

Names the speaker by legal name & contact email
Describes the recording (show, episodes, duration)
Grants rights for training, fine-tuning, evaluating, & commercial deployment
Enumerates speaker exclusions (e.g., no voice cloning)
Sets compensation in clear dollar terms
Captures version, date, IP, & verification method

⌁

2. The consent vault

A dedicated vault separate from the audio storage, with its own access controls and audit log.

Signed release (PDF + structured metadata)
Unique consent record ID per file
Full revocation history
Full customer-delivery history
AES-256 at rest, MFA-protected access
Catalog lifetime + 7 years retention

⌁

3. The provenance manifest

Every Dataset ships with a signed, machine-readable JSON manifest. C2PA-compatible.

Filename + SHA-256 checksum
Consent record ID per file
Speaker pseudonym & metadata
Recording date, sample rate, bit depth
Mic, environment, license SKU
Delivery timestamp + recipient org

Revocation

What happens when a speaker revokes consent.

Forward-looking, not retroactive — and fair to both the speaker and the customer.

Within 1 business day

Logged in the consent vault. Affected files flagged in the catalog and pulled from any pending deliveries.

Within 5 business days

Every customer who previously received the audio is notified by email, with consent record IDs and revocation date.

Within 15 business days

Audio fully removed from the catalog. Future Datasets do not include it.

What revocation does NOT do

Models you have already trained are not retroactively affected. Already-deployed models stay deployed. No refunds required to your downstream users.

What customers must do

Stop using the raw audio in any new training run, acknowledge the notice within 5 business days, and update your internal data inventory for Article 53 disclosures.

Frameworks

Compliance posture, framework by framework.

EU AI Act

Article 5: Prohibited-use clause flows through Section 4.3 of our ToS
Article 53: Per-Dataset training-data summary template provided
Status: Ready

GDPR / UK GDPR

Lawful basis: Art. 6(1)(b), 6(1)(f), and explicit consent under Art. 9(2)(a)
Transfers: SCCs + UK IDTA, supplemented for Schrems II
DPA: Available on request

CCPA / CPRA

Sale: We do not sell personal information
Sharing: No cross-context behavioral advertising
Sensitive PI: Voice biometric treated as sensitive PI

Biometric privacy

BIPA: Written notice + written consent before any voiceprint comparison
Texas CUBI: Compliant
Washington: Compliant

C2PA

Manifest format: JSON + cryptographically-signed sidecar
Compatibility: Direct ingestion by C2PA tools
Per-file: Consent record ID travels with every file

IP indemnification

Coverage: Defense + damages for IP claims arising from delivered audio
Cap: Structured separately from general liability cap
Location: Section 13 of the Terms of Service

FAQ

Questions enterprise buyers ask us.

Are speakers individually named on the releases, or is this a click-through?

Individually named. Every release identifies the speaker by legal name and is signed by that individual. We do not use click-through ToS amendments to manufacture training-data consent.

Can the audio be used to train an open-source model?

Not under the standard license. Open-source release of model weights trained on the Content requires an Order that expressly permits it, with corresponding adjustments to fees and the speaker compensation pool.

Can the audio be used to clone a specific speaker's voice?

Not under the standard license. Voice cloning requires (i) an Order expressly permitting it, (ii) the speaker's separate written consent for that customer, and (iii) elevated fees. See /solutions/voice-cloning.

What happens if we receive a revocation notice mid-project?

You stop using the affected audio in any new training run, acknowledge the notice within 5 business days, and log the revocation in your internal data inventory. Models already trained on the audio are not retroactively affected.

Are you SOC 2 compliant?

SOC 2 Type II is in progress, target completion Q3 2026. Interim letter from our auditor available under NDA. See /security.

What is your data residency posture?

By default, we deliver Datasets to the customer's chosen cloud bucket in the customer's chosen region. For hosted delivery, default region is us-east-1. EU-only residency available on request.

Can we visit the consent vault?

Yes, under NDA. We do not provide live access for security reasons, but we will walk through the vault interface, the access logs, the release intake flow, and revocation handling on a recorded call with your legal and security reviewers.

Need the legal pack for your reviewers?

MSA template, DPA, redacted sample release, provenance manifest schema, C2PA conformance statement, Article 53 summary template, sub-processor list, and security pack — delivered within 1 business day under NDA.

Email legal@aipodcast.io →or email partnerships@aipodcast.io