Terms and Conditions

Last updated: June 11, 2025

Welcome to CoHost Podcasting!

These Terms and Conditions outline the rules and regulations for the use of Quill Inc.’s websites and services, including but not limited to:

  • The CoHost marketing website located at https://www.cohostpodcasting.com
  • The CoHost Podcasting web application, hosted on subdomains of cohostpodcasting.com
  • Autogenerated podcast websites hosted under cohostpodcasting.com as root domain (e.g., cohostpodcasting.com/show-name)
  • The analytics platform accessed via domains prefixed with cohst.app
  • Tracking links and embedded assets that may operate under any of the domains above

By accessing any of these websites, subdomains, or related services (collectively, the “Platform”), you agree to be bound by these Terms and Conditions in full. If you do not agree with any part of these terms, you must not use the Platform.

The following terminology applies to these Terms and Conditions, our Privacy Policy, Disclaimer Notice, and all related agreements:

“Client,” “You,” and “Your” refers to you, the person accessing the Platform and agreeing to the Company’s terms and conditions.

“The Company,” “Ourselves,” “We,” “Our,” and “Us” refers to Quill Inc.

“Party,” “Parties,” or “Us” refers to both the Client and the Company.

All terms refer to the offer, acceptance, and consideration of payment necessary to undertake the process of assisting the Client in the most appropriate manner for the express purpose of meeting the Client’s needs in respect of the Company’s stated services, in accordance with and subject to the applicable laws of the Province of Ontario, Canada.

Any use of the above terminology, or other words in the singular, plural, capitalized, or as he/she/they, is considered interchangeable and refers to the same.

Cookies

We use cookies solely on the CoHost Podcasting Platform, including our main marketing site, web application, and autogenerated podcast websites hosted under cohostpodcasting.com, to improve user experience, track platform usage, and ensure functionality.

By continuing to use CoHost Podcasting, you consent to our use of cookies in accordance with our Privacy Policy. If you do not agree, you may disable cookies through your browser settings; however, this may affect your ability to use certain features of the Platform.

Cookies are used to:

  • Maintain session and login states
  • Store user preferences
  • Analyze traffic and interaction patterns using tools such as Google Analytics and Microsoft Clarity

We do not use cookies on our analytics platform (cohst.app) or within tracking links.

Some third-party services integrated with the Platform (e.g., Google Analytics, Microsoft Clarity) may also place cookies to help us understand and optimize user behavior.

License

Unless otherwise stated, Quill Inc. and/or its licensors own all intellectual property rights for the CoHost Podcasting Platform, including but not limited to the main website, web application, autogenerated podcast websites, embedded players, tracking link infrastructure, and analytics dashboards.

All rights are reserved. You may access the Platform for your own personal or business use, subject to the restrictions set forth in these Terms and Conditions.

You must not:

  • Republish material from the Platform without permission
  • Sell, rent, or sub-license Platform content
  • Reproduce, duplicate, or copy material from the Platform
  • Redistribute content, except where functionality (e.g., embeds, tracking links) is explicitly provided to do so

Quill Inc. staff, contractors, or affiliates may not use client-uploaded content for internal demonstrations, training materials, or marketing purposes without the client’s prior written consent. This includes use in presentations, sample assets, mockups, or public-facing documentation.

The Platform allows users to create, manage, and distribute podcasts, publish tracking links, and access analytics and marketing tools. While Quill Inc. provides the infrastructure, the content uploaded by users, including podcasts, metadata, and linked content, remains their responsibility.

Hyperlinking to Our Content

The following organizations may link to our Platform without prior written approval:

  • Government agencies
  • Search engines
  • News organizations
  • Online directory distributors that list businesses
  • System-wide accredited businesses, excluding non-profit fundraising groups and unsolicited charities

These organizations may link to our homepage, podcast websites, or other publicly available pages, provided the link:

  • Is not misleading
  • Does not falsely imply sponsorship, endorsement, or approval by Quill Inc. or the CoHost Platform
  • Fits within the context of the linking party’s site

We may also approve link requests from:

  • Common consumer or business information sources
  • Tech or podcast community sites
  • Educational institutions or trade associations
  • Online media companies or analytics providers

To request permission, email support@cohostpodcasting.com with your organization name, contact info, linking URLs, and target URLs. Please allow 2–3 weeks for a response.

Approved entities may hyperlink using:

  • Our corporate name
  • The direct URL being linked to
  • A context-appropriate label (e.g., “CoHost Podcasting – Show Hosting Platform”)

Use of any logos, artwork, or trademarks from Quill Inc. or CoHost Podcasting is prohibited without a formal trademark license agreement.

Users may freely share autogenerated podcast websites, embedded players, and tracking links created through the Platform, as these are intended for public distribution.

Content Liability

Quill Inc. shall not be held responsible for any content that appears on your podcast, embedded player, tracking link, autogenerated website, or other areas made available through the CoHost Podcasting Platform. You agree to defend and indemnify us against all claims arising from content you publish using the Platform.

No content shared via the Platform should appear in any context that may be interpreted as:

  • Libelous, defamatory, obscene, or otherwise unlawful
  • Infringing on any third-party intellectual property or privacy rights
  • Promoting violence, discrimination, or illegal activity

User-Generated Content

You are solely responsible for all content you upload, publish, or distribute through the Platform, including:

  • Podcast audio files, descriptions, and images
  • Show and episode metadata
  • Autogenerated podcast websites
  • Tracking links
  • Embedded players

We do not pre-screen or monitor user-generated content. However, we reserve the right to remove or disable access to any content that, in our sole discretion, violates applicable laws, infringes rights, or breaches these Terms.

Ownership and Consent

You retain all intellectual property rights and ownership over the content you upload to the Platform, including podcast episodes, metadata, images, and related assets. Quill Inc. does not claim ownership of any user-generated content.

Your content will not be published or distributed beyond the scope of your selected platform features (e.g., autogenerated websites, tracking links, YouTube integration) without your explicit consent. You are solely responsible for determining the visibility and distribution settings for your content.

Quill Inc. disclaims all liability for user-generated content that appears automatically on public-facing assets (e.g., websites, tracking links, embedded players).

Quill Inc. will not duplicate, clone, or create derivative works based on your uploaded content, such as variations for testing, localization, or promotional material, without your prior approval.

Internal Testing and Staging

By using the Platform, you grant Quill Inc. a limited, non-exclusive license to duplicate your uploaded content in staging or test environments solely for the purpose of quality assurance, debugging, feature development, and performance testing. These duplicates will remain internal to the Company and will not be publicly visible, indexed, or distributed without your explicit approval. Content used in this way may appear under a different show name or identifier, but only within staging infrastructure not accessible to the public.

Staging Environment Disclosure and Safeguards

While staging environments are intended to be private and restricted, you acknowledge that test environments may occasionally be accessible over the internet for development or debugging purposes.

We commit to implementing industry-standard access controls and monitoring to prevent unauthorized access or accidental exposure of duplicated content.

In the event of an unintentional leak from a staging environment, Quill Inc. will:

  • Notify affected clients within 5 business days
  • Remove exposed content immediately upon discovery
  • Investigate the root cause and apply remedial safeguards
  • Limit liability to the extent permitted under applicable law

Clients may request a report detailing where their uploaded content is currently stored or accessed across CoHost’s production and staging environments. Upon request, Quill Inc. will provide such information within a reasonable timeframe and assist in removing content from staging systems upon client request.

Takedown Requests

If you believe that any content on the CoHost Podcasting Platform infringes your rights or violates applicable laws, you may submit a formal takedown request by emailing support@cohostpodcasting.com with the subject line:

“Takedown Request – [Podcast Title or URL]”

Your request must include:

  • A description of the content in question and the specific URL(s) where it appears
  • The basis for your request (e.g., copyright infringement, defamation, privacy violation)
  • Your full name, contact information, and a statement under penalty of perjury that your claim is accurate
  • Proof of ownership or legal rights (e.g., copyright registration, license agreement, trademark certificate, or a signed declaration if you’re the rights holder)

We will investigate all valid requests in accordance with applicable laws, including:

  • Canada’s Notice-and-Notice regime (under the Copyright Modernization Act)
  • The U.S. Digital Millennium Copyright Act (DMCA), where applicable
  • Any other international regulations relevant to intermediary liability and online content hosting

Where legally required, we will provide notification to the user responsible for the content and, if necessary, remove or disable access to the material.

Privacy

By using the CoHost Podcasting Platform, you acknowledge and agree to the collection, use, and disclosure of your information as outlined in our Privacy Policy.

Reservation of Rights

We reserve the right to request the removal of any link to our Platform at our sole discretion. You agree to promptly comply with such a request upon notification.

We also reserve the right to amend these Terms and Conditions, our linking policy, and related policies at any time without prior notice. Your continued use of the Platform after any changes constitutes your acceptance of the revised terms.

We may update, suspend, or discontinue any part of the Platform, including services, features, or access to content, at any time and for any reason, without liability to you or any third party.

You are responsible for reviewing these Terms periodically to stay informed of any updates. The current version will always be accessible on our website.

Removal of links from our website

If you find any link on the CoHost Podcasting Platform that you believe is offensive, inappropriate, or in violation of applicable laws, you are welcome to notify us at support@cohostpodcasting.com.

While we are not obligated to remove links or respond to every request, we will review and consider all legitimate reports in good faith. We reserve the right to remove or restrict access to content or links at our sole discretion and without prior notice.

We do not guarantee that information, URLs, or external references appearing on the Platform will be accurate, up-to-date, or uninterrupted. Quill Inc. is not liable for any damages or losses that may result from relying on outdated or incorrect links or embedded content.

Disclaimer

To the fullest extent permitted by applicable law, we exclude all representations, warranties, and conditions relating to your use of the CoHost Podcasting Platform, including any implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

Nothing in this disclaimer will:

  • Limit or exclude our or your liability for death or personal injury resulting from negligence
  • Limit or exclude our or your liability for fraud or fraudulent misrepresentation
  • Limit any of our or your liabilities in a way that is not permitted under applicable law
  • Exclude any liabilities that cannot be excluded under applicable law

Platform Performance & Limitations

We are committed to maintaining high availability, data accuracy, and service continuity across the Platform. However, we cannot guarantee uninterrupted access or flawless performance at all times. Occasional disruptions may occur due to system maintenance, third-party service interruptions (such as Clearbit, Google Analytics, or Microsoft Clarity), or other unforeseen technical issues.

We are not responsible for any indirect or incidental damages that may arise from:

  • Temporary downtime or feature outages
  • Delays in data delivery, reporting, or podcast publication
  • Errors or omissions in third-party integrations or analytics tools

If any major feature of the Platform is to be sunset or materially changed, we will provide users with at least 30 days’ advance notice to prepare for the transition and, where applicable, export their data.

Use of the Platform is at your own discretion and risk. All services are provided “as is” and “as available,” without warranty of any kind unless expressly stated otherwise.

Personal Identifiable Information (PII) and Data Privacy

Quill Inc. is committed to protecting the privacy of both users and listeners across the CoHost Podcasting Platform. We collect and process Personal Identifiable Information (PII) in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the EU General Data Protection Regulation (GDPR) where applicable.

This section describes how we collect, use, store, and protect data across two categories of individuals:

  • Platform users (e.g., podcast creators, collaborators, and team members)
  • Podcast listeners (individuals downloading or streaming podcast episodes)

A. Data We Collect

From Platform Users

We collect the following personal data when you create or use an account:

  • Full name
  • Email address
  • Device type, browser type, and IP address (for security)
  • Login timestamps and activity metadata
  • Team, account, and workspace associations
  • Billing or subscription preferences (if applicable)

We also log non-personally identifiable data such as usage frequency, referral source, and interactions with key features (e.g., analytics tools, embedded players).

From Podcast Listeners

To comply with IAB Podcast Measurement Guidelines, we collect limited technical data from listeners who access content hosted on the Platform:

  • IP address
  • User agent (browser/device information)
  • Timestamp of download or stream
  • Referrer (when available)

This data is not associated with individual user accounts and is stored for measurement, reporting, and fraud prevention purposes only.

B. How We Use the Data

We use collected data for the following legitimate purposes:

  • To operate and secure the Platform
  • To manage user accounts and permissions
  • To enable team collaboration and tracking features
  • To generate podcast download analytics
  • To enrich data with business intelligence tools (e.g., Clearbit)
  • To provide aggregated U.S.-based demographic reports to creators (available through paid plans)

We do not use personal data for direct marketing purposes without consent, and we never sell personal information.

C. Third-Party Services and Enrichment

We may use the following services to process or enrich user and listener data:

  • Google Analytics – web usage insights
  • Microsoft Clarity – session interaction data
  • Clearbit – company identification for listener IPs
  • Demographics partners – aggregate reports on listener attributes

Only anonymized or aggregated insights are shared with podcast creators. Enrichment partners are contractually obligated to comply with applicable privacy standards.

D. Data Storage and Security

All data is stored in encrypted databases within AWS cloud infrastructure:

  • Primary storage: AWS RDS, encrypted at rest and transit
  • Temporary data: AWS ElastiCache, protected in transit and at rest
  • Passwords: Hashed using Argon2
  • Keys: Managed and rotated via AWS Key Management Service (KMS)

Access to personal data is restricted to authorized personnel on a need-to-know basis. Employees receive annual PII protection training and must sign confidentiality agreements.

E. Vendors and Sub-Processors

We may share data with pre-approved vendors or sub-processors for infrastructure, analytics, or enrichment purposes. No PII is transmitted to any vendor unless they are contractually bound to maintain privacy protections equivalent to those required by PIPEDA and GDPR.

A current list of sub-processors is available upon request.

F. Retention and Deletion

Platform user data is retained for the duration of the user’s account. If an account is closed, all associated personal data is deleted within 14 days.

Listener data is retained only for as long as needed to support podcast analytics and reporting. Aggregated listener metrics are stored indefinitely without identifiable metadata.

You may request access, correction, or deletion of your personal data by emailing support@cohostpodcasting.com.

G. Breach Notification

In the event of a data breach affecting PII:

We will notify affected individuals within 10 business days or by the next payroll period, whichever comes first

We will disclose what data was compromised, how it was accessed, and what steps we are taking to resolve it

Our Legal and HR departments will manage regulatory and user communications as required

H. Your Privacy Rights

If you are subject to PIPEDA, GDPR, or similar data protection laws, you have the right to:

  • Access the data we hold about you
  • Request corrections to inaccurate data
  • Withdraw consent or request deletion of your data
  • Ask how your data is used, processed, or shared

To exercise these rights, contact us at support@cohostpodcasting.com.

Security Policy

We take the security of your data seriously and implement industry-standard safeguards to protect the confidentiality, integrity, and availability of the CoHost Podcasting Platform and its underlying infrastructure.

A. Secure Connections

All connections to the Platform use HTTPS and are protected by TLS encryption. We enforce HTTPS across all services, including:

  • The CoHost web application
  • Autogenerated podcast websites
  • Embedded players
  • Tracking links
  • The prefix (cohst.app)

We use HSTS (HTTP Strict Transport Security) to ensure browsers interact with our services securely. CoHost Podcasting is included in the HSTS preload lists for modern browsers such as Google Chrome and Mozilla Firefox.

B. Encryption

  • All user data is encrypted at rest in AWS RDS and in transit using TLS 1.2 or higher.
  • Passwords are hashed using Argon2, a secure, modern hashing algorithm designed to prevent brute-force attacks.
  • Encryption keys are securely stored and rotated via AWS Key Management Service (KMS) on a 60-day schedule.

C. Infrastructure Protection

Our backend systems, including databases, key stores, and caching layers, are hosted behind a bastion server and are not publicly accessible. Only the application layer is exposed to the internet and routed through load balancers.

Access to internal systems is restricted to authorized personnel with role-based permissions and secured via SSH keys and IP-based whitelisting.

D. Vulnerability Management

We perform regular vulnerability scanning, dependency checks, and infrastructure audits using both open-source and commercial tools. We subscribe to security advisories such as:

  • OWASP Top 10
  • Rails CVE Bulletins
  • AWS and container-level alerts
  • Our infrastructure (e.g., NGINX reverse proxy) is kept up to date with the latest security patches.

E. Malware Protection

All user-uploaded files are automatically scanned using ClamAV, an open-source antivirus engine, to detect and block malicious content. Suspicious or non-conforming files are flagged or blocked before processing.

F. Monitoring and Response

We continuously monitor internal network activity and user behavior for signs of:

  • Unauthorized access attempts
  • Anomalous traffic patterns
  • Botnet or scraping activity

Security incidents are logged and reviewed by our internal response team. In the event of a breach, we follow the notification protocols outlined in our PII Data section.

G. Reporting Vulnerabilities

If you discover a potential security vulnerability, please report it by emailing support@cohostpodcasting.com with the subject line:

“Vulnerability Detected – [Short Description]”

We appreciate responsible disclosure and will respond to verified reports promptly.

Ineligible Vulnerabilities

We value the security community and welcome responsible disclosure of potential vulnerabilities. However, not all reported issues qualify for investigation or remediation. The following categories are considered ineligible vulnerabilities, meaning they do not represent meaningful risks to our users or infrastructure:

A. General Exclusions

  • Reports requiring Man-in-the-Middle (MITM) attacks or physical device access
  • Missing security headers (e.g., X-Frame-Options, Content-Security-Policy) without demonstrated exploitability
  • Reports based on outdated browser behavior or unpatched environments
  • Self-XSS (attacks requiring the user to paste code into their own console)

B. Application & UI Behavior

  • Clickjacking on pages without sensitive actions
  • Open redirects without additional security impact
  • CSV injection without a working proof of concept
  • Tabnabbing or cosmetic UI issues (e.g., text injection that doesn’t modify DOM logic)
  • Disclosure of software version numbers, stack traces, or error messages

C. Platform-Specific Exclusions

  • Account creation collisions (e.g., preventing certain usernames or emails)
  • Missing or “weak” rate limiting on non-authentication endpoints
  • Reports of spam behavior not caused by system misconfiguration
  • Session expiration or logout issues

D. Library and Dependency Reports

  • Use of known vulnerable libraries without a working exploit
  • Public zero-day vulnerabilities that have had official patches released within the last 30 days
  • Missing or invalid email security records (e.g., SPF/DKIM/DMARC)

Notes on Evaluation

We evaluate vulnerabilities based on actual impact, exploitability, and alignment with industry best practices. If you believe an issue listed above does present a real security risk, you’re encouraged to include a working proof-of-concept and details about how it could harm platform users or infrastructure.

All valid reports will be acknowledged and triaged accordingly.

Legal Compliance and Law Enforcement

We operate in compliance with all applicable laws and regulations in the jurisdictions in which we do business, including:

  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
  • EU General Data Protection Regulation (GDPR)
  • U.S. Digital Millennium Copyright Act (DMCA)
  • IAB Podcast Measurement Guidelines

A. Lawful Requests for Data

We may disclose user or listener data to third parties when required to do so by applicable law, regulation, subpoena, court order, or other legal process. This includes:

  • Criminal investigations or national security requests
  • Civil or regulatory proceedings
  • Consumer protection or copyright enforcement matters

We will only disclose the minimum amount of data required to comply with such lawful requests and will notify affected users when permitted to do so by law.

B. International Data Transfers

If personal data is transferred outside of Canada (e.g., to processors in the U.S. or EU), we ensure that appropriate safeguards are in place to protect it, including:

  • Data Processing Agreements (DPAs)
  • Standard Contractual Clauses (SCCs) for GDPR compliance
  • Contractual privacy guarantees with our vendors and sub-processors

C. Platform Use Restrictions

The CoHost Platform must not be used to:

  • Violate local, national, or international laws
  • Host or distribute illegal or infringing content
  • Circumvent data privacy regulations or broadcast restrictions
  • Interfere with lawful investigations or legal process

We reserve the right to suspend or terminate access to the Platform if we believe that your use violates applicable laws or these Terms.

YouTube Data Usage and Revocation Policy

As part of the CoHost Podcasting workflow, we allow users to connect their YouTube accounts to automate the distribution of podcast content in video format to their YouTube channels.

We take this integration seriously and comply with the YouTube Terms of Service and Google Privacy Policy, as well as applicable data privacy laws including PIPEDA and GDPR.

A. What Data We Access

When you connect your YouTube account to CoHost, we request access through Google’s OAuth process. The following information may be accessed:

  • Basic account metadata (e.g., channel ID, playlist ID, channel title)
  • Permissions to upload and manage video files related to your podcast
  • Podcast-specific YouTube analytics (e.g., video performance metrics)

We only request the minimum level of access required to publish your podcast content and display related analytics within the Platform.

B. How We Use This Data

Your YouTube data is used for the sole purpose of:

  • Uploading and managing podcast episodes to your connected YouTube channel
  • Monitoring video-level performance and analytics
  • Managing content linked to your show or episode releases

This data is not shared with third parties, and we do not use it for advertising, marketing, or profiling. We store only the tokens and metadata needed to manage your podcast distribution and maintain synchronization with YouTube.

C. How to Disconnect and Delete Your YouTube Data

You may revoke our access and delete YouTube-related data at any time. You can do this using one of the following methods:

Option 1: In Your CoHost Dashboard

  • Navigate to Settings > Integrations > YouTube
  • Click “Disconnect & Delete Data”

Option 2: Via Your Google Security Settings

Option 3: Email Request

Send a request to support@cohostpodcasting.com with the subject line:

“Delete YouTube Data – [Show Name]”

We will confirm your identity and remove all associated data within 48 hours.

D. Compliance Statements

We adhere to:

  • The YouTube API Services Developer Policies
  • Google’s Limited Use requirements under their API Services User Data Policy
  • Our own Privacy Policy

We do not share, sell, or use YouTube data beyond the scope of the podcast publishing features you opt into.

Contact and Final Provisions

If you have any questions about these Terms and Conditions, your account, your data, or any of the services described herein, please contact us:

Quill Inc.

Email: support@cohostpodcasting.com

Legal inquiries (e.g., takedown notices or data access requests): support@cohostpodcasting.com

Entire Agreement

These Terms and Conditions, along with our Privacy Policy and any other referenced documents, constitute the entire agreement between you and Quill Inc. in relation to your use of the CoHost Podcasting Platform.

No waiver or failure to enforce any part of these Terms shall be deemed a waiver of any other provision or right.

If any provision of these Terms is found to be unenforceable or invalid under applicable law, that provision shall be deemed removed without affecting the validity and enforceability of the remaining Terms.

Last Updated

These Terms and Conditions were last updated on June 11, 2025.