What we touch.
What we don't.
Most podcaster tools want your bank login. We don't. CastMath was built specifically so it never has to. Here's exactly what that means in practice — no vendor list, no marketing fog, just the line we drew and the architectural choices behind it.
We connect to your podcast host for download stats. That's it. Your money is your business — CastMath helps you record and understand it, never reaches in to grab it.
Two columns. One choice.
What CastMath collects.
- Your email and authentication tokens — to give you an account.
- Your podcast RSS URL and episode metadata — to compute Episode P&L.
- Transactions you give us — typed, voiced, photographed or forwarded.
- Sponsor pipeline data you record — names, deals, stages.
- Forwarded sponsor emails — when you forward to your inbox address. Stored encrypted; parsed once into structured fields.
- Your subscription billing info — to charge for CastMath itself. Card data lives in our payment provider, never on our servers.
What CastMath refuses to touch.
- Your bank account. No Plaid, no Basiq, no Yodlee, no Open Banking. Ever.
- Your sponsor payments and invoices. Sponsors pay you directly — bank transfer, invoice, or however you arrange it. CastMath records the deal; the money never moves through us.
- Your PayPal, Wise, or Square. No payment-processor read access, anywhere.
- Your Patreon, Memberful, or Substack income. You record what you've earned manually.
- Your raw bank statements. No CSV uploads of full statements; you log specific transactions.
- Your data for AI training. Not now. Not in any future model. Not anonymised, not aggregated, not for “research.”
Why we drew the line where we did.
Most podcaster finance tools sell on automation. Connect your bank — we'll do the rest.
The trade-off is read-access to every dollar that moves in your accounts. Not just your podcast. Your salary. Your mortgage. Your spouse's joint card. The Friday-night sushi. The whole of your financial life, in their hands, indefinitely.
Bank-feed aggregators have been breached. Their subprocessors have been breached. Their employees have left to start companies that compete with the ones whose data they had access to.
CastMath made a different bet. We give up the automation. We give up the bank-feed sales pitch. In exchange, you give up nothing of value to us. Your bank stays your bank.
What we ask instead is sixty seconds of your time per income event.
Voice memo: “ACME paid me eighteen hundred for episode forty-seven.” Done. Photo of a deposit notification: AI parses it. You confirm. Done. Email forward of an invoice: parsed automatically.
The total time investment is measured in minutes per week. The ceiling on what we know about you is exactly what you choose to tell us. That's the deal.
This isn't a marketing claim. It's an architectural choice.
The CastMath codebase has no integrations with bank-feed, payment-processor, or membership-platform APIs. Adding one would require a deliberate architectural change, a public commitment, and a versioned policy update. The trust pitch isn't a promise we could quietly walk back. It's a constraint we chose to live inside.
Six rules we won't break.
Every infrastructure choice we've made downstream of these rules can change over time — providers consolidate, regions move, software gets replaced. The rules themselves don't.
Encrypted at rest, encrypted in transit.
Every transaction, sponsor email, voice memo, and receipt photo is encrypted on disk and in flight. No exceptions for “internal use.”
No data ever leaves our regions for analytics.
Your data sits at our hosting provider's edge with primary regions in AU / EU / US. We don't ship it anywhere else for “reporting” or “product analytics.”
Zero retention on AI calls where possible.
Voice memos and photos that get parsed by an AI provider are sent with zero-retention flags set; nothing is logged or kept by the provider beyond the parse.
No training on your data. Period.
Your sponsor emails, transactions, and audio never feed any AI training run — ours or anyone else's. Not anonymised. Not aggregated. Not for “research.”
Card data never touches our servers.
Subscription billing is handled by a PCI-compliant payment provider. Your card details go from your browser straight to them. We see only the subscription status.
You can leave with everything.
One click in settings exports every transaction, episode record, sponsor deal, voice memo, and uploaded receipt as a structured archive. Same click deletes it all.
We don't audit downloads.
The host that produced them does.
CastMath isn't an IAB Tech Lab certified measurement vendor. We don't claim to be. We pass through the certified-by-host download counts the way they're measured at source — and we mark exactly which source.
When your data source is IAB Tech Lab Podcast Measurement v2.x certified (Transistor, Buzzsprout, Podbean, Megaphone, Libsyn, Captivate, Acast, RSS.com all currently are — verified against IAB's compliance directory) your Media Kit, Sponsor Campaign Report and Rate Calculator carry an ✓ IAB v2.x verified badge that names the host.
When it isn't (RSS-only, smaller hosts without certification) — no badge appears. We never falsely imply verification we don't have.
Why this matters: sponsors discount non-IAB-verified rates 20–30%. Surfacing the badge defends your rate. Hiding it when the source isn't certified protects your credibility. Annual recertification has been required by IAB since October 2022; we re-check our compliance map yearly.
Take everything out.
Wipe everything any time.
Take it all with you.
From your account settings, click Export everything. We package every transaction, episode record, sponsor deal, voice memo, and uploaded receipt into a downloadable archive — structured JSON for your data, plus the original media files.
No wait time, no email follow-up, no support ticket. Click and download.
Wipe it all instantly.
From settings: Delete account and all data. Two clicks. Active records removed within 24 hours. Backups purged within 30 days. Tax-relevant transaction logs may be retained up to 7 years per Australian tax law — but only the bare records required for legal compliance.
If you need expedited deletion or have a specific compliance requirement, email hello@castmath.com.
Trust isn't asked for.
It's earned.
CastMath made the architectural choice. The next move is yours.
See what your show is worth