Privacy Policy
Last updated: March 22, 2026
1. Data Controller
Distribution OS is operated by Lawrence. For privacy inquiries, contact us at privacy@distributionos.com.
2. Data We Collect
Account Data
Email address, display name, and authentication provider (Google, GitHub, or email/password).
App Configuration
App names, domains, Brain Doc content (product descriptions, audience definitions, brand voice settings), scheduling preferences, and competitor URLs you provide.
Connected Account Tokens
OAuth access tokens for Instagram, GitHub, and Google Search Console. These are encrypted with AES-256-GCM before storage and are never accessible in plaintext outside of server-side processing.
Content and Performance Data
Generated social posts, blog articles, email campaigns, engagement metrics, SEO performance data, and attribution data collected from connected platforms.
Billing Data
Payment processing is handled entirely by Polar. We do not store credit card numbers or payment credentials. We store subscription status, plan tier, and billing period dates.
Usage Data
With your consent, we collect analytics data via Google Analytics 4, including pages visited, session duration, and browser information. See our Cookie Policy for details.
3. Legal Basis for Processing (GDPR Article 6)
- Contract performance: Processing necessary to provide the Service (content generation, publishing, analytics).
- Legitimate interest: Product improvement, security monitoring, and fraud prevention.
- Consent: Analytics cookies and marketing email preferences.
4. Third-Party Processors
We share data with the following processors, each under appropriate data processing agreements:
| Processor | Purpose |
|---|---|
| Firebase / Google Cloud | Authentication, database, cloud functions |
| Vercel | Web application hosting |
| Anthropic (Claude) | AI content generation (data processed transiently, not used for model training) |
| Resend | Email delivery (platform notifications and user email campaigns) |
| Polar | Subscription billing and payment processing |
| DataForSEO | Keyword research and SEO data |
| Apify | Competitor intelligence web scraping |
| GitHub | Blog article publishing via GitHub API |
| Instagram / Meta | Social media posting via Graph API |
| Google Analytics | Usage analytics (only with consent) |
| Google Search Console | SEO performance data |
5. Data Retention
Your data is retained for the duration of your active subscription plus 30 days after cancellation. After 30 days, all data is permanently deleted, including generated content, Brain Docs, analytics data, and encrypted tokens. A minimal accounting record is retained for legal compliance.
6. Your Rights (GDPR)
If you are in the European Union, you have the right to:
- Access: Request a copy of your personal data.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data.
- Portability: Receive your data in a machine-readable format.
- Restriction: Request restriction of processing.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Withdraw consent for analytics cookies at any time.
To exercise these rights, email privacy@distributionos.com. We will respond within 30 days.
7. Your Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information is collected and how it is used.
- Request deletion of your personal information.
- Opt out of the sale of personal information. We do not sell personal data.
8. International Data Transfers
Your data may be processed in the United States and other countries where our processors operate. We rely on Standard Contractual Clauses (SCCs) and processor Data Processing Agreements to ensure adequate protection of transferred data.
9. Cookies
We use essential cookies for authentication and optional analytics cookies with your consent. See our Cookie Policy for details.
10. Data Breach Notification
In the event of a data breach, we will notify affected users within 72 hours as required by GDPR Article 33, and will notify the relevant supervisory authority.
11. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification.
13. Contact
For privacy inquiries or to exercise your data rights, contact privacy@distributionos.com.