GDPR Compliance
Last updated: April 2026
1. Our Commitment to GDPR
JKMK Ventures LLC ("DistroTeam," "we," "us") is committed to protecting the privacy and rights of individuals in the European Union and the United Kingdom in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK GDPR. Although DistroTeam is headquartered in Texas, United States, we recognize that many of our users and their leads are located in the EU/UK, and we apply GDPR principles to all personal data we process from those regions. We have implemented technical and organizational measures to ensure compliance with GDPR requirements, including data minimization, purpose limitation, storage limitation, and privacy by design.
2. Legal Basis for Processing
We process personal data only when we have a valid legal basis under Article 6 of the GDPR. The legal bases we rely on include: Consent — where you have given clear, affirmative consent for us to process your personal data for a specific purpose (e.g., marketing communications, cookie preferences); Contract Performance — where processing is necessary to fulfill our contractual obligations to you, including providing the DistroTeam platform, processing payments, and delivering features you have subscribed to; Legitimate Interest — where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes fraud prevention, platform security, service improvement, and analytics. We conduct legitimate interest assessments where required. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
3. Data We Process
We process the following categories of personal data: Account Data — name, email address, profile information, authentication credentials, and billing details provided during registration and account management; Usage Data — information about how you interact with the platform, including pages visited, features used, device information, IP addresses, and session data; Lead Data — information submitted by individuals through distributor-powered landing pages (name, email, phone number, messages). For lead data, DistroTeam acts as a data processor on behalf of our distributor customers, who act as the data controllers. Distributors are responsible for ensuring they have a lawful basis to collect lead data and for providing their own privacy notices to those individuals.
4. Your Rights Under GDPR
If you are located in the EU or UK, you have the following rights regarding your personal data under the GDPR: Right of Access (Article 15) — you may request a copy of the personal data we hold about you; Right to Rectification (Article 16) — you may request correction of inaccurate or incomplete personal data; Right to Erasure (Article 17) — you may request deletion of your personal data where there is no compelling reason for continued processing; Right to Restriction of Processing (Article 18) — you may request that we restrict processing of your data in certain circumstances; Right to Data Portability (Article 20) — you may request your personal data in a structured, commonly used, machine-readable format; Right to Object (Article 21) — you may object to processing based on legitimate interests or direct marketing; Rights Related to Automated Decision-Making (Article 22) — you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. DistroTeam's AI features assist distributors with content generation and lead management but do not make automated decisions with legal effect on data subjects.
5. How to Exercise Your Rights
To exercise any of the rights described above, contact us at privacy@distroteam.com. We will respond to all legitimate requests within 30 days. In certain circumstances, we may need to verify your identity before processing your request. If your request is complex or we have received a large number of requests, we may extend the response period by an additional 60 days, in which case we will notify you within the initial 30-day period. There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.
6. Data Processing Agreements
DistroTeam offers Data Processing Agreements (DPAs) to distributor customers who act as data controllers under the GDPR. Our DPA covers the nature and purpose of processing, the types of personal data processed, categories of data subjects, obligations and rights of the controller, sub-processor management, data breach notification, and data deletion or return upon termination. To request a DPA, contact dpo@distroteam.com.
7. Sub-Processors
We use the following sub-processors to deliver the DistroTeam platform. Each sub-processor is bound by contractual obligations to protect your data: Supabase — database and authentication (United States); Vercel — hosting and content delivery (United States); Resend — transactional and marketing email delivery (United States); Anthropic — AI-powered content generation and agent features (United States); Stripe — payment processing and subscription management (United States); Twilio — SMS messaging and communications (United States); Sentry — error tracking and application monitoring (United States). We will notify you of any changes to our sub-processor list at least 30 days in advance, giving you the opportunity to object.
8. International Data Transfers
As DistroTeam is based in the United States, personal data from the EU/UK is transferred to the US for processing. We ensure that all international transfers are protected by appropriate safeguards in compliance with GDPR Chapter V, including: Standard Contractual Clauses (SCCs) — we enter into EU Commission-approved SCCs with our sub-processors and, where applicable, with our customers; Adequacy Decisions — where the European Commission has determined that a third country provides an adequate level of data protection, we may rely on that decision; Supplementary Measures — we implement additional technical measures including encryption in transit (TLS 1.2+), encryption at rest, row-level security (RLS), and access controls to ensure data protection during and after transfer.
9. Data Protection Officer
You may contact our Data Protection Officer for any questions, concerns, or requests related to GDPR compliance or the processing of your personal data: dpo@distroteam.com. Our DPO is responsible for monitoring compliance with the GDPR, advising on data protection impact assessments, and serving as the point of contact for data subjects and supervisory authorities.
10. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay in accordance with Article 34. Our incident response procedures include immediate containment, impact assessment, notification to affected parties, and remediation measures.
11. Children's Data
DistroTeam is a business-to-business platform designed for independent direct sales distributors. Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that data promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@distroteam.com.
12. Cookie Compliance
We use cookies and similar technologies in accordance with GDPR and the ePrivacy Directive. Essential cookies required for authentication and core platform functionality are used without consent. Non-essential cookies (analytics, preferences) are only set after you have provided informed consent. You can manage your cookie preferences at any time. For full details on the cookies we use, their purposes, and how to control them, please see our Cookie Policy.
13. Updates to This Policy
We may update this GDPR Compliance page from time to time to reflect changes in our practices, legal requirements, or sub-processor list. We will notify you of material changes at least 30 days before they take effect via email or a prominent notice within the Service. We encourage you to review this page periodically. The "Last updated" date at the top indicates when this policy was most recently revised.
14. Supervisory Authority
If you are located in the EU or UK, you have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe that our processing of your personal data infringes the GDPR. A list of EU data protection authorities is available at edpb.europa.eu. For the UK, you may contact the Information Commissioner's Office (ICO). We encourage you to contact us first at dpo@distroteam.com so we can address your concern directly.