Privacy Policy
Last updated: June 21, 2026
Template — not legal advice. This document is a general-purpose template provided for convenience. It has not been tailored to your specific circumstances and may not satisfy the laws of your jurisdiction. Have a licensed attorney review it before you rely on it.
1. Introduction
This Privacy Policy explains how JKMK Ventures LLC("DistroTeam," "we," "us") collects, uses, shares, and protects information when you use the DistroTeam platform, websites, applications, and AI agents (the "Service"). It applies to account holders (distributors) and visitors. For information that individuals submit through a distributor's landing page, see Section 7 (Lead Data).
2. Information We Collect
We collect the following categories of information:
- Account & profile data— name, email, password (hashed), profile details, business/company information, and preferences you provide.
- Content you create— site copy, images, product and brand information, and the prompts, drafts, and outputs produced by our AI agents.
- Usage & analytics data— pages and features used, actions taken, device and browser information, IP address, and diagnostic/error data.
- Billing data— subscription tier, transaction history, and limited payment metadata. Full card details are handled by our payment processor (Stripe); we do not store your full card number.
- Communications— messages you send through the Service and support correspondence with us.
3. How We Use Your Information
We use the information we collect to:
- provide, operate, secure, and improve the Service;
- generate AI-assisted content at your request;
- process transactions and manage your subscription;
- send transactional messages (account, billing, lead notifications) and, with your consent where required, product updates;
- provide support, detect and prevent fraud and abuse, and comply with legal obligations.
4. How AI Models Process Your Content — Privacy Tiers
DistroTeam routes AI work to different model providers depending on the sensitivity of the task. We enforce a privacy matrix that controls what each provider may receive. This is a core protection: providers that are not Anthropic never receive your personal or identifying information.
- Full-context tier (Anthropic only).Tasks that need to understand your specific business — such as your lead pipeline, your own business data, or orchestration by our lead agent — are sent only to Anthropic's Claude models. These models may receive full context about your own business so the assistance is useful to you.
- Style-only tier (other providers). Tasks sent to non-Anthropic providers (for example, Google, DeepSeek, MiniMax, GLM/Zhipu, xAI, Moonshot, and similar model providers used for drafting and image generation) receive only style-only inputs — tone, format, and topic preferences — with personal information and identifying details (your name, personal story, and other PII) stripped before the request is sent.
- Niche/topic tier. Some research tasks send only a generic niche or topic and no user data at all.
When you bring your own model API keys ("BYOK"), traffic to those keys is routed accordingly, and the same privacy-tier rules apply. We do not sell your content, and we do not use it to train third-party foundation models outside of providing the Service to you. AI providers process data under their own terms and data-processing commitments.
5. How We Share Information & Subprocessors
We do not sell your personal information.We share information only with service providers ("subprocessors") that help us operate the Service, each bound by a data-processing agreement, and as required by law or in connection with a merger or acquisition. Our principal subprocessors include:
- Supabase— database, authentication, and storage (United States);
- Stripe— payment processing and subscription billing (United States);
- Hetzner— cloud hosting/infrastructure;
- Cloudflare— DNS, CDN, and security;
- Resend— transactional and marketing email delivery;
- Twilio— SMS and communications;
- AI model providers— Anthropic (full-context tier) and, for the style-only tier, providers such as Google, DeepSeek, MiniMax, Zhipu/GLM, xAI, and Moonshot, each receiving only the inputs permitted by the privacy matrix in Section 4; and
- Observability providers— error tracking and monitoring used to keep the Service reliable.
We do not share your data with third-party connectors you have not explicitly authorized inside Automations (see Section 6). We will provide notice of material changes to our subprocessor list as described in Section 13.
6. Premium Tools — Automations (Elite + Empire)
Elite and Empire users may use Automations, a self-hosted Activepieces instance we operate for you. Each Automations workspace is provisioned for a single user and isolated at the API layer; no user can access another's flows, connections, or executions. When you authorize a third-party service inside Automations, its OAuth tokens or API keys are stored encrypted in your isolated workspace; DistroTeam staff do not access them, and data flows to that third party only when you configure a flow that does so. If your subscription drops below Elite, your workspace is paused and preserved; after 12 months paused, we may delete it after notifying you by email.
7. Lead Data (Distributor Customers)
When an individual submits information through a DistroTeam-powered landing page or form, that data is collected on behalf of the applicable distributor. The distributor is the data controller and is responsible for their own privacy notice and lawful basis for collection; DistroTeam acts as a data processor for that data. If you are an individual who submitted information to a distributor and wish to exercise your rights, please contact that distributor; we will assist them as their processor.
8. Cookies & Tracking
We use essential cookies for authentication and session management, and (with consent where required) functional and analytics cookies to understand and improve the Service. We do not use cookies for cross-site advertising. You can control cookies through your browser settings; disabling essential cookies may break core functionality. For full details, see our Cookie Policy.
9. Data Retention
We retain account and content data for as long as your account is active and for up to 90 days following termination, after which we delete or anonymize it unless a longer period is required by law or for legitimate business purposes (e.g., billing records, dispute resolution, security). Lead data is retained for as long as the associated distributor account is active or until you request deletion. Backups are purged on a rolling schedule.
10. Security
We use industry-standard safeguards including encryption in transit (TLS), encryption at rest, row-level security (RLS) in our database, scoped access controls, and ongoing monitoring. No system is perfectly secure; we will notify you and any required authority of a breach affecting your data as and when required by applicable law.
11. Your Rights
Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing. California residents have rights under the CCPA/CPRA, and EU/UK residents have rights under the GDPR. To exercise a right, contact privacy@distroteam.com. We will respond within the time required by law (generally within 30 days) and may need to verify your identity first. See our GDPR page for EU/UK-specific detail, including legal bases and supervisory-authority contacts.
12. Children's Privacy
The Service is a business platform intended for adults and is not directed to individuals under 18. We do not knowingly collect personal information from minors. If we learn that we have collected such information without appropriate consent, we will delete it promptly.
13. International Transfers
We are based in the United States, and your information may be processed there and in other countries where we or our subprocessors operate. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers. AI model providers may process style-only inputs in their own regions consistent with the privacy matrix in Section 4 and their data-processing terms.
14. Changes & How We Notify You
We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, for material changes, notify you by email or a prominent in-Service notice (generally at least 30 days before they take effect). Continued use after changes take effect constitutes acceptance.
15. Contact Us
For privacy questions, requests, or complaints, contact our Privacy Team at privacy@distroteam.com or write to JKMK Ventures LLC, Attn: Privacy, United States.
JKMK Ventures LLC· DistroTeam · legal@distroteam.com