Privacy Policy

distil ("we", "us", "our") is a document conversion service. For questions about this policy, contact us at hello@distilapp.com. All processing infrastructure is hosted in the European Union.

We collect the following categories of personal data:

• Account data: email address and hashed password, collected at registration.
• Billing data: subscription tier and payment status. Payment details (card number, etc.) are handled exclusively by Stripe and never stored by us.
• Usage data: pages converted per month, job timestamps, and API key metadata.
• Uploaded documents: files you submit for conversion. These are processed in memory and deleted within 24 hours. We do not read, index, or retain document content beyond processing.
• Technical data: IP address, browser type, and request logs, retained for up to 30 days for security and abuse prevention.

We use your data solely to:

• Provide and operate the Service (authentication, conversion, billing).
• Enforce usage limits and detect abuse.
• Send transactional emails (account confirmation, payment receipts).
• Improve service reliability through anonymised aggregate metrics.

We do not sell your data, use it for advertising, or share it with third parties beyond the sub-processors listed below.

Your documents and generated outputs are never used to train, fine-tune, or evaluate any AI or machine learning model — by us or any of our sub-processors.

We use the following third-party services to operate distil:

Provider	Purpose	Location
Supabase	Database, authentication, file storage	EU (Frankfurt)
Mistral AI	Document parsing and extraction	EU
Vercel	Application hosting and edge network	EU
Stripe	Payment processing	EU / US
PostHog	Product analytics (anonymised)	EU

We process your personal data under the following legal bases:

• Contract performance — to provide the Service you signed up for.
• Legitimate interests — for security, abuse prevention, and service improvement.
• Legal obligation — for record-keeping required by applicable law.

Account data is retained for the lifetime of your account plus 30 days after deletion. Uploaded documents and job outputs are deleted within 24 hours of processing. Billing records are retained for 7 years as required by EU tax law. Technical logs are retained for 30 days.

Under GDPR you have the right to access, correct, export, or delete your personal data. You may also object to or restrict certain processing. To exercise any of these rights, email hello@distilapp.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

We use only strictly necessary cookies — a session cookie for authentication and a cookie to persist your Stripe checkout state. We do not use tracking or advertising cookies.

We may update this policy to reflect changes to our practices or applicable law. We will notify registered users by email before material changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

For any privacy-related questions or to exercise your rights: hello@distilapp.com.