Last updated: 17 March 2026
This Privacy Policy explains how Distillr ("we", "us", "our") collects, uses, and protects your personal data when you use distillr.co (the "Service").
The data controller is:
Pär Nilsson (enskild firma)
Email: hello@distillr.co
If you have questions about how we handle your personal data, please contact us at that address.
When you create an account we collect your email address. We use magic-link authentication — no password is stored.
With your consent we collect anonymised analytics events (pages visited, features used, session duration) via PostHog. This helps us understand how the Service is used and improve it. If you decline analytics cookies no tracking events are recorded.
Content sources you add to the Service, any content extracted from those sources, and the text of chat messages you send are stored so that we can provide the Service to you. This content is processed by AI models operated by third-party providers (see Section 4).
Do not submit content containing confidential, proprietary, or sensitive information that you are not authorised to share with third-party processors. We are not responsible for any consequences resulting from such submissions.
Payment information (card number, billing address) is handled entirely by our payment processor, Polar. We receive only a customer ID and subscription status. We never store full card details.
We use Sentry to monitor application errors. Sentry may collect device information, browser type, and — where relevant to diagnosing an error — parts of the request that triggered it. This data is retained for 90 days in Sentry.
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Providing the Service (auth, content storage, chat) | Performance of a contract — Art. 6(1)(b) |
| Analytics (PostHog) | Consent — Art. 6(1)(a) |
| Error monitoring (Sentry) | Legitimate interest — Art. 6(1)(f) |
| Billing and invoicing | Performance of a contract / legal obligation — Art. 6(1)(b)(c) |
We share data with the following third-party processors to operate the Service:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication | EU (AWS eu-west-1) |
| Vercel | Hosting and edge functions | US / EU |
| OpenAI | AI content analysis and embeddings | US |
| PostHog | Product analytics (with consent) | EU (PostHog Cloud EU) |
| Sentry | Error and performance monitoring | US |
| Polar | Payments and subscriptions | US |
| Inngest | Background job orchestration | US |
Some of our processors (OpenAI, Sentry, Polar, Inngest, Vercel) are based in the United States. Where personal data is transferred outside the EU/EEA we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or an adequacy decision, to ensure an adequate level of protection.
| Data | Retention period |
|---|---|
| Account data (email) | Until account deletion |
| Libraries, transcripts, chat history | Until account deletion |
| Analytics events (PostHog) | 12 months |
| Error reports (Sentry) | 90 days |
| Billing records | 7 years (Swedish accounting law) |
Under the GDPR you have the right to:
To exercise any right, email us at hello@distillr.co. We will respond within 30 days.
You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se.
We may update this policy from time to time. We will notify you of material changes by email or by a prominent notice in the Service. The "Last updated" date at the top of this page reflects the most recent revision.
We use cookies to keep you signed in and, with your permission, to understand how Distillr is used. Cookie Policy