Privacy Policy

Last updated: April 2026

What Distill Is

Distill is a thinking development and reflection tool. It helps you capture your own perspective after consuming content. It is NOT a medical device and is NOT intended to diagnose, treat, cure, or prevent any medical or psychological condition.

Data We Collect

  • Email address — used for authentication and service-related emails (resurfacing reminders, streak notifications, weekly summaries). You can disable any email type from Settings.
  • Reflection content — the text you write after consuming content. This is the core of what Distill stores.
  • Session metadata — content titles, types (book/video/article/podcast), and optional reasons you provide.
  • Usage data — streak counts, reflection counts, and timestamps. Used to power your dashboard.
  • Payment data — if you upgrade to Pro, Stripe processes your payment. We store only your Stripe customer ID, not your card details.

How We Use Your Data

  • To provide and maintain the Distill service.
  • To resurface your own reflections at intervals (3, 7, 30, 90 days) so you can revisit your thinking.
  • To track your streak and reflection counts.
  • To process payments via Stripe.
  • To send service-related emails — resurfacing reminders, streak notifications, and weekly summaries. You can disable each type individually from Settings.
  • To understand how the product is used via anonymized analytics (see Cookies & Analytics below).

What We Never Do

  • Your reflections are never used for AI training. Not by us. Not by any third party. Not ever.
  • Your data is never shared with third parties for marketing, advertising, or any other purpose.
  • We take steps to minimize logging of your reflection content. Error tracking systems receive only error metadata, not reflection text.

Data Retention

Your data is stored for as long as your account is active. If you delete your account, all data is soft-deleted immediately and permanently purged within 30 days. Deleted reflections are also purged 30 days after deletion.

Your Data Rights

Regardless of where you are located, you have the following rights:

  • Access — Export all your data at any time from Settings.
  • Deletion — Delete your account from Settings. All data is purged within 30 days.
  • Portability — Your data export is in human-readable JSON format.
  • Rectification — Add layers to any reflection to update your thinking, or delete and re-create it.
  • Withdraw consent — Disable any non-essential processing (analytics, email notifications) from Settings at any time.

See the Regional Rights section below for jurisdiction-specific details.

Cookies & Analytics

Distill uses the following cookies and local storage:

  • Authentication cookies — set by Clerk to maintain your login session. Strictly necessary.
  • Cookie consent — remembers whether you dismissed the cookie banner. Stored in localStorage.
  • UTM attribution cookies — if you arrive via a marketing link, we store the source, medium, and campaign name for 30 days to understand how you found Distill. These are first-party cookies and are not shared with any third party.
  • Country detection — your country code (derived from your IP by our hosting provider) is stored in a cookie to display region-appropriate pricing. Your IP address is not stored.
  • Analytics (PostHog) — we use PostHog to understand how the product is used (page views, feature adoption). PostHog runs in identified-only mode — anonymous visitors are not tracked. We do not use this data for advertising. PostHog does not track your browsing activity across other sites.
  • Error tracking (Sentry) — we use Sentry to detect and fix bugs. Sentry receives error metadata (error type, URL, browser info) but not your reflection content.

We do not use advertising cookies, retargeting pixels, or any tracking that follows you across other websites.

Sub-Processors

We use the following third-party services to operate Distill:

  • Convex — database and backend (stores your reflections, sessions, and profile data).
  • Clerk — authentication (manages your login and email verification).
  • Stripe — payment processing (handles Pro subscription billing).
  • Resend — transactional email delivery (sends resurfacing reminders, streak notifications, and weekly summaries).
  • Vercel — hosting and content delivery.
  • PostHog — product analytics.
  • Sentry — error monitoring.

Distill is operated from India. Our sub-processors store and process data primarily in the United States. By using Distill, you consent to the transfer of your data to these locations. All sub-processors maintain industry-standard security practices and data protection measures.

Regional Rights

India (DPDP Act)

If you are in India, you have the right to access, correct, and erase your personal data. You may withdraw consent for non-essential data processing at any time. Distill does not process data of users known to be under 18 without verifiable parental consent. To exercise your rights, email us at the address below.

EU/EEA (GDPR)

If you are in the EU/EEA, the legal basis for processing your data is (a) contract performance (providing the service you signed up for), (b) legitimate interest (analytics and error tracking to improve the product), and (c) consent (marketing emails, which you can disable from Settings). You may exercise your rights to access, portability, deletion, and rectification as described above.

California (CCPA)

Distill does not sell your personal information. We do not share your data with third parties for their own marketing purposes. You have the right to know what data we collect, request deletion, and opt out of any future sale (though we have nothing to opt out of). To exercise these rights, email us at the address below.

Contact

For any privacy-related questions or to exercise your rights, email us at hello@distillwise.com.

Back to Distill