How long does setup take before I can start?

Under ten minutes. Connect your YouTube, Instagram and TikTok accounts, drop in your first batch of videos, and distribot handles the rest — no setup calls, no config files.

Does distribot resize my video for each platform automatically?

Yes. Upload once and distribot reframes and resizes every clip to fit each platform — vertical for Reels, TikTok and Shorts, plus the right aspect for the feed. You can fine-tune any crop before it goes out.

Can I customize captions and thumbnails per platform?

Absolutely. Write one caption to reuse everywhere, or tailor the caption, hashtags and thumbnail per platform — distribot remembers your style for each channel so you're not starting from scratch every time.

Can I see analytics from every platform in one place?

Yes. Reach, views and engagement from every channel land in one simple dashboard — so you can see what's working without logging into three different apps.

Is it safe to give distribot access to my accounts?

Completely. distribot connects through each platform's official API — TikTok, Instagram and YouTube — so we never see or store your passwords, and you can disconnect any account in one click, anytime.

Does automated posting break the platforms' rules?

No. Scheduling through official APIs is exactly what they're built for — it's the same way big studios and agencies publish. distribot stays fully within each platform's terms.

Back to home

Privacy Policy

Distribot – Sole Proprietor

This privacy policy informs you in accordance with Art. 13 and 14 GDPR (General Data Protection Regulation) about the nature, scope, and purpose of the processing of personal data when using Distribot.

1. Controller (Art. 4(7) GDPR)

The controller within the meaning of the GDPR is the following natural person (sole proprietor):

Aron Taner
Burgfriedstr. 15
83024 Rosenheim
Deutschland

E-mail (data protection):
datenschutz@distribot.de

Note: A data protection officer is not required pursuant to Art. 37 GDPR in conjunction with Section 38 BDSG (German Federal Data Protection Act), as fewer than 20 persons are permanently engaged in the automated processing of personal data. For all data protection inquiries, please contact the e-mail address listed above directly.

2. Principles of Data Processing (Art. 5 GDPR)

We process personal data in accordance with the following principles of the GDPR:

Lawfulness, fairness, transparency: Data is processed only on a clear legal basis and in a comprehensible manner.
Purpose limitation: Data is collected exclusively for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.
Data minimization: Only the data required for the respective purpose is collected.
Accuracy: We take appropriate measures to ensure that inaccurate data is rectified or erased without delay.
Storage limitation: Data is not stored longer than necessary. The specific periods are described in Section 8.
Integrity and confidentiality: Data is protected against unauthorized access, loss, and destruction by means of appropriate technical and organizational measures (TOMs) (see Section 12).

3. Categories of Data Collected and Processing Purposes

When using Distribot, we process the following categories of personal data:

a) Master data

Data: Name, e-mail address, password (stored as a hash, never in plain text)

Purpose: Creation and administration of the user account, authentication, communication

b) OAuth tokens (social media access credentials)

Data: Access tokens and refresh tokens for linked social media accounts (e.g. Instagram, Facebook)

Purpose: Execution of posting jobs via the respective platform API

Note: Tokens are stored in encrypted form and are not disclosed to third parties.

c) Content data

Data: Images, videos, texts, captions, and schedules that the user uploads or creates

Purpose: Execution of the posting job assigned by the user; no use of the content by the operator for its own purposes

d) Usage data

Data: Login times, activity logs, scheduled and executed posts, error logs

Purpose: Operation, technical support, troubleshooting, abuse prevention

e) Payment data

Data: Billing address, where applicable payment method identifier (depending on the payment provider:

Stripe
)

Purpose: Processing of subscription payments; payment data is processed directly by the payment provider and is not stored on our servers.

f) Technical connection data

Data: IP address, browser type and version, operating system, timestamp, pages accessed

Purpose: Security, error analysis, protection against attacks, system stability

g) Waitlist and newsletter data

Data: E-mail address and time of registration

Purpose: Inclusion in the early-access waitlist and dispatch of information about the product launch. Registration is voluntary and based on your consent, which you grant by submitting the registration form.

4. Legal Bases for Processing (Art. 6 GDPR)

Each processing of personal data is based on one of the following legal bases:

Art. 6(1)(b) GDPR (performance of a contract): Master data, OAuth tokens, content data, usage data – necessary for the provision of the contractually agreed service.
Art. 6(1)(c) GDPR (legal obligation): Payment data – subject to retention requirements pursuant to Section 147 AO (German Fiscal Code) (10 years).
Art. 6(1)(f) GDPR (legitimate interest): Technical connection data, error logs – to secure operations, prevent abuse, and maintain system integrity. The operator's legitimate interest in secure and stable operation outweighs the user's interest in the non-processing of this minimal technical data.
Art. 6(1)(a) GDPR (consent): To the extent that optional cookies or analytics tools are used, processing takes place on the basis of voluntary consent that can be revoked at any time.

5. Hosting and Infrastructure

Hosting and CDN service provider:
Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA

The website is delivered via Cloudflare's global content delivery network. A data processing agreement (Data Processing Addendum) pursuant to Art. 28 GDPR has been concluded with the provider. The provider processes data exclusively according to our instructions and not for its own purposes.

Cloudflare is a US company. Insofar as personal data (in particular IP addresses in server log files) is transferred to the USA, this takes place on the basis of the EU Standard Contractual Clauses (Art. 46 GDPR) or the EU-U.S. Data Privacy Framework. Where possible, data is processed within the European Union.

6. Third-Party Providers and Data Transfers (Art. 44 et seq. GDPR)

a) Meta Platforms / Instagram & Facebook API

Distribot uses the Meta Graph API to publish content on Instagram and Facebook on behalf of the user. In doing so, OAuth tokens and the content provided by the user are transmitted to Meta.

Meta Platforms Inc. is based in the USA. The transfer to the USA takes place on the basis of Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR. Further information: https://www.facebook.com/privacy/policy/

b) Payment provider
Payments are processed via
Stripe

In this process, the billing address and payment data are transmitted directly to this provider. We ourselves do not store complete payment data. The privacy policy of the payment provider applies in addition.

c) Newsletter, waitlist and form service (Brevo)

For the management of our early-access waitlist, the processing of form submissions (contact, sign-up, partner programme) and the dispatch of associated e-mails, we use the service Brevo, operated by Sendinblue GmbH, Köhlstraße 1–3, 50827 Cologne, Germany (parent company: Brevo SAS, 106 boulevard Haussmann, 75008 Paris, France). When you submit a form on our website, the data you enter (e.g. e-mail address and, where applicable, name) is transmitted to Brevo and stored there.

Processing takes place on the basis of your consent (Art. 6(1)(a) GDPR) or for the performance of pre-contractual measures (Art. 6(1)(b) GDPR). You can revoke any consent granted at any time with effect for the future, e.g. via the unsubscribe link in every e-mail or by message to the data protection e-mail address listed above.

A data processing agreement pursuant to Art. 28 GDPR exists with Brevo. Data processing takes place on servers within the European Union. Further information: https://www.brevo.com/legal/privacypolicy/

d) Analytics tools (optional)
Insofar as an analytics tool is used:

processing takes place on the basis of your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time via the cookie banner or the privacy settings.

e) Transfers to third countries

Insofar as data is transferred to countries outside the EU / EEA (in particular the USA), this is done on the basis of appropriate safeguards (Standard Contractual Clauses pursuant to Art. 46 GDPR or an adequacy decision pursuant to Art. 45 GDPR). Details can be provided on request.

7. Cookies and Tracking (Section 25 TTDSG)

Distribot uses cookies to enable the operation of the platform and to improve the user experience. We distinguish:

Technically necessary cookies (no consent required):

Session cookies: Maintain the user's login (lifetime: browser session)
CSRF protection tokens: Prevent cross-site request forgery attacks (lifetime: session)
Preference cookies: Store language settings and UI preferences (lifetime: 30 days)

Optional cookies (only with consent):

Analytics cookies: Capture anonymized usage behavior for product improvement
Marketing cookies: Currently not used

On your first visit to the website, a cookie banner is displayed through which you can grant or refuse your consent. You can revoke your consent at any time with effect for the future.

8. Storage Duration and Deletion Periods (Art. 5(1)(e) GDPR)

We delete personal data as soon as the purpose of the processing no longer applies and no statutory retention obligations conflict with this:

Account data (master data): For the duration of the active contractual relationship; permanently deleted within 30 days after account deletion.
OAuth tokens: Until the connection is revoked by the user or until account deletion.
Content data (images, texts, etc.): After successful publication or at the user's request; no later than 30 days after account deletion.
Usage data and error logs: 90 days, then automatic deletion.
Payment data / invoices: 10 years pursuant to Section 147(1) AO (German Fiscal Code) (statutory retention obligation under tax law).
Technical connection data (IP logs): 7 days to safeguard against attacks; then deleted or anonymized.
Waitlist and newsletter data: Until consent is revoked or unsubscription; subsequently prompt deletion at Brevo and in our systems.

9. Your Rights as a Data Subject (Art. 15–22 GDPR)

As a data subject, you have the following rights vis-à-vis the controller:

Art. 15 GDPR – Right of access: You can request information on whether and which personal data we process about you, as well as a copy of this data.
Art. 16 GDPR – Right to rectification: You can request the immediate rectification of inaccurate or the completion of incomplete personal data.
Art. 17 GDPR – Right to erasure ("right to be forgotten"): You can request the erasure of your personal data, provided that no retention ground conflicts with this. You can carry out the account deletion directly in the dashboard.
Art. 18 GDPR – Right to restriction of processing: Under certain conditions, you can request that the processing of your data be restricted.
Art. 20 GDPR – Right to data portability: You have the right to receive your data in a common, machine-readable format and to transmit it to another controller.
Art. 21 GDPR – Right to object: You can object at any time to the processing of your data on the basis of legitimate interests (Art. 6(1)(f) GDPR) if there are grounds arising from your particular situation.
Art. 22 GDPR – Right not to be subject to automated decisions: Distribot does not make any automated decisions with legal effect for the user.

To exercise your rights, please contact:
datenschutz@distribot.de

We respond within 30 days (Art. 12(3) GDPR).

10. Withdrawal of Consent (Art. 7(3) GDPR)

Insofar as the processing of your personal data is based on consent, you can withdraw it at any time with effect for the future. The withdrawal does not affect the lawfulness of the processing carried out up to the point of withdrawal.

Options for withdrawal:

Revoking the OAuth connection to social media platforms directly in the Distribot dashboard
Withdrawing cookie consents via the cookie settings on the website
Deleting your account via the dashboard or by e-mail to the data protection e-mail address listed above

Please note: After withdrawal, certain functions of Distribot may no longer be usable.

11. Right to Lodge a Complaint with the Supervisory Authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.

Competent supervisory authority:

Competent supervisory authority:Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)Promenade 18, 91522 AnsbachInternet: www.lda.bayern.de

A list of all German data protection authorities can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

12. Data Security (Art. 32 GDPR)

We use the following technical and organizational measures (TOMs) to protect your data:

Transport encryption: All connections to the platform are made via HTTPS with TLS 1.2 or higher.
Encrypted data storage: OAuth tokens and sensitive data are stored encrypted in the database.
Access restrictions: Access to production systems is restricted to authorized persons and is logged.
Regular backups: Data is backed up regularly to prevent data loss.
Password hashing: User passwords are stored exclusively as a hash (e.g. bcrypt) and cannot be reconstructed in plain text.
Security audits: Regular review of the systems used for security vulnerabilities.

Note: Despite all security measures, 100 percent security of data transmission over the internet cannot be guaranteed. Please carefully safeguard your access credentials yourself.

13. Special Notes on SaaS Use and Automated Processing

Distribot publishes content on third-party platforms (e.g. Instagram, Facebook) on behalf of and according to the instructions of the user. In this context, the following applies:

User as controller: The user is solely responsible for the content they publish via Distribot (Art. 4(7) GDPR). They bear responsibility for having all necessary rights to the content and for not infringing the rights of third parties.
Operator as processor: Insofar as the operator of Distribot processes data of the user or of persons appearing in the user's content, the operator acts as a processor pursuant to Art. 28 GDPR.

A data processing agreement (AVV) pursuant to Art. 28 GDPR can be concluded on request (particularly relevant for B2B users / companies). Contact:

datenschutz@distribot.de

Distribot does not carry out any fully automated decisions with legal effect for the user (Art. 22 GDPR).

14. Changes to This Privacy Policy

We reserve the right to update this privacy policy in order to adapt it to changed legal situations, new product features, or altered processing activities.

Material changes will be communicated to registered users by e-mail. We recommend visiting this page regularly in order to always view the current version.

Last updated:
12 June 2026

Distribot |
distribot.de / https://www.distribot.de