Effective Date: May 9, 2026 · Last Updated: May 15, 2026
DigiDistro ("we," "our," or "the Service") is a commercial cross-platform video-distribution product operated by Super Funicular LLC ("Super Funicular"). Each creator ("you") connects the social accounts you control and publishes your video content to those destinations from a single workflow. This Privacy Policy describes how DigiDistro handles your authentication credentials, your content, and the operational metadata generated when DigiDistro acts on your behalf.
DigiDistro is currently in closed beta. During closed beta the only onboarded creator is Super Funicular's own founder, validating the end-to-end pipeline against every connected platform's official API. The data-handling described below applies in identical form to additional creators when DigiDistro opens to invite beta and general availability.
Each creator authorizes DigiDistro to act on their own social accounts via OAuth or platform-equivalent flows. The credentials DigiDistro stores per platform, per creator:
| Platform | Credentials stored | Scope |
|---|---|---|
| TikTok | access_token, refresh_token, open_id | user.info.basic, video.upload (inbox) |
| access_token, refresh_token, board_id | pins:write, boards:read, user_accounts:read | |
| access_token (60-day TTL), urn:li:person:* | w_member_social, openid, profile, email | |
| Meta (FB / IG / Threads) | page access token, IG user_id, Threads user_id | pages_manage_posts, instagram_content_publish, threads_content_publish |
| X (Twitter) | session cookies (auth_token, ct0, twid) | tweet creation only |
| Bluesky | app password | com.atproto.repo.createRecord |
| dev.to | API key | article publish |
Credentials are encrypted at rest, isolated per creator, stored only on Super Funicular-controlled server infrastructure (Hetzner Cloud VPS), and are never transmitted to any third party other than the corresponding destination platform's official API.
DigiDistro reads videos and metadata from each creator's source channel using the source platform's API or yt-dlp where the creator has authorized that access. Each downloaded video is held transiently on the server (typically less than 24 hours) for the sole purpose of upload to the destinations the creator has connected, and is deleted after distribution completes.
For each post DigiDistro publishes, we record: the destination platform name, the post URL after publication, the timestamp, the source video ID it corresponds to, and pacing/state needed for rate-limit enforcement. This metadata is stored in a per-creator SQLite manifest on Super Funicular's server and is used solely for deduplication, retry logic, and the creator's own audit dashboards.
The information DigiDistro processes is used exclusively to:
DigiDistro does not sell, trade, or otherwise share any creator's data with third parties. Data flows only between DigiDistro's server and the official APIs of the destination platforms each creator has connected. Each destination platform's own privacy policy governs data once it leaves DigiDistro:
DigiDistro integrates with TikTok via two products from the TikTok for Developers platform on behalf of each creator who connects their TikTok account through OAuth:
user.info.basic scope. We retrieve open_id and display_name only, and use them solely to confirm which TikTok account the creator authorized.video.upload scope (inbox/drafts mode only). Videos are delivered to the creator's TikTok app inbox where the creator manually chooses whether to publish. We do not request the video.publish scope, do not auto-publish, and do not bypass any moderation.We do not request, store, or use TikTok analytics data, viewer data, comment data, or follower data. We do not access or process content from any TikTok account other than the creator's own.
Authentication tokens are stored in encrypted, per-creator credential files with 0600 permissions on a Hetzner Cloud VPS managed by Super Funicular. The server is hardened with SSH key authentication only, fail2ban, automatic security updates, and Cloudflare in front of public web endpoints. All API calls travel over HTTPS / TLS 1.2+.
Authentication tokens are retained until the creator revokes them via the corresponding platform's settings or until the platform's documented expiration. Distribution metadata (post URLs, timestamps) is retained for the operating life of the creator's account on DigiDistro to prevent re-posting the same video. Downloaded video files are transient (typically deleted within 24 hours of distribution).
Each creator can at any time:
DigiDistro is not directed to children under 13 (or 16 in the EEA / UK), and does not knowingly collect data about children. Creators who connect accounts represent that they meet each destination platform's minimum-age requirements.
We will post any changes to this Privacy Policy at this URL with an updated "Last Updated" date. Material changes will also be reflected in renewed authorization grants on each connected platform.