Disro is an AI brand intelligence platform that tracks how ChatGPT, Claude, Gemini, and Perplexity describe your brand and products, providing visibility scores and actionable recommendations.

Do I need Shopify to use Disro?

No. Disro works with any brand. Provide your URL and Disro automatically imports your product catalog. The Shopify integration unlocks real-time sync and automated description fixes.

What AI models does Disro track?

Disro tracks brand visibility across ChatGPT (GPT-4o), Claude, Gemini, and Perplexity simultaneously with daily probes.

How much does Disro cost?

Disro offers a free trial, Growth at $49/month, and Scale at $149/month.

Last Updated: June 5, 2026

Disro Inc. (“Disro,” “we,” “our,” or “us”) respects your privacy. This Privacy Policy explains what information we collect, why we collect it, how we use and disclose it, and the choices and rights available to you.

This Privacy Policy applies to information we collect through disro.com, its subdomains, the Disro online hosted services, our applications, and any other website, product, or service that links to or posts this Privacy Policy (individually and collectively, the “Services”), as well as information we collect offline. “You,” “your,” and “user” mean you as a user of the Services.

Disro is an AI-native operating platform for agencies and service businesses. The Services allow you to create, train, deploy, and manage autonomous AI agents with persistent memory; to connect third-party tools, platforms, and data sources; and to build and run workflows through which those agents help you operate your business and serve your own customers. Disro’s persistent memory layer (the “Cortex”) maintains context for your account so that agents improve over time. Important: the Cortex is maintained on a per-customer basis. We do not use one customer’s data to train or improve models or memory that serve any other customer.

Our Role: Controller and Processor

Depending on the information at issue, Disro acts in one of two capacities:

• As a controller. For information that identifies you as our customer, prospect, or website visitor — such as account registration details, billing information, marketing contacts, and information about how you use the Services — Disro determines the purposes and means of processing and acts as a “controller” (or “business” under U.S. state laws).

• As a processor. For the information, data, and other content that you submit to or generate through the Services in order to operate your business — which may include personal information about your own employees, clients, and customers (“your end users”) — Disro processes that information on your behalf and under your instructions, and acts as a “processor” (or “service provider”). In that case, you are the controller, you are responsible for having a lawful basis and any required notices or consents to provide that information to us, and our processing is governed by our Terms of Use and, where applicable, a Data Processing Addendum (see “Data Processing Addendum” below).

1. What Information We Collect and How

We collect information from and about you when you:

• create, register, or administer a Disro account;

• input, post, upload, or generate information, data, or other content through the Services;

• connect or integrate a third-party product, platform, or service to your account;

• submit questions, requests, or other communications to us, or contact us for support;

• visit our websites or use our applications;

• participate in promotions, webinars, demonstrations, surveys, events, or research; or

• engage with our sales, marketing, or partner activities.

We also obtain information about you from our business partners (including referral partners and resellers) and from third parties that support our sales and marketing efforts, and we may obtain publicly available business contact information.

a. Your Content

“Content” (also called “Your Content” in our Terms of Use) means all information, data, prompts, inputs, outputs, files, and other content, in any form, that is collected, uploaded, generated, or otherwise received from you (or on your behalf) by or through the Services, including information you provide when connecting a third-party account, product, or service. As between you and us, you own and control your Content, subject to our Terms of Use and this Privacy Policy. Our practices regarding Content differ from our practices regarding other information, as described in Section 2.a.

b. Customer Information

“Customer Information” is information relating to your access to or use of the Services, the creation or administration of accounts, or that otherwise identifies you as a customer or user of the Services, including:

• Identifiers. Name, mailing address, email address, postal code, telephone number, account identifiers, and similar identifiers.

• Customer Records. Username and password, payment and billing information, company name, job title, business email address, and department.

• Commercial Information. Information about products or services purchased, obtained, or considered, and your subscription and usage history.

• Internet/Network Activity Information. Log and analytics data, browsing and search activity within the Services, device information, domain/server data, and information about your interaction with the Services.

• Profession/Employment Information. Current employer, title, and location.

• Inferences. Inferences we draw from the above to create a profile reflecting your preferences, characteristics, and behavior.

If you use the Services as a user under an account created on your behalf by another of our customers (for example, your employer or an organization you belong to), we may collect and process Customer Information about you on behalf of, and subject to the instructions of, that customer.

c. Third-Party Integrations

If you create your account using a third-party service (such as a sign-in or single-sign-on provider), or if you link or integrate a third-party product, platform, or service to the Services, we collect information from that service as needed to authenticate your account and to enable the integration. Once you authorize an integration, the Services and your agents may access, retrieve, store, and act upon information held in that third-party service in order to perform the actions and workflows you configure. We store that information and associate it with your account, and we use it to provide the integration and to carry out instructions initiated by you or by agents acting on your behalf. Your use of any third-party service is also governed by that third party’s terms and privacy practices.

d. Slack Integration Data

If you install, authorize, or use a Disro Slack app or Slack integration, we collect and process Slack data according to the permissions granted through Slack OAuth and the features enabled for your workspace. This may include workspace/team identifiers and metadata; installing-user information; bot and user OAuth tokens, token scopes, and expiration metadata; Slack user IDs, display names, and profile email addresses used to authenticate and authorize Disro users; app mentions and direct messages sent to the bot; slash-command payloads; channel and private-channel messages or thread replies delivered to Disro where the bot is invited, mentioned, participating in a thread, or otherwise configured to receive events; assistant thread events; file metadata and file content provided to the bot; approval decisions; reminders and search requests made by authorized users; and related service logs.

e. Automatically-Collected Information

We automatically collect information about how you access and use the Services, including IP address, browser type, operating system, device type and identifiers, referring/exit pages, and usage data. Some of this information is collected through cookies, pixels, session-replay scripts, software development kits, and similar technologies, as described in Section 4.

2. How We Use the Information We Collect

a. Use of Content

Notwithstanding anything to the contrary, we will not use or access your Content except:

• to provide, maintain, improve, secure, and optimize the Services, including to enable your autonomous agents to perform the actions and workflows you instruct;

• where you (or the organization through which you have an account) explicitly authorize or request access, such as during a support inquiry;

• where reasonably necessary to ensure the stability, integrity, safety, and security of the Services;

• to comply with applicable law or to respond to lawful requests, subpoenas, court orders, or other legal process; and

• where reasonably necessary to protect the rights, privacy, safety, or property of you, us, or others, or to enforce our Terms of Use.

We may analyze metadata related to Content (such as volume, access logs, and performance data) for the purposes above. We may also use de-identified or aggregated information derived from Content to operate and improve the Services, in a manner that does not identify you or any individual.

b. Use of Other Information

We use Customer Information and automatically-collected information for purposes that include:

• Providing the Services. Creating and administering accounts; authenticating users; processing transactions; providing support; and sending Services-related communications and notices required by law.

• Analyzing and improving the Services. Understanding usage; developing new features; performing research, analytics, and quality assurance; and securing the Services and detecting, preventing, and investigating fraud, abuse, and security incidents.

• Marketing. Providing information about products, services, and events that may interest you (subject to your opt-out rights), and measuring the performance of our marketing.

• Legal and compliance. Establishing, exercising, or defending legal claims; complying with law and lawful requests; enforcing our agreements; and protecting our rights, property, and safety and those of others.

• Partner programs. Enabling and supporting participation in any Disro partner program when you elect to work with a partner.

• With consent or as disclosed. For any other purpose disclosed to you at the time of collection or to which you consent.

c. AI, Autonomous Agents, and the Cortex

The Services rely on generative artificial intelligence models, including models provided by third-party AI providers. You may provide prompts, data, and other input (“Input”) and receive generated output (“Output”). Input and Output are part of your Content, and as between you and us you retain ownership of them.

No training without consent; per-customer memory. We will not use, and will not permit our third-party AI providers to use, your Input or Output to train generative AI models that serve other customers without your express consent. The Cortex — our persistent memory layer — is maintained separately for each customer account. Context learned from your use of the Services is used to improve the Services for you and is not used to train or improve models or memory that serve any other customer.

Safety and compliance retention. Third-party AI providers may retain Input and Output for a limited period (generally up to thirty (30) days) for safety, abuse-prevention, and compliance moderation, and longer where retention is required to comply with legal reporting obligations (for example, where content is confirmed to be unlawful). They may also retain limited metadata for billing, safety, and compliance.

d. Automated Decision-Making and Profiling

The Services use automation, including autonomous agents, to take actions and generate Output on your behalf. The Services are designed to keep a human in control: you configure the scope of what your agents may do, and significant or consequential actions are subject to your review and approval. We do not use the Services to make decisions that produce legal or similarly significant effects about an individual based solely on automated processing without human involvement, except as permitted by applicable law. Where you use the Services to configure agents or workflows that engage in profiling or automated decision-making about your end users, you are the controller of that activity and are responsible for providing any required notices, choices, and human-review mechanisms. Residents of certain U.S. states may have the right to opt out of certain profiling; see the state-specific disclosures below.

3. How We Disclose Information

We disclose the information we collect for the purposes described in this Privacy Policy, including:

• With your consent or at your direction. When you ask us to, or otherwise authorize disclosure.

• With service providers and subprocessors. With vendors and subprocessors that perform services on our behalf, by category: cloud hosting and infrastructure; third-party AI model and platform providers; payment processing; analytics and product telemetry; customer support and communications; security and fraud prevention; and email and messaging delivery. These providers are authorized to use the information only to perform services for us and are bound by confidentiality and data-protection obligations. A current list of named subprocessors is available to customers on request and, where applicable, through our Data Processing Addendum.

• With third parties you connect. With third-party products, platforms, and services that you integrate or instruct your agents to interact with.

• With your organization. With an organization on whose behalf you use the Services, or that owns or manages the email domain associated with your account.

• With partners. With partners in a Disro partner program when you elect to work with them.

• For legal reasons and safety. To comply with applicable law, governmental and law-enforcement requests, and legal process, and to protect the rights, privacy, safety, or property of you, us, or others.

• In a business transfer. In connection with a proposed or actual merger, acquisition, financing, reorganization, sale of assets, or similar transaction.

• Aggregated or de-identified. We may disclose aggregated or de-identified information that cannot reasonably be used to identify you.

4. Cookies and Tracking Technologies; Your Choices

We and our service providers use cookies and similar technologies to operate, secure, and analyze the Services and to support marketing. These generally fall into the following categories:

• Strictly necessary. Required to provide the Services, authenticate users, and maintain security. These cannot be switched off in our systems.

• Functional. Remember your preferences and settings.

• Analytics/performance. Help us understand how the Services are used so we can improve them.

• Advertising/targeting. Help us and our partners measure and deliver relevant marketing.

You can manage cookies through your browser settings and, where offered, through an in-product cookie control. We honor recognized opt-out preference signals, including the Global Privacy Control (GPC), where required by applicable law. For more information about GPC, visit globalprivacycontrol.org. Disabling some cookies may affect the functionality of the Services.

5. International Users and Transfers

We are based in, and operate the Services from, the United States. If you access or use the Services from outside the United States, you understand and agree that your information will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your location. We add jurisdiction-specific disclosures and cross-border transfer mechanisms as required by applicable law in the regions we serve; see the country-specific sections below, and contact us for more information about a particular transfer.

6. Retention of Information

We retain personal information for no longer than necessary for the purposes for which it was collected, after which we delete or de-identify it. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the information; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process it and whether those can be achieved by other means; our contractual obligations to customers; and applicable legal, tax, accounting, and reporting requirements. When we process Content as a processor on a customer’s behalf, we retain and delete that Content in accordance with the customer’s instructions and our Terms of Use. Information retained in backups is deleted in the ordinary course of our backup cycle.

7. Security

We maintain administrative, technical, and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, and unauthorized access, use, or disclosure. These include measures such as encryption in transit, access controls, logical separation of customer environments, and monitoring. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for configuring the scope of access and authority you grant to agents and integrations.

8. Managing Your Information

You may access, correct, amend, or delete much of your Content directly within the Services. Content you delete may persist temporarily in archived or backup copies. For assistance, or to request permanent deletion of Content, contact us at privacy@disro.com. Where you use the Services under an account administered by an organization, certain requests may need to be directed to that organization, and we may refer your request to them.

You may opt out of marketing communications at any time by using the unsubscribe link in those messages or by contacting us at privacy@disro.com. Opting out of marketing will not stop Services-related or transactional communications.

Depending on where you live, you may have additional rights, described in the state-specific disclosures below. To exercise any of those rights, follow the instructions in the applicable section.

9. Slack Marketplace Compliance

If you use the Disro Slack app, Disro accesses Slack data only after your workspace authorizes the app through Slack OAuth and only within the permissions granted. We use Slack data to operate the Slack integration and related Services: routing Slack requests to your Disro agents; maintaining conversation, channel, and thread context; posting replies or ephemeral responses; displaying and resolving approval cards; creating user-requested reminders; reading user-provided files where enabled; matching Slack users to Disro users for tenant and approval checks; preventing abuse; debugging; security; billing; support; and compliance. Relevant Slack prompts, content, and context may be processed through our AI model gateway (OpenRouter) by the model provider(s) used, which may include providers such as Anthropic and OpenAI, solely to provide requested outputs and operate the Services.

We do not sell Slack data. We do not use Slack data for advertising. We do not use Slack data to develop, improve, or train generalized AI/ML models or large language models, and we do not permit third-party AI providers to use Slack data to train their generalized models.

You can uninstall or revoke the Disro Slack app at any time from Slack App Management or disconnect it in Disro where available. After revocation or uninstall, Disro stops collecting new Slack data from that workspace. Uninstalling or revoking access does not by itself delete previously processed Slack data. To request access, transfer, correction, or deletion of Slack-originated data, contact privacy@disro.com; for workspace-level requests, we may require the request to come from an authorized workspace administrator or account owner. We retain and delete Slack-originated Content and related metadata in accordance with Section 6 and the customer’s instructions, subject to legal, security, backup, and audit requirements.

10. Information from Children

The Services are intended for businesses and are not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take reasonable steps to delete it. If you believe a child has provided us with personal information, please contact us at privacy@disro.com. If you use the Services to process information about minors, you are responsible for obtaining any verifiable parental consent required by the Children’s Online Privacy Protection Act (COPPA) or other applicable law.

11. Changes to this Privacy Policy

Any information we collect is subject to the Privacy Policy in effect when it is collected. We may revise this Privacy Policy from time to time. If we make a material change, we will provide notice as required by law — for example, by email or through the Services — and will update the “Last Updated” date above. Your continued use of the Services after a change takes effect constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

Disro Inc.

Attn: Privacy

1007 N Orange St., 4th Floor, Suite #5295

Wilmington, Delaware 19801, United States

Email: privacy@disro.com

13. United States State Privacy Disclosures

This Section describes rights that may apply to residents of U.S. states with comprehensive consumer privacy laws currently in effect, including California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. Rights and exceptions vary by state, and we honor them as required by the applicable state law. (Florida residents may also have rights under Florida’s narrower digital privacy statute where it applies.) Where we process personal information as a service provider/processor on a customer’s behalf, we will refer applicable requests to that customer.

a. Opt-Out of Sale, Sharing/Targeted Advertising, and Profiling

We do not sell personal information for money. We may use cookies and similar technologies that allow advertising and analytics partners to collect information from your device, which may be considered a “sale” or “sharing” (for targeted advertising) under some state laws. You may opt out of such activity, and of certain profiling, by emailing privacy@disro.com or by using available in-product controls. We honor the Global Privacy Control (GPC) where required.

b. Your Rights

• Right to access / know. To confirm whether we process your personal information and to obtain a copy and details about our processing.

• Right to delete. To request deletion of personal information, subject to exceptions.

• Right to correct. To correct inaccurate personal information (this right does not apply to Iowa residents).

• Right to portability. To obtain a copy of certain personal information in a portable format.

• Right to appeal. To appeal our decision on a request (this right does not apply to California or Utah residents).

• Right to non-discrimination. To not be discriminated against for exercising your rights.

To exercise these rights, email privacy@disro.com with the subject line “Privacy Rights Request” and the state in which you reside. We will verify your identity — generally by confirming account access or by matching information you provide against our records — before responding, and we may decline a request where we cannot verify your identity or as otherwise permitted by law. You may use an authorized agent where the law allows.

c. Additional Disclosures for California Residents

• Sensitive personal information. We collect certain information considered “sensitive personal information” under the CCPA (such as account login credentials and the contents of communications). We use and disclose it only to provide the Services and for other purposes permitted without a right to limit, and not to infer characteristics about you.

• Shine the Light. California residents may request information about disclosures of personal information to third parties for those third parties’ direct-marketing purposes by emailing privacy@disro.com.

• Minors. We do not sell or share the personal information of consumers we know to be under 18.

d. Additional Disclosures for Delaware, Maryland, Minnesota, and Oregon Residents

Residents of these states may request a list of the categories of third parties to which we have disclosed personal information. To make such a request, email privacy@disro.com.

14. Nevada Disclosures

Nevada law permits Nevada residents to opt out of the future “sale” of certain covered information. Although we do not sell covered information as defined under Nevada law, you may submit a request by emailing privacy@disro.com.

15. Australia Disclosures

Where we hold personal information governed by Australia’s Privacy Act 1988, you may request access to or correction of that information, and you may withdraw consent where consent was previously provided. To make a request, email privacy@disro.com with the subject line “Australian Privacy Rights Request.” We may need to verify your identity, and we may decline a request as permitted by law.

16. Canada Disclosures

If you are in Canada, you may request confirmation that we hold personal information about you and a copy of it, request correction of inaccurate or incomplete personal information, and withdraw consent where consent was previously provided (subject to legal and contractual limits). Where we transfer personal information to service providers located outside Canada, we use contractual and other measures designed to ensure a comparable level of protection, consistent with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial law. To make a request, email privacy@disro.com with the subject line “Canadian Privacy Rights Request.” We may need to verify your identity before responding.

17. Data Processing Addendum

Where Disro processes personal data on a customer’s behalf, that processing is governed by a Data Processing Addendum (“DPA”) that supplements the Terms of Use and includes the GDPR Article 28 processing terms, our list of named subprocessors, and applicable cross-border transfer mechanisms. The DPA is provided to customers on request. To request a copy, contact privacy@disro.com.

Privacy Policy for Slack