start free

Privacy Policy

Last updated May 31, 2026

This Privacy Policy explains how Dibs AI Inc., a Delaware C Corporation ("Dibs", "we", "us"), collects, uses, and shares information when you use the Dibs platform at dibslabs.com and related sites, applications, and integrations (the "Service"). By creating an account or using the Service, you agree to this Policy.

1. Who we are

Dibs AI Inc. is a Delaware C Corporation that operates Dibs, an AI studio for short-form social content. We are the controller of the personal information described in this Policy. You can reach us using the details in the "Contact" section below.

2. Scope

This Policy applies to:

  • our website and web application at dibslabs.com and related domains;
  • third-party accounts and platforms you choose to connect to the Service (such as TikTok) via OAuth; and
  • any other digital property that links to this Policy.

3. Information we collect

  • Account & team data. Your name, email, password (stored hashed), and the teams you belong to, including roles and invitations.
  • Content & inputs. Prompts, source links and articles, personas, content ideas, briefs, captions, and other inputs you submit for AI generation, together with the media and text the Service generates from them. This includes reference images and likeness you upload to train a persona "identity" (a reusable persona identity).
  • Connected-account data. When you connect a third-party platform (such as TikTok), we receive and store an OAuth access token and refresh token (encrypted at rest), the connected account's identifiers, display name, username, avatar, and basic profile and statistics (such as follower, like, and video counts), to the extent the platform's scopes you authorize provide them.
  • Billing data. Subscription, seat, and token-purchase records, and your token usage ledger. Card details are handled by our payment processor (Stripe) — we do not store full card numbers.
  • Usage, device & activity-log data. Log data, IP address, browser/user-agent, the URLs you access, and a record of meaningful actions taken in the Service (including before/after changes), which we keep in an audit log for security, compliance, and abuse prevention.
  • Cookies. We use strictly necessary cookies for authentication and session management.

4. How we collect information

We collect information:

  • directly from you when you create an account, configure teams, submit inputs, or contact us;
  • automatically as you use the Service, through logs, cookies, and our audit trail; and
  • from third parties you connect or point us to — for example, profile and statistics from a social platform you authorize via OAuth, or the contents of RSS feeds and article URLs you add as sources, which we fetch on your behalf.

5. How we use information

  • To provide, operate, secure, and improve the Service.
  • To generate the content you request via our third-party AI providers.
  • To publish, schedule, or manage content on platforms you connect, when you instruct us to (including posts you schedule for a future time).
  • To process subscriptions, seats, token purchases, and grants, and to meter usage.
  • To secure the Service, prevent abuse, and maintain our audit log.
  • To develop and improve our Service and systems, including AI features (see "AI processing & model training").
  • To communicate with you about your account and the Service.

6. AI processing & model training

The Service uses artificial intelligence to process your inputs and produce the outputs you request. We reserve the right to use data you submit to operate, develop, and improve the Service and our systems, including our AI features.

  • Persona "identity". When you train an identity, we use the reference images you provide to create a private, per-persona likeness model that is used to generate that persona's media for your team.
  • Third-party AI providers. To generate content, we share the minimum necessary inputs with third-party AI providers that perform text generation and image/video generation on our behalf. They process those inputs under their own terms to return outputs to us.

AI output may be inaccurate, may resemble other outputs, and is not guaranteed to be unique or fit for any purpose. You are responsible for reviewing output before you use it.

7. Service providers & subprocessors

To deliver the Service we share the minimum necessary data with providers who act on our behalf:

  • AI providers — a third-party text generation provider and a third-party image and video generation provider (the latter also trains the persona identity). Your prompts, source text, and reference images are sent to them to produce output.
  • Stripe — payment processing and billing, under its own privacy policy.
  • TikTok — when you connect a TikTok account and ask us to publish, we send the relevant media and captions to TikTok on your behalf.
  • Cloud hosting, storage & messaging — infrastructure providers that host the application, store your media, send email, and deliver real-time updates.

We do not sell your personal information.

8. Connected social accounts

Connecting a platform such as TikTok is optional. When you do, you grant the Service the access scopes shown during the connection flow, and we store the resulting OAuth tokens encrypted at rest. We use them only to read your basic profile and statistics and to publish or manage content at your direction. You can disconnect an account at any time, in the Service or in the platform's own settings; on disconnect we delete the stored tokens. Your use of each platform remains subject to that platform's terms and privacy policy.

9. Sharing & disclosure

We share information only with the service providers above, with your team members as inherent in a shared workspace, when required by law or to protect our rights, or in connection with a merger, acquisition, or financing.

10. Cookies & tracking

We use strictly necessary cookies to authenticate you and maintain your session. We do not use your content or connected social-account data for advertising or interest-based profiling.

11. Data retention

We retain your account and content for as long as your account is active. Audit-log entries are retained for a limited period (by default, 365 days) and then pruned. Billing and token-ledger records are retained as required for tax, accounting, and audit purposes. OAuth tokens are deleted when you disconnect the related account. You may request deletion as described below; some records may be retained where required by law.

12. Security

We use industry-standard measures to protect your data, including encryption in transit and encryption of stored OAuth tokens. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

13. Your rights

Depending on your location (including under the GDPR and the CCPA/CPRA), you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at legal@calldibs.ai.

14. International transfers

We are based in the United States and process data there. If you access the Service from outside the U.S., you consent to transferring your information to the U.S. and the jurisdictions of our service providers.

15. Children

The Service is not directed to children under 16, and we do not knowingly collect their information.

16. Changes

We may update this Policy from time to time. We will revise the "last updated" date and, for material changes, provide additional notice.

17. Contact

For general questions, email hello@dibslabs.com. For privacy requests or other legal matters, email legal@calldibs.ai. You can also call +1 (415) 915-2747, or write to us at:

Dibs AI Inc.
2261 Market Street STE 85799
San Francisco, CA 94114
USA