Privacy Policy

Last updated: July 4, 2026

1. Introduction

DemoGenius AI (“DemoGenius”, “we”, “us”, or “our”) provides an AI Agent-powered platform for creating, publishing, and analyzing interactive product demos. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the choices and rights you have. It applies to our websites, dashboard, public demo player, embeds, Chrome extension, and APIs (together, the “Service”).

For data that our customers collect through demos they publish— such as viewer analytics and lead form submissions—we act as a processor on behalf of the customer, who is the controller of that data. For data about our own account holders, we act as the controller.

2. Information We Collect

We collect the following categories of information:

  • Account information. Your name, email address, profile image, hashed password (if you use email sign-in), Google account identifiers (if you use Google sign-in), workspace membership, and role.
  • Captured demo content. Screenshots you upload or capture with our Chrome extension, page URLs and titles, viewport dimensions, optional DOM metadata (CSS selectors, element text, ARIA labels), and the captions, hotspots, notes, narration scripts, narration audio, and translations you or our AI Skills create.
  • Analytics events. When someone views a published demo, we record events such as demo views, step views, hotspot clicks, CTA clicks, completions, and drop-offs, together with referrer, embed source, and a hashed viewer identifier. We do not build cross-site advertising profiles from this data.
  • Lead form submissions. If a demo includes a lead capture form, we collect the name, email, company, and any custom fields the viewer submits, and deliver them to the demo owner. We process this data solely on the demo owner’s instructions.
  • Billing information. Payments are processed by Stripe. We never store full card numbers. We retain your plan, subscription status, invoices metadata, and Stripe customer identifiers.
  • Support and communications. Messages you send to our support, sales, security, or privacy addresses.

3. How We Use Your Information

We use personal data to provide and secure the Service: to authenticate you, host and render your demos, process AI Skill jobs you request, deliver analytics and leads to demo owners, bill subscriptions and meter AI credits, prevent abuse and enforce rate limits, provide support, and send essential service emails such as security notices and billing receipts. We also use aggregated, de-identified usage data to improve product reliability and performance.

We do not sell personal data, and we do not use your demo content or your viewers’ data for third-party advertising.

4. AI Processing

When you invoke an AI Skill—for example generating captions, suggesting hotspots, redacting sensitive data, writing narration scripts, translating a demo, or answering a viewer question—the relevant demo content is sent to Anthropic, our AI model provider, for processing. Content is only sent when you (or a viewer using the grounded Q&A assistant on a published demo) trigger a Skill. Under our agreement with Anthropic, content submitted through the API is not used to train their models. Each AI job is logged with its input, output, and credit cost so you can audit exactly what was processed.

5. Service Providers and Subprocessors

We share personal data only with service providers that help us run the Service, under contracts that restrict their use of the data:

  • Amazon Web Services and Cloudflare R2 — object storage and delivery of screenshots, thumbnails, narration audio, and exports.
  • Stripe — payment processing, subscription management, and invoicing.
  • Anthropic — AI processing of demo content when AI Skills are invoked.
  • Managed Redis hosting — background job queues, rate limiting, and short-lived session state.

We may also disclose data where required by law, to protect the rights and safety of our users, or as part of a corporate transaction such as a merger or acquisition (in which case this policy will continue to apply to previously collected data).

6. Cookies and Similar Technologies

We use a small number of essential and preference cookies to keep you signed in, protect against cross-site request forgery, remember your language and active workspace, and measure demo views with an anonymous, hashed viewer identifier. For the full list, see our Cookie Policy.

7. Data Retention

We keep account data for as long as your account is active. Demo content, analytics, and leads are retained until you delete them or delete the demo they belong to. Raw analytics events are retained for up to 24 months, after which they may be aggregated. Encrypted backups are retained for up to 30 days. When you delete your account or organization, we delete or de-identify associated personal data within 30 days, except where we must retain records to comply with legal, tax, or accounting obligations.

8. International Data Transfers

Our infrastructure is operated in the United States and the European Union. Where personal data originating in the EEA, UK, or Switzerland is transferred to countries that have not received an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable), together with technical safeguards such as encryption in transit and at rest.

9. Legal Bases for Processing

Where the GDPR applies, we process personal data on the following bases: performance of our contract with you (providing the Service); our legitimate interests (securing the Service, preventing abuse, improving reliability); your consent (where required, for example preference cookies); and compliance with legal obligations (tax and accounting records).

10. Your Rights

Depending on where you live, you may have the right to access, correct, delete, or receive a portable copy of your personal data; to restrict or object to certain processing; to withdraw consent at any time; and to lodge a complaint with your local supervisory authority. To exercise any of these rights, email privacy@demogenius.ai. We will respond within 30 days. If you appear in a demo or submitted a lead form on a customer’s demo, we may refer your request to that customer, who controls the data.

11. Data Security

All traffic to the Service is encrypted with TLS. Stored provider credentials are encrypted at rest with AES-256-GCM. Access to customer data is organization-scoped and role-based, private assets are served through short-lived signed URLs, and important organization actions are recorded in audit logs. Our automatic redaction Skill can detect and blur emails, phone numbers, API keys, and card-like numbers in captured screenshots before publishing. You can read more on our Security page.

12. Children’s Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify account owners by email or through an in-product notice at least 14 days before the changes take effect. The date at the top of this page shows when it was last revised.

14. Contact Us

Questions, requests, or concerns about privacy—including GDPR requests and data processing agreements—can be sent to our Data Protection Officer at privacy@demogenius.ai.