DemoItDemoIt

Privacy Policy

Last updated: March 2026

1. Introduction

Please read this Privacy Policy ("Privacy Policy") before using our Service, including our website and the DemoIt Chrome extension. This Privacy Policy describes what information we collect, the legal basis for processing it, and how we use and share it. Your use of the Service is subject to our Terms of Service and to this Privacy Policy. DemoIt ("Company," "we," "us") operates the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Terms not defined here have the same meanings as in our Terms of Service.

2. Definitions

  • Cookies are small files stored on your device.
  • Device means a computer or mobile device.
  • Data Controller means the entity that determines the purposes and means of processing personal data. For this Privacy Policy, we are the Data Controller of your data.
  • Data Processors (Service Providers) are parties that process data on our behalf. We may use Service Providers to process your data effectively.
  • Personal Data means data about an identified or identifiable individual.
  • Service means our website, the DemoIt Chrome extension, and the DemoIt dashboard and related applications (e.g. app.demoit.ai).
  • Usage Data is data collected automatically from use of the Service (e.g., page visits, feature usage).
  • User means the individual using our Service.

3. Data Controller

The controller of your Personal Data is DemoIt, contactable at support@demoit.ai. If you have questions about how your data is processed, you may reach us at this address.

4. Information We Collect and Use

We collect information to provide, maintain, and improve our Service.

5. Types of Data Collected

Personal Data

We may collect:

  • Email address
  • First and last name
  • Profile or account information
  • Cookies and usage data
  • IP address

User-Generated Content (UGC)

Screen recordings, demos, videos, and other content you create, upload, or process through DemoIt are UGC. We use UGC only to provide the Service. For example, to produce studio-quality demos, apply audio enhancement, AI avatars, and zooms. We do not use UGC for other purposes without your explicit consent. You control who can access and share your UGC. You are responsible for ensuring that any personally identifiable information (PII) you include in UGC is lawfully provided.

Usage Data

We collect information about how you use our website, extension, and dashboard, such as pages viewed, time on page, and feature usage, to improve the Service and user experience.

Third-Party Sign-In

If you sign in through a third-party provider (e.g., Google), we may receive your email, name, and profile picture to enable login and personalize your experience.

6. Legal Basis for Processing

We process your Personal Data only when we have a valid legal basis under applicable law (including GDPR Article 6). The table below describes the purposes and corresponding legal bases:

PurposeLegal Basis
Providing and maintaining the Service (including processing your recordings via AI)Contractual necessity: required to deliver the Service you signed up for
Facilitating sign-in and account managementContractual necessity
Analyzing usage and interaction patterns to improve the ServiceLegitimate interest: improving product quality and user experience
Sending service-related notifications and updatesLegitimate interest: keeping you informed about changes that affect your use
Providing customer supportContractual necessity / legitimate interest
Processing paymentsContractual necessity
Using cookies for authentication and essential functionalityContractual necessity (essential cookies)
Using analytics cookies (Mixpanel, PostHog, GA)Consent (where required by applicable law)

7. How We Use Your Data

DemoIt uses the collected data to:

  • Provide and maintain the Service: including processing and rendering your screen recordings and demos.
  • Facilitate sign-in and personalize your experience across the website, extension, and dashboard.
  • Improve the Service: by analyzing usage and interaction patterns.
  • Notify you about changes to the Service.
  • Provide customer support: including account and technical assistance.

8. AI Processing and Third-Party AI Providers

DemoIt uses third-party AI services to process your recordings and deliver core features. When you use the Service, portions of your content (audio, video, or text) may be sent to the following providers:

ProviderPurpose
HeyGenAI avatar generation
ElevenLabsText-to-speech voiceover and speech-to-text
OpenAITranscript generation and script rewriting

These providers process your content solely to deliver the requested feature and are bound by their respective terms of service and privacy policies. Under certain providers' default API terms, content submitted may be used to improve their models unless an opt-out is in effect. We are actively working toward securing zero-retention and no-training agreements with all AI providers. We recommend that you avoid including sensitive personal information in your recordings where possible.

We do not use your recordings, scripts, or other UGC to train DemoIt's own models or any third-party models.

9. Cookies

We use cookies and similar technologies to support the Service. Our cookies fall into the following categories:

CategoryPurposeExamples
EssentialRequired for authentication, security, and core functionality. The Service cannot operate without these.Session tokens, CSRF tokens
AnalyticsHelp us understand how you use the Service so we can improve it. These track page views, feature usage, and interaction patterns.Google Analytics, Mixpanel, PostHog

We do not use marketing or advertising cookies. When you first visit our site, a cookie consent banner lets you accept or reject non-essential (analytics) cookies. You can change your preference at any time by clearing the demoit_cookie_consent entry in your browser's localStorage and refreshing the page.

10. Data Storage

We store customer data on Google Cloud Platform (GCP) infrastructure. Data is primarily stored in the United States. Where we transfer Personal Data outside the European Economic Area (EEA), we do so in line with applicable law and, where required, using appropriate safeguards such as Standard Contractual Clauses (SCCs).

11. Consent

We rely on your explicit consent for non-essential data processing activities (such as analytics cookies, where required by law). You may withdraw your consent at any time by contacting us at support@demoit.ai or by adjusting your cookie preferences through our consent banner. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

For processing activities based on contractual necessity or legitimate interest (see Section 6), separate consent is not required, but you may exercise your rights as described in Section 15.

12. Data Breach

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR. We will also inform affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

13. Retention

We retain your data for the following periods:

  • User-generated content (recordings, demos, guides): deleted within 30 days of account deletion or content removal.
  • Account data (name, email, profile): retained for up to 90 days after account deletion to allow for recovery, then permanently deleted.
  • Usage and analytics data: retained in aggregated or anonymized form for up to 24 months to improve the Service.
  • Payment records: retained as required by tax and financial regulations (typically 7 years).

If you request deletion of your data under Section 15, we will process your request within 30 days, subject to any legal obligations that require us to retain certain records.

14. Transfer and Disclosure of Data

Your information may be processed in countries other than your own. We ensure that such transfers are subject to appropriate safeguards and that your data is protected in line with this Privacy Policy. We may disclose Personal Data: (a) when required by law or valid requests by public authorities; (b) in connection with a merger, acquisition, or asset sale; (c) to affiliates, service providers, and contractors who support our business under strict obligations; (d) to fulfill the purpose for which you provided it; or (e) with your consent. We do not sell your Personal Data.

15. Your Rights

GDPR Rights (EEA Users)

If you are in the European Economic Area (EEA) or another jurisdiction that grants these rights, you may:

  • Access: request access to or copies of your personal data.
  • Rectification: have inaccurate or incomplete data corrected.
  • Erasure: request deletion of your personal data.
  • Objection: object to our processing of your personal data.
  • Portability: receive your data in a structured, commonly used format.
  • Restriction: request restriction of processing in certain circumstances.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.

CCPA/CPRA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you additional rights:

  • Right to know: request what personal information we collect, use, disclose, and sell.
  • Right to delete: request deletion of your personal information.
  • Right to opt-out of sale: we do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights.
  • Right to correct: request correction of inaccurate personal information.
  • Right to limit use of sensitive personal information: direct us to limit our use of your sensitive personal information to what is necessary.

To exercise any of these rights, contact us at support@demoit.ai. We will respond within 30 days (GDPR) or 45 days (CCPA/CPRA). We may need to verify your identity before processing your request. Note that we may not be able to provide the Service without certain necessary data.

16. Service Providers and Sub-Processors

We use the following third-party service providers to operate and improve the Service. These providers have access to your data only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.

ProviderPurposeData Processed
Google Cloud Platform (GCP)Infrastructure and data storageAll service data
KelviqPayment processing (merchant of record)Payment and billing information
HeyGenAI avatar generationVideo and audio content
ElevenLabsText-to-speech and speech-to-textAudio content and text
OpenAITranscript generation and script rewritingText and transcript data
MixpanelProduct analyticsUsage data and events
PostHogProduct analyticsUsage data and events
Google AnalyticsWebsite analyticsUsage data, IP address (anonymized)

17. Payments

We use Kelviq as our merchant of record for paid plans. Kelviq handles all payment processing, invoicing, and sales tax compliance. We do not store or collect your full payment card details; that information is provided directly to Kelviq, whose use of your information is governed by their privacy policy.

18. Security

We implement industry-standard measures to protect your data against unauthorized access, alteration, or disclosure. No method of transmission or storage over the internet is completely secure; we strive to use commercially reasonable means to protect your information.

19. Third-Party Links

Our Service may contain links to other sites. We are not responsible for the content or privacy practices of third-party sites. We encourage you to read their privacy policies.

20. Children's Privacy

Our Service is not directed at children. We do not knowingly collect personal information from children under 16 (as required by GDPR) or under 13 (as required by COPPA in the United States). If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at support@demoit.ai so we can delete it.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and indicate the date of the last update. For material changes, we will notify you via email or a prominent notice within the Service before the changes take effect. Your continued use of the Service after changes are posted constitutes acceptance of the revised Privacy Policy.

22. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, contact us at support@demoit.ai. See also our Terms of Service and Refund Policy.

For GDPR-related requests or complaints, you also have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

← Back to DemoIt