Legal
Privacy Policy
This policy explains what personal data Demo Lab collects, why we collect it, and the choices you have. It covers both of our products: self-guided interactive demos and our AI demo agents.
Last updated:
1. Who we are
Demo Lab (“Demo Lab”, “we”, “us”, or “our”) operates a product-demo platform at demolab.dev. We help go-to-market teams capture, edit, and share interactive product walkthroughs, and run AI agents that surface the right demo to website visitors.
For personal data we collect from our customers’ account holders, Demo Lab acts as a data controller. For personal data contained within demos, captures, and agent conversations that our customers create and manage, we act as a data processor on our customers’ behalf — they decide what is captured and shared.
2. Scope of this policy
This policy applies to:
- Our marketing website and documentation.
- The Demo Lab web dashboard, where customers create and manage demos.
- The Demo Lab Chrome capture extension.
- The embeddable demo player and AI demo agent surfaced on customer sites.
It does not cover third-party websites that embed our player or agent. Those sites are governed by their own privacy policies.
3. Information we collect
Account & profile data. When you sign up — including via Google sign-in — we collect your name, email address, and authentication identifiers. We do not store your password; authentication is handled by our infrastructure provider.
Demo content you create. When you use the Chrome extension or HTML capture, we store the screenshots and HTML snapshots of the screens you choose to capture, along with the steps, hotspots, chapters, branching logic, and variables you add. You control what you capture — avoid capturing screens that contain personal or sensitive data you do not intend to share.
Usage & diagnostic data. We collect logs, device and browser information, IP address, and product-usage events to operate, secure, and improve the service.
Communications. If you contact support, we keep the messages you send us and our replies.
4. Demo viewers & AI agent visitors
When someone views a shared demo or interacts with an AI demo agent on a customer’s site, we process data on the customer’s behalf:
- Analytics events — step views, branch choices, hotspot clicks, completions, and drop-offs. These are tied to a demo session, not to yourDemo Lab account.
- Personalization variables (e.g. first name, company) passed in a share link. These are resolved at view time and are not stored inside the demo.
- AI agent conversations — the messages you exchange with an agent, the assets it shows you, and, where you provide them, lead details (such as an email or a meeting request). Each session produces a summary and intent signals that the customer’s sales team can read.
The demo player runs sandboxed and does not use cookies, localStorage, or sessionStorage on the sites where it is embedded. If you are a demo viewer or agent visitor and wish to exercise your rights, please contact the company whose product you were exploring; we will assist them as their processor.
5. How we use information
- To provide, maintain, and secure the service.
- To capture, store, render, and personalize demos.
- To power AI demo agents, including assembling prompts and retrieving the relevant demos and documents for each conversation.
- To produce analytics and session summaries for our customers.
- To detect, prevent, and investigate abuse, fraud, and security incidents.
- To respond to support requests and send service-related notices.
- To comply with legal obligations.
We do not sell personal data, and we do not use the contents of our customers’ demos or agent conversations to train third-party AI models.
6. Legal bases (GDPR)
Where the GDPR applies, we rely on the following legal bases:
- Contract — to provide the service you or your organization signed up for.
- Legitimate interests — to secure, analyze, and improve the service, balanced against your rights.
- Consent — where required, for example certain cookies or marketing communications. You may withdraw consent at any time.
- Legal obligation — to comply with applicable law.
8. Subprocessors
We rely on a small set of infrastructure and AI providers:
- Supabase — database, authentication, and storage of demo content and account data.
- Anthropic — the AI model provider that powers our AI demo agents. Conversation content is sent to Anthropic to generate responses and is not used to train its models.
- Hosting & CDN providers — to serve the application, player, and agent.
Each subprocessor is bound by data-protection obligations consistent with this policy. We will keep this list current as our vendors change.
10. Data retention
We retain account data for as long as your account is active. Demo content, analytics, and agent sessions are retained while the owning account exists or until the customer deletes them. When an account is closed, we delete or anonymize associated personal data within a reasonable period, except where we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements.
11. Security
We protect data with encryption in transit, access controls, row-level security on our database so each workspace’s data is isolated, and least-privilege handling of secrets. No method of transmission or storage is perfectly secure, but we work to protect your data and to notify you of material incidents as required by law.
12. International transfers
We may process and store data in countries other than your own, including the United States. Where required, we use appropriate safeguards — such as the European Commission’s Standard Contractual Clauses — to protect data transferred internationally.
13. Your rights
Depending on where you live, you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights for data we control, contact us using the details below. If your data was provided through a customer’s demo or agent, we will route your request to that customer as the controller.
You also have the right to lodge a complaint with your local data-protection authority.
14. Children's privacy
Demo Lab is a business tool not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.
15. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Continued use of the service after an update means you accept the revised policy.
16. Contact us
Questions about this policy or your data? Reach us at privacy@demolab.dev.