DLDemo Lab

Legal

Privacy Policy

This policy explains what personal data Demo Lab collects, why we collect it, and the choices you have. It covers both of our products: self-guided interactive demos and our AI demo agents.

Last updated:

1. Who we are

Demo Lab (“Demo Lab”, “we”, “us”, or “our”) operates a product-demo platform at demolab.dev. We help go-to-market teams capture, edit, and share interactive product walkthroughs, and run AI agents that surface the right demo to website visitors.

For personal data we collect from our customers’ account holders, Demo Lab acts as a data controller. For personal data contained within demos, captures, and agent conversations that our customers create and manage, we act as a data processor on our customers’ behalf — they decide what is captured and shared.

2. Scope of this policy

This policy applies to:

  • Our marketing website and documentation.
  • The Demo Lab web dashboard, where customers create and manage demos.
  • The Demo Lab Chrome capture extension.
  • The embeddable demo player and AI demo agent surfaced on customer sites.

It does not cover third-party websites that embed our player or agent. Those sites are governed by their own privacy policies.

3. Information we collect

Account & profile data. When you sign up — including via Google sign-in — we collect your name, email address, and authentication identifiers. We do not store your password; authentication is handled by our infrastructure provider.

Demo content you create. When you use the Chrome extension or HTML capture, we store the screenshots and HTML snapshots of the screens you choose to capture, along with the steps, hotspots, chapters, branching logic, and variables you add. You control what you capture — avoid capturing screens that contain personal or sensitive data you do not intend to share.

Usage & diagnostic data. We collect logs, device and browser information, IP address, and product-usage events to operate, secure, and improve the service.

Communications. If you contact support, we keep the messages you send us and our replies.

4. Demo viewers & AI agent visitors

When someone views a shared demo or interacts with an AI demo agent on a customer’s site, we process data on the customer’s behalf:

  • Analytics events — step views, branch choices, hotspot clicks, completions, and drop-offs. These are tied to a demo session, not to yourDemo Lab account.
  • Personalization variables (e.g. first name, company) passed in a share link. These are resolved at view time and are not stored inside the demo.
  • AI agent conversations — the messages you exchange with an agent, the assets it shows you, and, where you provide them, lead details (such as an email or a meeting request). Each session produces a summary and intent signals that the customer’s sales team can read.

The demo player runs sandboxed and does not use cookies, localStorage, or sessionStorage on the sites where it is embedded. If you are a demo viewer or agent visitor and wish to exercise your rights, please contact the company whose product you were exploring; we will assist them as their processor.

5. How we use information

  • To provide, maintain, and secure the service.
  • To capture, store, render, and personalize demos.
  • To power AI demo agents, including assembling prompts and retrieving the relevant demos and documents for each conversation.
  • To produce analytics and session summaries for our customers.
  • To detect, prevent, and investigate abuse, fraud, and security incidents.
  • To respond to support requests and send service-related notices.
  • To comply with legal obligations.

We do not sell personal data, and we do not use the contents of our customers’ demos or agent conversations to train third-party AI models.

7. How we share information

We share personal data only as described here:

  • With our customers — viewer and agent-session data is made available to the customer who owns the demo or agent.
  • With subprocessors — vetted vendors who process data on our behalf under contract (see below).
  • For legal reasons — when required by law, regulation, or valid legal process, or to protect rights, safety, and security.
  • In a business transfer — in connection with a merger, acquisition, or sale of assets, subject to this policy.

8. Subprocessors

We rely on a small set of infrastructure and AI providers:

  • Supabase — database, authentication, and storage of demo content and account data.
  • Anthropic — the AI model provider that powers our AI demo agents. Conversation content is sent to Anthropic to generate responses and is not used to train its models.
  • Hosting & CDN providers — to serve the application, player, and agent.

Each subprocessor is bound by data-protection obligations consistent with this policy. We will keep this list current as our vendors change.

9. Cookies & tracking

Our dashboard uses strictly necessary cookies to keep you signed in and to secure your session. The embeddable demo player is sandboxed and does not set cookies or use browser storage on customer sites; demo analytics are session-based and fire-and-forget. We do not use third-party advertising cookies.

10. Data retention

We retain account data for as long as your account is active. Demo content, analytics, and agent sessions are retained while the owning account exists or until the customer deletes them. When an account is closed, we delete or anonymize associated personal data within a reasonable period, except where we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements.

11. Security

We protect data with encryption in transit, access controls, row-level security on our database so each workspace’s data is isolated, and least-privilege handling of secrets. No method of transmission or storage is perfectly secure, but we work to protect your data and to notify you of material incidents as required by law.

12. International transfers

We may process and store data in countries other than your own, including the United States. Where required, we use appropriate safeguards — such as the European Commission’s Standard Contractual Clauses — to protect data transferred internationally.

13. Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights for data we control, contact us using the details below. If your data was provided through a customer’s demo or agent, we will route your request to that customer as the controller.

You also have the right to lodge a complaint with your local data-protection authority.

14. Children's privacy

Demo Lab is a business tool not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

15. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Continued use of the service after an update means you accept the revised policy.

16. Contact us

Questions about this policy or your data? Reach us at privacy@demolab.dev.