← DemoCriticPrivacy Policy
Last updated: May 2026
This Privacy Policy explains how DemoCritic, operated by Vibeitup Ltd registered at Ernest Websdale House, London, IG110FX ("we", "us", "our"), collects, uses, and protects your personal data when you use democritic.co. Our data controller contact: hello@democritic.co
1. What Data We Collect
Data you provide directly:
- Email address — when completing the diagnostic or creating an account
- Name — when creating an account
- Payment information — processed securely by our payment provider. We never store card details.
- Session transcripts — text transcripts of your practice sessions
- FIND scores and debrief content — your practice performance data
- Custom buyer personas — configurations you create in the persona builder
- Live call audio — when using DemoCritic Live, system audio from your device is captured in real time, transcribed by our speech recognition provider, and analysed by our AI provider. Audio is not stored — only the transcript is retained.
Data collected automatically:
- IP address and browser type — for security
- Pages visited — via anonymised website analytics
- Session metadata — duration, call stage, persona selected
Data we do not collect:
- Raw audio recordings are not stored after real-time processing
- We do not sell your data to third parties
- We do not use your data to train AI models without explicit consent
2. How We Use Your Data
| Purpose | Legal basis |
|---|
| Providing practice sessions and FIND scoring | Contract performance |
| Sending transactional emails from hello@democritic.co | Contract performance |
| Processing payments via our payment provider | Contract performance |
| Sending your diagnostic report to your email | Legitimate interest |
| Improving the product using anonymised usage patterns | Legitimate interest |
| Complying with legal obligations | Legal obligation |
3. Third-Party Processors
We use the following services. Each is bound by a data processing agreement:
| Service | Purpose |
|---|
| Database provider (EU hosted) | Database — stores your account, sessions, and scores |
| AI language model provider | Generates AI buyer responses and FIND scoring |
| Speech recognition provider | Real-time speech-to-text during sessions |
| Voice synthesis provider | Text-to-speech for AI buyer voices |
| Payment processor | Payment processing — handles all payment data |
| Email delivery provider | Transactional email delivery from hello@democritic.co |
| Website hosting provider | Website hosting and anonymised analytics |
4. Data Retention
| Data type | Retention period |
|---|
| Account data (name, email) | Until account deletion or deletion request |
| Session transcripts and scores | Until account deletion or deletion request |
| Payment records | 7 years (legal requirement) |
| Diagnostic leads (email only) | 12 months or until unsubscribe |
| Analytics data (anonymised) | 24 months |
5. Your Rights Under UK GDPR
- Right of access — request a copy of all personal data we hold
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your personal data
- Right to restriction — request we limit how we use your data
- Right to data portability — receive your data in machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent
To exercise any right: email hello@democritic.co. We respond within 30 days. You may also complain to the ICO at ico.org.uk.
6. Cookies
| Cookie | Purpose |
|---|
| Session cookie (authentication) | Keeps you logged in — essential |
| Payment processor cookies | Fraud prevention during checkout — essential |
| Website analytics | Anonymous usage analytics — functional |
We do not use advertising cookies or track you across other websites. See our Cookie Policy for full details.
7. Security
- All data transmitted over HTTPS (TLS 1.2+)
- Database hosted on EU servers with row-level security
- Passwords hashed using bcrypt
- Payment data handled entirely by our payment provider — we never see card numbers
- Speech recognition sessions use temporary scoped tokens — permanent keys never reach the browser
8. International Transfers
DemoCritic is hosted on EU infrastructure. Some of our third-party processors process data in the United States. We rely on Standard Contractual Clauses for transfers outside the UK.
9. Children
DemoCritic is not intended for persons under 16. If you believe we have collected data from a child, contact
hello@democritic.co immediately.
10. Contact
- Email: hello@democritic.co
- Website: democritic.co
- Address: Ernest Websdale House, London, IG110FX
We respond to all requests within 5 working days and within the statutory 30-day period.