← DemoCritic

Privacy Policy

Last updated: 27 April 2026

1. Who we are

DemoCritic is operated by DemoCritic Ltd ("we", "us", "our"). We provide an AI-powered pitch coaching and diagnostic platform for B2B sales founders. If you have questions about this policy, contact us at privacy@democritic.co.

2. What data we collect

We collect the following categories of personal data:

  • Account data: your email address and password hash when you create an account.
  • Payment data: billing name and card details processed by Stripe. We never store your raw card number.
  • Voice session data: audio is streamed live to Deepgram for transcription. We store the resulting text transcript, not the raw audio, in our database.
  • Usage data: session duration, FIND scores, and practice history so we can show you your improvement over time.
  • Diagnostic data: answers you provide in the free pitch diagnostic and your email if you choose to receive your report.
  • Technical data: IP address, browser type, and access timestamps collected in server logs.

3. How we use your data

  • To provide and improve the DemoCritic service.
  • To score your sessions and generate AI feedback using Anthropic's Claude API.
  • To send you your diagnostic report and account-related emails via Resend.
  • To process subscription payments and extra-minute purchases via Stripe.
  • To enforce plan limits (e.g. monthly minutes cap, custom persona limits).
  • To investigate abuse or security incidents.

We do not sell your personal data to third parties.

4. Legal basis for processing (UK GDPR)

  • Contract: processing necessary to deliver the service you signed up for.
  • Legitimate interests: fraud prevention, security monitoring, and product analytics.
  • Consent: marketing communications, where we ask separately.

5. Third-party services

We share data with the following processors under data processing agreements:

  • Supabase — database hosting (EU region)
  • Anthropic — AI response generation (your transcript excerpts are sent per session)
  • Deepgram — real-time speech-to-text transcription
  • Stripe — payment processing
  • Resend — transactional email delivery
  • Vercel — application hosting

6. Data retention

  • Account and session data is retained for as long as your account is active.
  • On account deletion, your personal data is erased within 30 days except where we are required by law to retain it (e.g. billing records for 7 years).
  • Diagnostic reports submitted without an account are retained for 12 months.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request erasure ("right to be forgotten").
  • Object to or restrict processing.
  • Receive your data in a portable format.
  • Lodge a complaint with the ICO at ico.org.uk.

To exercise any of these rights, email privacy@democritic.co.

8. Cookies

We use session cookies necessary for authentication. We do not use advertising or tracking cookies. No cookie consent banner is required for strictly necessary cookies under UK PECR.

9. Security

All data in transit is encrypted via TLS. Database access is restricted to authenticated server-side processes. We follow OWASP secure development practices and conduct regular dependency audits.

10. Changes to this policy

We will notify you by email if we make material changes to this policy. The "last updated" date at the top of this page will always reflect the most recent revision.
Questions? Email privacy@democritic.co · Terms of Service