Who She's For

Use Cases

Features

View All
View All
View All

Demi

Privacy Policy

Effective Date: January 1, 2026

At Demi (“Demi”, “we”, “our” or “us”), your privacy is our priority. We are committed to handling your personal information responsibly and in compliance with all applicable privacy laws, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and related provincial laws. This Privacy Policy (this “Policy”) explains what personal data we collect, how we use and protect it, and the choices and rights you have. Our aim is to be transparent and use clear, supportive language so you feel confident about how your information is managed.

This Policy applies to your use of our hellodemi.ai website, Demi AI services, and any related applications or platforms (collectively, the “Services”). For the purposes of this Policy, “you” or “User” means any individual or entity accessing and/or using any of our Services.  

This Policy does not cover any third-party websites or services that may be linked from our Services – those have their own privacy practices. By using any of our Services, you agree to the practices described in this Privacy Policy. If you have any questions or need clarifications, please contact us at [email protected] – we’re here to help.

If you do not consent to the collection, use and disclosure of your personal information in accordance with this Policy, do not provide us with any personal information. You also have the right to withdraw your consent to our collection, use and disclosure of your personal information at any time upon reasonable, advance notice. However, you cannot withdraw your consent retroactively. It is important to note that most of our Services can only be provided if we receive the required personal information from you. Consequently, should you choose not to provide us with the required personal information, we may be unable to offer these Services to you.

INFORMATION WE COLLECT

Personal Information You Provide: When you interact with our Services, you may provide certain personal information, for example:

  • Account Information: If you create an account, we collect profile details like your name, email address, associated organization, and password. If your account is provided through your employer or another organization, we associate your profile data with that organization.
  • Content and Conversations: We collect any information you input into our Services. This includes the questions you ask our AI partner and the content of your chats or files you upload (collectively, the “User Content”). User Content may occasionally include personally identifiable information. For example, your User Content may include a colleague’s first name and/or other work-related details.
  • Communication Information: If you contact us (via email, support chat, etc.), we collect your contact details and the content of your communications in order to respond to you.
  • Financial Information: If you purchase or subscribe to certain Services, we collect credit card information, purchase order numbers or any other payment information for billing purposes.

Information Collected Automatically: Like most services, we automatically collect some technical data when you use any of our Services:

  • Usage and Device Data: This includes your device type, browser, Internet Protocol (IP) address, date/time of visits, and how you navigate or use our features. We use cookies and similar technologies to remember your preferences and improve your experience. For example, keeping you logged in or understanding which features are most helpful. You can adjust your browser settings to refuse cookies, though some features of our Service may not function properly without them.

We do not knowingly collect personal information from anyone under 18 years of age, and all of our Services are intended for adult professionals. If you are under 18 years of age, please do not use any of our Services or provide any personal data. If we learn that a minor’s personal data has been collected, we will delete it promptly.

HOW WE USE YOUR INFORMATION

We collect and use your personal information with your consent and as needed to provide our Services. The primary purposes for which Demi uses your information include:

  • Providing and Personalizing the Service: We use your inputs and feedback to generate responses, insights, and recommendations tailored to you. For example, our AI analyzes the context of your questions and past conversations to give relevant, personalized guidance. We only use the information you provide to deliver the AI experience and related features you initiate.
  • AI and Machine Learning: Demi uses artificial intelligence to assist you, but we do not use your personal data to train our underlying AI models or any third-party models. The content of your conversations is processed to generate answers and improve your experience, but we remove or anonymize personal identifiers whenever feasible. For instance, our Services may retain only first names or generic labels instead of full identities when analyzing chat data for improvement purposes, ensuring that personally identifiable information is stripped out or obfuscated in our AI training and testing processes. In other words, your conversation data may help us make our Services smarter and more helpful, but only in a de-identified, aggregated form that cannot be linked back to you. Importantly, any third-party AI platform that helps power our Services is contractually prohibited from using your data for their own purposes, such as training their models.
  • Service Improvement and Research: We continually work to improve Demi. We may use usage data, feedback, and anonymized conversation insights to debug issues, develop new features, and enhance the quality and accuracy of our AI’s responses. For example, understanding commonly asked questions or aggregate trends can help us make Demi’s tips more relevant. Any research or analytics we perform on chat content will use data that has been stripped of personal identifiers and combined with other data, so it cannot identify you personally.
  • Communication: We may use your contact information to send service-related updates or respond to your inquiries. For instance, if you request a demo or ask a question, we’ll use your email to provide you with information or support. We may also send you newsletters or product updates, but only if you have opted in to receive them – you can unsubscribe at any time.
  • Security and Fraud Prevention: Information such as device data or usage patterns may be used to monitor for suspicious activities, prevent fraud, and ensure the security of our platform. This includes using automated tools to detect misuse, such as prohibited content in AI queries, and to protect our users and systems.
  • Legal Compliance: Where necessary, we will use or disclose information to comply with legal obligations. For example, to respond to a court order or investigate misuse of the Services. We only do this when required by law or when we believe in good faith that such processing is necessary to protect our rights, your safety, or the safety of others.
  • No Automated Decision-Making with Legal Effects: Demi’s AI may assist with decision-making by providing you suggestions, but there are no fully automated decisions made about you that have legal or significant effects without human intervention. You always have the choice whether or not to follow Demi’s suggestions, and you can ask for a human review of any AI-driven outcome that concerns you.

AI DATA PRACTICES AND PRIVACY

We want to be transparent about how our AI features work with your data. Demi’s AI is powered by advanced language models, which generate responses based on the input you give. Here are key points about our AI data practices:

  • Consent for AI Features: We will only use your data for AI guidance purposes with your understanding and consent. By asking our AI a question or engaging with our  AI, you are effectively consenting to have that content processed by our AI in order to get a helpful answer. If we ever introduce new AI features that use your data in additional ways, we will seek your permission. For example, an optional feature that analyzes your uploaded documents for insights would clearly ask you to activate it beforehand. We will not use your personal information for any new purpose without your consent, unless required by law.
  • Anonymization and Minimal Data Collection: We design our AI systems with privacy by default. This means we try not to collect more personal data than we need. Whenever possible, personal identifiers (names, emails, etc.) in your inputs are either not stored, truncated, or replaced with generic placeholders in our system. For example, if you share a scenario involving “Alice in HR”, we may retain “Alice” simply as a first name context but not her full identity. We do exceptionally keep first names in some cases because using a first name can make AI responses more clear and personalized to your scenario – but we do not keep detailed personally identifying information like last names, contact info, or IDs in the AI training data. All sensitive fields are either omitted or anonymized. Our goal is that any data used to improve our AI or analytics is effectively de-identified and cannot be traced back to any individual.
  • Accuracy and Human Oversight: AI can sometimes make mistakes or produce content that is not 100% accurate. We encourage you to review our AI’s suggestions and use your judgment. Do not rely solely on Demi and its Services for any decisions of significant consequence without double-checking the information. We have humans in the loop for oversight – our team may review anonymized conversation data to ensure quality and that the AI is behaving appropriately. If you ever notice an AI output that seems incorrect or problematic, you can contact us and we’ll look into it and correct any factual inaccuracies in our system about you, to the extent technically feasible. Your feedback helps us make Demi better.
  • Opt-Out of AI Data Use: If, for any reason you are uncomfortable with your information being used to improve our AI, even in anonymized form, please let us know. We respect such requests. Note that if you opt out of data use for improvement, we may still process your data as needed for providing the live service to you, but we will exclude it from any ongoing learning or product enhancement processes.

Data Sharing and Third-Party Sub-Processors

We do not sell your personal information to anyone, ever. We only share your information in a few specific circumstances, always with safeguards to protect your privacy. The types of third parties who may receive personal data (and why) include:

  • Service Providers (Sub-Processors): We use trusted third-party companies and service providers to help us operate our AI and provide our Services to you, including without limitation, cloud hosting providers, data center or server providers, email and communications services, analytics tools, and AI platform providers that supply the underlying large language model capabilities. These third-party companies and service providers act on our behalf and are contractually obligated to handle your data securely and only for our instructed purposes. For instance, if our AI runs on a third-party AI platform, we ensure your input data is transmitted securely and the third-party company or service provider cannot use it to evolve their own models or for any purpose except delivering our Services to you. We maintain strict control over our sub-processors and require them to meet high privacy and security standards such as encryption and compliance with privacy laws. A current list of key sub-processors is available on request for full transparency.
  • Your Organization: If you are using our Services through a corporate subscription or an employer-provided account, we may share certain data about your usage back to the organization administering your access. However, this is typically limited to high-level usage metrics or aggregated insights, not the specific contents of your private conversations. For example, your employer may see how often managers in their team are using Demi or general topic trends by team, not individual users, but we do not disclose identifiable chat content to your employer except in exceptional cases as described in more detail below under Legal and Safety Disclosures. If your organization requires access to your data for an internal investigation or legal reason, they must first make a formal request and demonstrate they have the necessary authority. We will only comply with such requests when validated and lawful. For any questions about how your employer may access or control your data, please contact your organization’s administrator.
  • Legal and Safety Disclosures: We may disclose personal information when we believe it’s necessary to comply with a legal obligation or valid legal process such as a court order, subpoena, or government demand. We may also share information if needed to prevent fraud or abuse, enforce our Terms of Service, or protect the rights and safety of Demi, our users, or others. For example, if content you share with the AI suggests an imminent risk of harm, we may alert appropriate authorities as required by law. We will only make such disclosures in strict accordance with applicable laws and regulations.
  • Business Transfers: If Demi or any of its affiliates are ever involved in a merger, acquisition, investment, or sale of all or part of our business, personal information may be transferred to the parties involved as part of that transaction. If that happens, we will ensure your data remains protected and provide notice to you before it becomes subject to any new privacy policy.

Aside from the above, any information we share with third parties will be in aggregate or de-identified form. We may share aggregated data that cannot identify you personally for purposes like research, marketing, or industry benchmarking. For example, we may publish a statistic stating “75% of Demi users ask about team feedback techniques”. This kind of insight would not reveal any individual’s identity or personal information. We take care to strip out or anonymize personal data before sharing any analytics externally.

Data Retention and Deletion

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law or legitimate business needs. This means:

  • Content and Conversations: By default, we retain the content of your Demi AI chat sessions so that you and our AI can refer back to past context and maintain continuity in the guidance. However, we do not retain these interactions indefinitely. We have retention rules in place. If you use Demi without an account (i.e., anonymously), your session and its data will expire after a set period of inactivity (for example, 30 days) and will be deleted or anonymized. If you do have an account, we retain your chat history for your convenience and to improve your experience, but you have control: you can request to clear your chat history at any time, and we will delete those records from our active systems. Demi also implements periodic clean-ups to delete or anonymize older data that is no longer needed. We ensure we do not keep personal data longer than necessary for providing the service or as required for legal compliance
  • Account Information: We keep your account registration details while your account is active. If you decide to close your account or if your organization’s contract with us ends, we will delete or anonymize the personal information associated with your account within a reasonable time frame. In some cases, we may retain minimal information (for example, email address or transaction records) after account deletion if required for legal, accounting, or record-keeping purposes, but we will either securely archive it or anonymize it when possible. Any retained data remains subject to this Policy and applicable law.
  • User-Controlled Deletion: We believe you should have the ability to control your data. You can request to delete your data, such as AI chat inputs/outputs, at any time by reaching out to [email protected]. Once deleted, those records will no longer be visible to you or our AI. We will also remove them from our production systems and refrain from using them in any future analysis or model improvements. Please note that deletion may not be instantaneous from all backups, but our systems are designed to purge deleted content permanently in due course.
  • Backup and Archives: We perform regular backups of our systems to ensure resilience. This means copies of your data may exist in secure backup storage for a short period even after deletion. We restrict access to backups and only retain them for a limited retention period before they are overwritten or deleted in the normal backup cycle. We will not restore personal data from backups except as needed for disaster recovery or as required by law.

After the applicable retention period has elapsed, or upon your request, we either securely delete or irreversibly anonymize your personal information. If we anonymize data, we remove identifying details so that the data can no longer be linked to you. Anonymized data may be used for legitimate business purposes, such as improving our Services or compiling usage statistics, without further notice because it is no longer personal information.

Data Security Measures

We understand that the security of your data is vital. Demi is built with strong security safeguards to protect your personal information from unauthorized access or disclosure. Here are some key aspects of our security program:

  • Encryption: All data exchanged with our Services is encrypted in transit using industry-standard protocols (HTTPS/TLS). This means that when your data is sent between your device and our servers, it is protected from eavesdropping. We also encrypt personal data at rest when stored in our databases or servers, so that it’s unreadable to anyone without proper authorization. In short, whether your data is moving or staying in storage, we take steps to keep it encrypted and secure.
  • Access Controls: We implement strict access controls and a “need-to-know” policy for any personal data. Only authorized personnel who require access to support you or maintain the system can see your information, and even then, only what’s necessary for their task. Our staff are trained on privacy obligations and are bound by confidentiality agreements. We also employ role-based access and auditing – meaning we limit each team member’s system permissions to the minimum needed, and we keep logs of who accesses sensitive systems. This helps prevent and detect any unauthorized access.
  • Security Certifications and Practices: We follow industry best practices for security. Our infrastructure and processes align with leading standards. For example, we adhere to guidelines compatible with SOC 2 and ISO 27001 frameworks for data security. We undergo regular security assessments and penetration tests to continually improve our defenses. We also require our third-party service providers to implement robust security measures. All our cloud and AI vendors must meet strict data protection requirements and treat your data in accordance with the law and our instructions.
  • Monitoring and Prevention: We employ tools to monitor our systems for potential vulnerabilities or intrusions. Unusual activity or access patterns trigger alerts for our security team to investigate. We also utilize measures like firewalls, network segmentation, and malware detection to guard against external threats. For example, if someone tried to access your account in an unusual way, we may detect and block it, and possibly notify you as an added precaution.
  • Password Protection: Our passwords are stored in a one-way encrypted (hashed and salted) form, not in plain text. This means even we cannot read your password. Always choose a strong, unique password and keep it secret. If you use third-party login (single sign-on), we rely on that provider’s secure authentication.
  • Incident Response: In the unlikely event of a data breach or security incident affecting your personal information, we will act promptly. We have an incident response plan and will notify you and the appropriate regulatory authorities without undue delay when required by law. Our goal is to be transparent and help you take any necessary steps to protect yourself in the event of an incident.

While we strive to protect your data with all these measures, it’s important to note that no system can be guaranteed 100% secure. However, we continuously review and update our security practices to meet evolving threats and to earn your trust in protecting your information.

Your Rights and Choices

Demi and its Services are designed to put you in control of your personal information. Under PIPEDA and other privacy laws, you have several important rights regarding your data, and we want to make it easy for you to exercise them. These rights include:

  • Right to Access: You have the right to know if we are processing personal information about you and to request a copy of the information we hold about you. In plain language, you can ask us, “What data do you have about me?” and we will provide you with a summary of your personal data in our records (subject to some security verification and any legal limitations). This typically includes things like your account information and any stored chat content associated with your account.
  • Right to Correction: If any of your personal information is inaccurate or incomplete, you have the right to request a correction or update. For example, if you notice your name or contact information is wrong in our system, let us know and we will fix it. We want to ensure your data is accurate.
  • Right to Deletion (“Right to be Forgotten”): You can ask us to delete the personal information we have about you at any time. For instance, if you no longer wish to use Demi, you can request that we delete your account and all associated personal data. We will honour such requests except where retention is required by law or absolutely necessary for our legitimate business purposes. For example, we may need to keep a record of a transaction for financial reporting, or retain some information to comply with a legal obligation. We will inform you if any data cannot be fully deleted and why.
  • Right to Withdraw Consent: Where we are processing your data based on your consent (for example, if you consented to receive newsletters or allowed us to use your chats for improving AI), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we already did, but it means we will stop the specific activity you no longer consent to. For instance, if you opt out of allowing your anonymized data to be used for AI training improvements, we will stop including it going forward. If you opt out of marketing emails, we will stop sending them.
  • Right to Object or Restrict Processing: In certain jurisdictions, you have the right to object to our processing of your data or ask us to limit it. For example, you can object to the use of your data for direct marketing or analytics. You can also request that we restrict processing if you contest the data’s accuracy or have another issue. We will accommodate such requests in line with applicable laws. For instance, if you are in Canada and have a specific concern, we will work with you to address it, even though Canadian law may not explicitly call it “objection,” PIPEDA allows you to withdraw consent to certain uses, which we will treat as an objection.
  • Non-Discrimination: We will never penalize or discriminate against you for exercising your privacy rights. Using your rights (like requesting deletion or opting out of certain processing) will not affect your access to the Services other than as needed to comply with your request. For example, if you ask us to delete all your data, we obviously cannot continue providing your account since we won’t have the data needed to operate it – but we will let you know if that’s the case and discuss alternatives before proceeding.

To exercise any of these rights, you can contact us at [email protected]. We may provide self-service tools for some requests (for example, an account settings page to download your data or delete your account), but you can always reach out to us directly and we will be happy to assist. We may need to verify your identity before fulfilling certain requests – this is to protect your privacy and ensure we don’t give your data to an unauthorized person. Verification may be done by confirming information we already have on file, for instance.

We will respond to your requests as quickly as possible, and at most within the timeframe required by law. If you have any concerns or are not satisfied with our response, you have the right to complain to the relevant privacy regulator. In Canada, this would be the Office of the Privacy Commissioner. We would appreciate the chance to address your concerns first, so please feel free to reach out to us with any issue – we are committed to resolving any privacy questions in a fair and transparent way.

International Data Transfers

Demi is a Canada-based service, but we may process and store data in other countries to operate effectively. For example, our servers or cloud providers may be located in the United States or other jurisdictions. This means your personal information may be transferred to and stored on servers outside of your home province or country, including in the U.S. or potentially the European Union. Rest assured, no matter where your data is processed, we apply the same high standards of privacy protection described in this Policy. If we transfer data internationally, we take steps to ensure appropriate safeguards are in place. These may include using services in countries deemed to have adequate privacy laws or implementing standard contractual data protection clauses approved by regulators. Our goal is to make sure your data is protected to the level required under Canadian law (and other applicable laws) wherever it is. By using our Service, you consent to this transfer of information to facilities which may be outside of your country of residence.

Updates to This Policy

We may update this Privacy Policy from time to time as our services or legal requirements evolve. If we make material changes, we will notify you by posting the updated policy on our website and updating the “Effective Date” at the top. For significant changes, we may also provide a more prominent notice (such as a banner on our site or an email notification). We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of Demi after any changes signifies your acceptance of the updated terms.

Contact Us

We’re here to help and answer any questions you have about your privacy. If you have questions about this Privacy Policy or our data practices, please reach out to us:

By understanding this Privacy Policy, you’re taking an important step in protecting your data and partnering with us in our mission to provide a valuable AI experience in a privacy-conscious way.

Thank you for trusting Demi with your personal information!