Privacy Policy

DemoShield ("Company," "we," "us," or "our") operates the DemoShield Chrome browser extension (the "Extension"), the website at demoshield.app (the "Website"), and related API services (collectively, the "Service").

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data. This policy applies to all users of the Service, including visitors to our Website.

By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

This Privacy Policy should be read alongside our Terms of Service.

2.1 Account Information

When you create an account, we collect the following through our authentication provider, Clerk:

• Email address
• Full name
• Profile image URL (if provided via your authentication provider, such as Google)

If you sign in using a third-party provider (e.g., Google), we receive the information authorized by that provider, typically limited to your name, email address, and profile photo.

2.2 Billing Information

When you subscribe to a paid plan, Stripe collects and processes your payment information directly. We do not receive, store, or have access to your full credit card number or bank account details. We receive from Stripe:

• Stripe customer ID
• Subscription ID and status
• Plan type and billing period dates
• Payment failure notifications

2.3 User-Created Content

We store the obfuscation rules you create, which include:

• CSS selectors targeting specific page elements
• URL patterns defining which pages rules apply to
• Obfuscation mode (blur, replace, or randomize)
• Replacement text values (for replace mode)
• Rule descriptions and display names

2.4 Usage Data

We automatically collect:

• AI feature usage counts (number of AI calls, tokens consumed)
• AI request cost calculations for plan limit enforcement
• Rule and domain counts for plan limit enforcement
• Account creation and update timestamps

2.5 AI Session Data

When you use the AI setup assistant, we temporarily process:

• DOM element information from your selected page region (tag names, class names, IDs, ARIA labels, data attributes)
• Visible text content of selected elements (up to 500 characters per element)
• Detected data type classifications (e.g., email addresses, phone numbers, currency values, dates, URLs, names)
• Page URL and title of the page being analyzed
• Your conversation messages during the setup session

2.6 Error and Diagnostic Data

When errors occur, we may collect:

• Error messages and stack traces
• Error context (API route, action being performed)
• Error type classification
• Associated user ID (if the user is authenticated)
• Timestamp of the error

Error logs are used for debugging, improving service reliability, and identifying systemic issues. They may be shared with administrators via email notifications for critical errors.

2.7 Information We Do Not Collect

The Extension and Service are designed to minimize data collection. We do not collect:

• Browsing history or general web activity
• Page content from websites you visit (unless you explicitly select a region for AI analysis)
• Passwords, form inputs, or saved credentials
• Cookies from other websites or services
• Device identifiers or browser fingerprints
• Location data
• Content from other browser extensions
• Analytics or tracking data (we do not use third-party analytics services, advertising trackers, or tracking pixels)

We use the information we collect to:

We do not sell, rent, or trade your personal information. We do not use your data for advertising, profiling, or marketing purposes beyond direct communication about the Service.

This section provides specific details about how data is processed when you use DemoShield's AI features, given the sensitivity of the data involved.

4.1 Data Flow

When you use the AI setup assistant:

1. You select a region on a web page by drawing a rectangle
2. The Extension captures DOM element information (structure, attributes, visible text) from the selected area
3. The Extension detects potential data types in the text (emails, phone numbers, currency, etc.) using client-side pattern matching
4. This analysis is sent via HTTPS to our backend API at demoshield.app
5. Our backend forwards the analysis to Anthropic's Claude API with a system prompt that instructs the AI never to echo sensitive data values
6. Claude returns suggested obfuscation rules, which are sent back to the Extension

4.2 What Anthropic Receives

Anthropic receives the DOM analysis and conversation history for each AI request. This may include text content from web pages you are analyzing. Anthropic processes this data under their commercial API terms, which prohibit using customer data to train their models.

4.3 AI Data Retention

• On our servers: AI request and response content is not persistently stored. We log usage metadata only (token count, cost, timestamp, user ID).
• On Anthropic: Data is processed according to Anthropic's data retention policies. Under their commercial API terms, request data is not used for model training and is retained for a limited period for safety and abuse monitoring purposes only.
• In the Extension: Conversation history is held in memory only during the active AI setup session and is cleared when you exit setup mode or close the Extension panel.

4.4 BYOK (Bring Your Own Key)

Lifetime plan users can provide their own Anthropic API key. When BYOK is enabled:

• Your API key is stored locally in the Extension's Chrome storage
• The key is transmitted to our backend via HTTPS for each AI request
• Our backend uses your key to make the Anthropic API call and does not store or log your key
• AI usage is billed directly to your Anthropic account

The DemoShield Chrome Extension requests the following browser permissions. We believe in transparency about why each permission is needed:

The Extension does not read or transmit data from websites you visit unless you explicitly initiate an AI analysis of a selected region. When demo mode is active, the Extension reads the DOM solely to find elements matching your saved CSS selectors and apply visual modifications.

We share your data only with the following third-party service providers, and only to the extent necessary to operate the Service:

6.1 Clerk (Authentication)

• Data shared: Email address, name, profile image, authentication events
• Purpose: User registration, sign-in, session management, and token verification
• Policy: Clerk Privacy Policy

6.2 Stripe (Payments)

• Data shared: Email address, user ID (in metadata), plan selection
• Purpose: Payment processing, subscription management, invoicing
• Note: Stripe handles all credit card data directly. We never receive or store your full card number.
• Policy: Stripe Privacy Policy

6.3 Anthropic (AI Processing)

• Data shared: DOM analysis, conversation history, page URL and title (during AI sessions only)
• Purpose: AI-powered obfuscation rule generation
• Note: Anthropic's commercial API does not use customer data for model training
• Policy: Anthropic Privacy Policy

6.4 Turso (Database)

• Data shared: All persistently stored data (account info, rules, usage logs, error logs)
• Purpose: Database hosting and storage
• Policy: Turso Privacy Policy

6.5 Resend (Email)

• Data shared: Recipient email addresses, team invite details, error notification context
• Purpose: Sending team invitation emails and admin error notifications
• Policy: Resend Privacy Policy

6.6 Other Disclosures

We may disclose your information if required to do so by law, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email or prominent notice on our website of any change in ownership or uses of your personal information.

7.1 Local Storage (Extension)

The following data is stored locally in your browser via Chrome's extension storage API:

• Obfuscation rules (CSS selectors, URL patterns, modes, replacement text)
• Extension settings (default blur amount, number variance)
• Cached user profile (email, name, plan tier)
• Demo mode state (on/off)
• API key (if using BYOK, stored in Chrome's secure storage)

Local data remains on your device and is not transmitted unless you sync rules to our cloud or use AI features.

7.2 Cloud Storage (Backend)

The following data is stored in our Turso database:

• Account information (email, name, profile image URL)
• Synced obfuscation rules
• Subscription and billing metadata
• Team membership and invitation records
• AI usage metrics (call counts, token usage, costs)
• Error logs
• Webhook processing records

7.3 Data Location

Our infrastructure is hosted in the United States. By using the Service, you consent to the transfer and processing of your data in the United States and any other country where our service providers operate.

8.1 Account Deletion

When your account is deleted (either by you or through our administrative process), we perform the following:

• Your email is overwritten with a non-identifiable placeholder
• Your name and profile image URL are permanently removed
• A minimal record is retained for referential integrity of billing records as required by law

Depending on your jurisdiction, you may have the following rights regarding your personal data:

9.1 General Rights

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Export your rules as JSON through the Extension at any time
• Restriction: Request that we restrict processing of your personal data in certain circumstances
• Objection: Object to processing of your personal data where we rely on legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw your consent at any time

9.2 GDPR (European Economic Area)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority. Our legal bases for processing are outlined in Section 3.

9.3 CCPA (California)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to know: What personal information we collect, use, and disclose
• Right to delete: Request deletion of your personal information
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights
• No sale of data: We do not sell your personal information to third parties

9.4 Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

Our Website and Service use a minimal set of cookies, exclusively for functional purposes:

• Clerk authentication cookies: Session cookies used to maintain your logged-in state. These are strictly necessary for the Service to function and cannot be disabled.

We do not use:

• Third-party analytics cookies (no Google Analytics, Mixpanel, etc.)
• Advertising or marketing cookies
• Tracking pixels or web beacons
• Social media tracking cookies
• Cross-site tracking of any kind

The Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 18, please contact us at [email protected].

Our Service is operated in the United States. If you are accessing the Service from outside the United States, your data will be transferred to, stored in, and processed in the United States and other countries where our service providers operate.

For users in the EEA, UK, or Switzerland, we rely on the following transfer mechanisms where applicable:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Service provider certifications (e.g., our subprocessors' compliance frameworks)
• Your explicit consent to the transfer

Data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information as described in this section.

We implement industry-standard security measures to protect your data, including:

• All data transmitted between the Extension, our backend, and third-party services is encrypted in transit using TLS/HTTPS
• Authentication is managed by Clerk with secure session management and JWT tokens with short expiration periods (60 seconds)
• Payment processing is handled by Stripe, a PCI DSS Level 1 certified provider
• Webhook endpoints verify cryptographic signatures to prevent spoofing (Svix for Clerk, Stripe signature for payment events)
• All API endpoints require authentication with ownership verification
• Administrative access is restricted to designated super-admin accounts
• Stripe webhook processing is idempotent to prevent duplicate operations

While we take reasonable measures to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the "Last updated" date at the top of this page
• We will notify you by email for significant changes that affect how we handle your data
• We may provide additional notice through the Service or Extension

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.