Privacy Policy

(a) Information you provide. When you create an account, subscribe, or use the Services, we collect information you submit, which may include your email address, password, business name, industry, website, business description, products and services, brand configuration (voice, pillars, channels, target audience), and data source configurations (RSS feeds, social accounts, API keys).

(b) Information collected automatically. When you use the Services, we automatically collect technical data such as your IP address, browser type and version, device type, operating system, pages viewed, actions taken, login timestamps, referring URLs, and similar usage information through cookies and comparable technologies.

(c) Agent-processed data. When AI Agents operate on your behalf, we process and store data including scraped content from your configured data sources, generated briefs and creative outputs, content scores and analysis results, LLM call logs (prompts, model used, token counts, latency), and workflow execution records.

We use personal information to:

• Operate, maintain, and provide the Services, including AI Agent processing and workflow execution;
• Process your data through AI Agents to generate content, analyses, and recommendations;
• Process billing and manage your Subscription through Stripe;
• Improve and develop the Services, including model performance and platform features;
• Send transactional communications (account verification, billing receipts, service updates);
• Detect, prevent, and address fraud, abuse, security issues, or technical problems;
• Comply with legal obligations and enforce our Terms of Service.

This section describes how your data is processed by AI Agents and shared with third-party AI providers.

What is sent to AI providers. When AI Agents execute tasks, portions of your User Content and scraped data are sent to third-party AI model providers (Anthropic and OpenAI) for processing. This includes content to be analyzed or scored, brand guidelines and voice configuration, prompts constructed from your data sources, and contextual data needed for content generation.

What is NOT sent to AI providers. We never send your passwords, payment information, Stripe credentials, or authentication tokens to AI model providers.

AI provider data retention. Anthropic and OpenAI have their own data retention and processing policies. We use API access (not consumer products) which typically provides stricter data handling. We encourage you to review:

• Anthropic’s Privacy Policy and API Terms
• OpenAI’s Privacy Policy and API Terms

Demarly does not control how these providers process data once transmitted. By using the Services, you consent to this data sharing.

We may share personal information with the following categories of third parties:

• AI model providers (Anthropic, OpenAI) — to process data and generate AI Agent outputs;
• Cloud infrastructure (Amazon Web Services, Vercel, Supabase) — to host and operate the Services;
• Payment processing (Stripe) — to manage billing and Subscriptions;
• Data collection services (Apify, Composio) — to scrape and collect data from your configured sources;
• Third parties in a business transfer such as a merger, acquisition, financing, or sale of assets; and
• Legal and safety recipients where required by law or to protect rights, property, or safety.

We do not sell your personal information to third parties for their marketing purposes. We do not share your data for cross-context behavioral advertising.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — Request a copy of the personal data we hold about you;
• Deletion — Request deletion of your personal data, subject to legal retention requirements;
• Portability — Request your data in a structured, machine-readable format;
• Correction — Request correction of inaccurate personal data;
• Opt-out of AI processing — Request that your data not be processed by AI Agents (note: this may limit or prevent use of the Services).

To exercise any of these rights, contact us at sean@demarly.ai. We will respond within the timeframe required by applicable law (typically 30–45 days). We will not discriminate against you for exercising your rights.

We may send you transactional emails related to your Account, including email verification, password resets, billing receipts, and service notifications. These are necessary for the operation of the Services and cannot be opted out of while you maintain an Account.

We may also send product updates and feature announcements. You can opt out of marketing emails at any time using the unsubscribe link in any email. If you provided a phone number, you may receive SMS notifications related to the Services. You can opt out of text messages at any time by replying STOP. Message and data rates may apply.

We use the following categories of cookies:

• Essential cookies — Required for authentication, session management, and CSRF protection. The Services cannot function without these.
• Analytics cookies — Used to understand usage patterns and improve the Services. These collect anonymized data about page views, feature usage, and performance.

We do not use advertising or tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent the Services from functioning properly.

We retain different categories of data for different periods:

• Account data (email, profile, brand config) — Retained while your Account is active, plus 30 days after deletion or termination.
• Agent-generated content (briefs, scores, scraped items) — Retained while your Account is active, plus 30 days after deletion or termination.
• LLM call logs (prompts, token usage, latency) — Retained for 90 days, then deleted.
• Payment records — Retained as required by applicable tax and financial regulations.
• Analytics data — Anonymized and retained indefinitely for aggregate analysis.

We implement reasonable administrative, technical, and organizational safeguards to protect your personal information, including:

• TLS encryption for all data in transit;
• Encryption at rest for stored data;
• Row-level security (RLS) for multi-tenant data isolation, ensuring each tenant can only access their own data;
• Secure authentication via Supabase Auth with JWT verification.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of your Account credentials.

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 in compliance with COPPA. The Services require users to be at least 18 years old.

If we discover that we have inadvertently collected personal information from a child under 13, we will promptly delete that information. If you believe a child has provided us personal information, please contact us at sean@demarly.ai.

The Services are hosted and operated in the United States, primarily using AWS US regions. If you access the Services from outside the United States, your data will be transferred to and processed in the United States. By using the Services, you consent to this transfer.

Where required by applicable law (such as GDPR), we will implement appropriate safeguards for international data transfers, including Standard Contractual Clauses or other approved mechanisms.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Categories of personal information collected: Identifiers (email, IP address), commercial information (subscription history, payment records), internet activity (usage data, login history), and professional information (business name, industry).

No sale of personal information. We do not sell your personal information as defined under the CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising.

Your rights: You have the right to know what personal information we collect and how it is used, request deletion of your personal information, request correction of inaccurate information, and opt out of any future sale or sharing (if applicable). To exercise these rights, contact us at sean@demarly.ai.

We may update this Privacy Policy from time to time. We will post the updated version with a revised effective date. For material changes, we will provide additional notice via email or a prominent notice within the Services at least 30 days before the changes take effect.

Your continued use of the Services after the updated policy takes effect constitutes your acknowledgment of the changes.

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:

• Email: sean@demarly.ai
• Mailing address: 1500 North Grant Street
• Entity: Demarly LLC
• Location: Colorado, United States

This Privacy Policy is governed by the laws of the State of Colorado, without regard to its conflict-of-laws principles.