Privacy Policy and Data Security

Your privacy is important to us. This Privacy Policy explains how Supademo, Inc. ("Supademo," "Company," "we," "us," or "our") collects, uses, shares, and protects your personal information in connection with our interactive product demo platform and related services ("Services") accessible through https://supademo.com and other sites we operate.

We are committed to respecting your privacy and complying with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy legislation.

Last Updated: August 25, 2025

Quick Navigation: This policy covers our web platform, mobile applications, APIs, and related services. For enterprise customers with Master Service Agreements, additional data processing terms may apply as specified in your contract.

Key Privacy Principles

Our privacy practices are built on these core principles:

  • Transparency: We clearly explain what data we collect and how we use it
  • Purpose Limitation: We only collect data necessary for providing our Services
  • Data Minimization: We limit data collection to what's required for legitimate business purposes
  • Security: We implement robust technical and organizational measures to protect your data
  • User Control: We provide you with meaningful choices about your personal information

Information We Collect

We collect information that you provide directly, information we gather automatically, and information from third-party sources.

Account and Profile Information

When you create an account or use our Services, we collect:

  • Contact Information: Name, email, company name
  • Account Credentials: Email (with SSO login or 2-factor email links)
  • Organization Information: Company details, team member information, workspace settings

Demo Content and User-Generated Content

Our platform enables you to create, share, and manage interactive product demos. This includes:

  • Demo Content: Video recordings, screenshots, HTML capture, hotspot annotations, text, images, and other media you upload
  • Sharing Settings: Privacy levels, access permissions, and sharing configurations
  • Collaboration Data: Comments, feedback, and collaborative editing information
  • Analytics Content: Usage metrics for your demos, viewer engagement data

Important: You retain full ownership of your demo content. We only process this content to provide our Services. Content shared publicly or via embedding may be accessible to anyone with the link based on your sharing settings.

Technical and Usage Information

We automatically collect anonymized, technical information to operate and improve our Services:

  • Device Information: Device type, operating system, browser type and version, screen resolution
  • Network Information: IP address, general location (city/region), internet service provider
  • Performance Data: Load times, error rates, feature adoption, user flows
  • Communication Data: Support tickets, chat logs, email correspondence

Third-Party and Integration Data

We may receive information from third-party services you connect to our platform:

  • Authentication Providers: Data from Google, Microsoft, or other SSO providers
  • Analytics Services: Aggregated insights from Mixpanel and similar tools
  • Integration Partners: Data from CRM, marketing, or productivity tools you connect
  • Payment Processors: Transaction status and billing information

How We Use Your Information

We process your personal information for legitimate business purposes and with appropriate legal bases:

Service Provision and Performance

  • Creating and managing your account and user profile
  • Providing core platform features: demo creation, editing, sharing, and analytics
  • Processing and managing subscriptions
  • Enabling collaboration and team management features
  • Providing customer support and technical assistance
  • Ensuring platform security and preventing fraud

Product Improvement and Analytics

  • Analyzing usage patterns to improve our Services
  • Developing new features and functionality
  • Conducting A/B testing and user experience research
  • Generating aggregated, anonymized analytics and insights
  • Measuring platform performance and reliability

Communication and Marketing

  • Sending service announcements, updates, and security alerts
  • Providing marketing communications (with your consent)
  • Sharing product updates, educational content, and best practices
  • Conducting customer satisfaction surveys and research

Legal and Compliance

  • Complying with legal obligations and regulatory requirements
  • Protecting our rights and interests in legal proceedings
  • Preventing fraud, abuse, and security threats
  • Enforcing our Terms of Service and other policies

Legal Bases for Processing (GDPR)

For users in the European Economic Area, we process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our Services under our Terms of Service
  • Legitimate Interests: Improving our Services, security measures, and business operations
  • Consent: Marketing communications and optional features (withdrawable at any time)
  • Legal Obligation: Compliance with applicable laws and regulations

Data Sharing and Disclosure

We share personal information in the following circumstances:

Service Providers and Subprocessors

We work with trusted third-party service providers who help us operate our platform. Our current subprocessors can be found through our Subprocessors page. Additional information on our data controls and security can be found via our Trust Center.

Business Transfers

If we undergo a merger, acquisition, bankruptcy, or other business transaction, personal information may be transferred as part of that transaction, subject to applicable legal protections.

Legal Requirements

We may disclose personal information when required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

Public Content

Content you choose to share publicly or embed on external websites may be accessible to anyone with the link. You control these sharing settings through your account preferences.

Data Security and Protection

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

  • Encryption: Data encrypted in transit using TLS and at rest using AES-256
  • Access Controls: Role-based access with multi-factor authentication requirements
  • Network Security: Firewalls, intrusion detection, and network segmentation
  • Vulnerability Management: Regular security scans and penetration testing
  • Monitoring: 24/7 security monitoring and incident response capabilities

Organizational Measures

  • Security Training: Regular employee security awareness and privacy training
  • Background Checks: Employment screening for all personnel
  • Incident Response: Documented procedures for security breach response
  • Compliance Audits: Regular SOC 2 Type II examinations and security assessments

Our security posture is validated through independent audits. Our SOC 2 Type II report and security documentation are available in our Trust Center.

AI Features and Data Processing

Our platform includes optional AI-powered features governed by our AI Policy. Key points include:

  • No Training: We do not use your content to train AI models
  • Data Isolation: AI processing occurs within our secure infrastructure
  • Optional Features: AI capabilities are opt-in and can be disabled
  • User Responsibility: You should review AI outputs before use
  • Third-Party Models: We may use third-party AI services with appropriate data protection controls

International Data Transfers

We operate globally and may transfer personal information to countries outside your region. We ensure appropriate safeguards for these transfers:

  • Adequacy Decisions: Transfers to countries with adequate data protection levels
  • Standard Contractual Clauses: EU-approved clauses for transfers from the EEA
  • Binding Corporate Rules: Internal policies ensuring consistent protection standards
  • Certification Schemes: Participation in recognized privacy frameworks

Our primary data processing occurs in the United States with AWS infrastructure. For EEA users, we maintain Standard Contractual Clauses and other appropriate safeguards.

Data Retention

We retain personal information for as long as necessary to provide our Services and fulfill legal obligations:

  • Account Data: Retained while your account is active plus 3 years after account closure
  • Demo Content: Retained according to your account settings and data retention preferences
  • Usage Analytics: Aggregated data retained for up to 7 years for business analytics
  • Support Records: Maintained for 5 years for quality assurance and legal compliance
  • Financial Records: Retained for 7 years to comply with accounting and tax obligations

Upon account deletion, we will delete your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Universal Rights

  • Access: Request information about how we process your personal data
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of your personal information (subject to legal limitations)
  • Data Portability: Receive your personal data in a structured, machine-readable format
  • Opt-Out: Unsubscribe from marketing communications

Additional Rights (GDPR)

  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Consent Withdrawal: Withdraw consent for consent-based processing
  • Supervisory Authority: Lodge complaints with data protection authorities

California Rights (CCPA/CPRA)

  • Know: Categories and sources of personal information collected
  • Delete: Request deletion of personal information
  • Opt-Out: Opt out of sale or sharing of personal information
  • Non-Discrimination: Equal service regardless of privacy rights exercise

Exercising Your Rights: To exercise these rights, contact us at through our support page. We will respond within the timeframes required by applicable law.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze platform usage:

  • Essential Cookies: Required for platform functionality and security
  • Analytics Cookies: Help us understand how users interact with our platform
  • Performance Cookies: Enable us to optimize platform performance
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, including the option to fully turn off cookies. For embedded demos on external websites, we respect the host site's consent mechanisms and provide opt-out controls. Learn more in our Cookie Policy.

Children's Privacy

Our Services are not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected such information, we will delete it promptly.

Enterprise and Business Customers

For enterprise customers with Master Service Agreements, there may be additional provisions for Data Processing (DPA available in our Trust Center), Custom Data Controls, and Data Residency.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will:

  • Notify users of material changes via email and in-platform notifications
  • Provide at least 30 days advance notice for significant changes
  • Update the "Last Updated" date at the top of this policy
  • Maintain previous versions in our Trust Center for reference

Continued use of our Services after policy changes constitutes acceptance of the updated terms.

Compliance and Certifications

We maintain compliance with industry standards and regulations:

  • SOC 2 Type II: Annual compliance audits covering Security trust services criteria
  • GDPR: Full compliance with European data protection requirements
  • CCPA/CPRA: California privacy law compliance
  • ISO 27001: Information security management system certification (planned)
  • Privacy Shield: Framework participation where applicable

Current compliance documentation is available in our Trust Center.

Third-Party Links and Services

Our platform may contain links to third-party websites or integrate with external services. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you use.

Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Investigate and contain the incident promptly
  • Notify relevant authorities within 72 hours where required by law
  • Inform affected users without undue delay
  • Provide clear information about the incident and remediation steps
  • Take measures to prevent similar incidents

Contact Information

For questions about this Privacy Policy or our privacy practices, please contact us:

Supademo, Inc.

651 N Broad St Suite 201
Middletown, DE 19709
United States

Privacy Contact: [email protected]

Trust Center: security.supademo.com

Additional Resources