Privacy Policy

Last updated: 12 May 2026

DemoOS ("we", "us", "our") operates the demo coaching platform at getdemoos.com (with a related property at roastmydemo.com). This policy explains what personal information we collect, how we use it, and your rights.

1. Information We Collect

The information we collect depends on how you use the service.

• Account information (signed-in users): Name and email address from your Google account when you sign in.
• Google Calendar data (signed-in users who connect calendar): Calendar event titles, times, descriptions, and attendees, used to identify upcoming demos. We request the narrowest scopes that work for the feature: calendar.events.readonly to read events on your primary calendar and calendar.app.created to add prep blocks on a secondary calendar that the app itself creates. We do not access calendar lists, ACL data, settings, or any calendar you have not explicitly shared.
• Demo preparation and reflection data: Answers you provide during demo prep and reflection flows, including self-assessments and habit selections.
• Uploaded transcripts: Demo transcripts you upload for AI-powered scoring and analysis.
• Roast My Demo (anonymous): Transcripts pasted or uploaded via roastmydemo.com or /roast. We collect your team size and (optionally) an email address if you choose to receive the full report. Anonymous use creates no account.
• Usage data: Standard request logs (IP, user agent, timestamps) for security and operations. Logs are retained for 30 days.

2. How We Use Your Information

• Authentication: Verify your identity and provide access.
• Calendar sync: Display your upcoming demos and enable structured preparation.
• AI coaching: Generate personalised demo feedback, scoring, and coaching recommendations.
• Roast My Demo: Generate a one-off scored report against the public demo rubric. We may keep an anonymised copy of the score breakdown to improve our scoring model. We do not retrain third-party AI models on your content.
• Service operations: Security, abuse prevention, and reliability.

3. Data Processing and Storage

All personal data and uploaded content is stored on servers located in the European Union (AWS, Frankfurt). AI processing uses provider EU endpoints where available. Your transcripts and personal data do not leave the EU during normal operation.

4. Subprocessors

We share data only with the providers required to operate the service. Each is bound by a Data Processing Agreement.

• Amazon Web Services (AWS): Hosting and infrastructure, EU region only.
• Google: OAuth authentication and Google Calendar access, as authorised by you.
• Anthropic, OpenAI, xAI: Large language model providers used for AI scoring and coaching. EU residency endpoints used where available.
• Cloudflare / Amazon CloudFront: Content delivery and DDoS protection.

5. Data Retention

Account data and content: kept while your account is active or until you delete it. Roast My Demo anonymous reports: kept for 90 days unless you provide an email to claim the result. Logs: 30 days. Backups: 30 days, encrypted, EU region.

6. Your Rights (GDPR)

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (right to erasure)
• Withdraw consent for calendar access at any time
• Export your data in a portable format
• Lodge a complaint with your supervisory authority

7. Revoking Google Access

You can revoke DemoOS's access to your Google account at any time at Google Account Permissions. Revocation prevents future calendar reads and writes; data already retrieved remains in your DemoOS account until you delete the account.

8. Security

TLS in transit, encryption at rest, OAuth tokens stored server-side and never exposed to the browser. Our edge is protected by a managed Web Application Firewall. Database backups are encrypted and stored in EU-region S3.

9. Cookies

We use only essential cookies for authentication and session management. We do not use tracking or advertising cookies.

10. Google API Services User Data Policy

DemoOS's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data accessed via Google Calendar scopes (calendar.events.readonly and calendar.app.created) is used solely to provide the user-facing features described in Section 2 — identifying upcoming demos, creating prep blocks on an app-owned secondary calendar, and generating coaching context. We do not:

• Transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger or acquisition (with continued privacy protection).
• Use Google user data for serving advertisements.
• Allow humans to read Google user data, except (a) with the user's explicit consent for specific messages, (b) for security investigations, (c) to comply with applicable law, or (d) where data is aggregated and anonymised for internal operations.
• Use Google user data to train, fine-tune, or evaluate generalised AI or ML models.

11. Contact

For privacy-related enquiries or data requests, contact us at: privacy@getdemoos.com

Adapted from Automattic's open source legal templates (CC BY-SA 4.0).