Legal
Privacy Policy
1. Summary
This policy describes what information demoit.live (“we,” “us”) collects, why we collect it, who we share it with, and what rights you have. We try to keep things minimal: we collect the data we need to run the Service, prevent abuse, and bill paid customers, and not much more.
We are not in the business of selling personal data, and we do not.
2. What we collect
Account information. When you create an account, we collect your email address. If you sign up via a social identity provider through our authentication partner, we receive the email address and any basic profile fields you have authorized that provider to share.
Uploaded content. When you upload an HTML file, we store the file and the metadata you provide about it (slug, visibility setting, password if you set one, custom domain if you configure one). We do not inspect the content of your files except in response to an abuse report or legal request.
Billing information. If you upgrade to a paid plan, our payment processor collects your billing details (name, billing address, payment instrument). We receive a customer ID and limited billing metadata (plan, invoice status, last four digits of the card); we do not store full card numbers on our systems.
Technical data. When you or your visitors use the Service, our infrastructure receives standard request metadata: IP address, user-agent string, referrer, request path, response status, and timestamps. We use this for rate limiting, abuse detection, capacity planning, and troubleshooting. IP addresses are retained for a limited period and then aggregated or discarded.
Usage analytics. We collect aggregate, non-identifying statistics about how the Service is used (page views, feature usage, approximate geography of visitors) to improve the product.
Error reports. When the Service encounters an unexpected error, our error-tracking service records a redacted snapshot (stack trace, request path, user ID if available) so we can diagnose and fix the issue.
3. Why we collect it
- To operate the Service: serving your mockups, authenticating your account, processing payments.
- To prevent abuse: rate limits, fraud detection, investigation of abuse reports.
- To communicate with you: transactional emails about your account, billing receipts, and important changes to the Service. We do not currently send marketing email.
- To improve the Service: aggregate analytics and error reports help us prioritize fixes and features.
- To comply with law: we may retain or disclose information in response to valid legal process or to protect rights, safety, or property.
4. Service providers
We rely on a small number of third-party processors to run the Service. Each receives only the data needed to perform its function and is bound by its own privacy commitments.
- Clerk — authentication and account management. Receives your email and authentication metadata. Clerk Privacy Policy.
- Stripe — billing and payment processing for paid plans only. Receives the billing information necessary to process payments. Stripe Privacy Policy.
- Cloudflare — hosting, CDN, DDoS protection, and DNS. Receives request metadata for all traffic to the Service. Cloudflare Privacy Policy.
- Turso — managed SQLite database. Stores account records and mockup metadata. Turso Privacy Policy.
- Sentry — error tracking. Receives redacted error reports so we can diagnose problems. Sentry Privacy Policy.
We do not share your personal data with any party outside this list for that party’s own marketing purposes.
5. Retention
We retain your account information and uploaded content for as long as your account is active. When you delete your account, your mockups are removed from the Service and your account record is marked for deletion. Some metadata (billing records, abuse-report history) may be retained for a limited additional period to satisfy legal, accounting, or anti-abuse requirements.
Cached copies of public mockups may persist briefly in our CDN after deletion until cache entries expire. Request logs and analytics are retained for a limited period and then aggregated or discarded.
6. Your rights
You have the right to access, correct, export, and delete the personal information we hold about you. You can manage most of this directly from your account settings: update your email, change your password, delete individual mockups, or delete your entire account. For requests that cannot be handled in-app, email privacy@demoit.live and we will respond within a reasonable time.
If you are located in a jurisdiction with specific privacy rights (such as the European Union, the United Kingdom, or California), those rights apply to your data and you may exercise them through the same channel. We will not discriminate against you for exercising a privacy right.
7. Cookies and similar technologies
On the application domain (demoit.live) we set a
session cookie from our authentication partner to keep you signed
in. We may set additional small cookies for security purposes (for
example, to mitigate cross-site request forgery).
On the content domain (demoitusercontent.com), where
your mockups are served, we set no cookies. This
is a deliberate part of our content-domain isolation: the domain
that runs user-uploaded HTML has zero access to your demoit.live
session, and visitor traffic to mockups cannot be cross-correlated
with your demoit.live account via cookies.
Mockups you upload may set their own cookies, run their own analytics, or otherwise behave like any other static site. That behavior is determined entirely by the content you uploaded; we do not inject scripts.
8. Security
We use industry-standard measures to protect your data: encryption in transit (TLS), encryption at rest for our database, scoped access controls for our team, and routine logging and alerting on unusual access. No system is perfectly secure; you can help by choosing a strong unique password and keeping your login email account secured.
If we become aware of a security incident that materially affects your data, we will notify you in accordance with applicable law.
9. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact privacy@demoit.live and we will delete it.
10. International transfers
Our infrastructure and our processors operate globally. By using the Service, you understand that your data may be processed in countries other than the one where you reside. Where required, we rely on standard contractual clauses or equivalent legal mechanisms to transfer personal data internationally.
11. Changes to this policy
We may update this policy from time to time. The “last updated” date at the top of this page reflects the most recent change. Material changes will be communicated by email or via a notice on the Service. Continued use of the Service after a change constitutes acceptance of the updated policy.
12. Contact
Privacy questions and requests should be sent to privacy@demoit.live. For general legal matters, contact legal@demoit.live. To report abusive content, use our report form or email abuse@demoit.live.