Legal
This Privacy Notice for Meet Demi Inc. (doing business as Demi) describes how and why we might access, collect, store, use, and/or share your personal information when you use our services, including when you visit meetdemi.app, use the Meet Demi app, or engage with us in other related ways.
Financial tools built around the cycles of women.
Questions or concerns? Contact us at dani@meetdemi.com.
What personal information do we process? Information depending on how you interact with us, your choices, and the products and features you use.
Do we process sensitive personal information? Yes — financial data, health data (cycle information), and account login credentials, with your consent.
Do we collect information from third parties? Yes — financial account data from your bank via Plaid Technologies, Inc., with your explicit authorisation.
How do we process your information? To provide services, personalise your experience, maintain security, and comply with law.
Do we share personal information? Only with service providers (Plaid, Stripe, Anthropic, PostHog, Sentry) who process data on our behalf. We never sell your data.
How do we keep your information safe? AES-256 encryption for stored credentials, TLS for data in transit, Row Level Security on all databases.
How do you exercise your rights? Visit meetdemi.com/contact or email dani@meetdemi.com.
We collect personal information that you voluntarily provide when you register on the Services, express interest in our products, participate in activities, or contact us. This includes:
When necessary, with your consent or as otherwise permitted by applicable law, we process the following sensitive categories:
We may collect data necessary to process your payment. All payment data is handled and stored by Stripe, Inc. You may find their privacy notice at stripe.com/privacy. We do not store your card numbers on our own servers.
We offer the option to register using your Google account. If you choose to do this, we will collect certain profile information (name, email address, profile picture) from Google. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We automatically collect certain information when you visit or use the Services. This includes:
We also collect information through cookies and similar technologies. See Section 4 for details.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
We may use cookies and similar tracking technologies to gather information when you interact with our Services. We use:
We do not use advertising cookies, targeting cookies, or social media tracking cookies.
Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject cookies, though this may affect certain features of the Services.
PostHog — Product analytics. We use PostHog to understand how Demi is used so we can improve it. PostHog captures events such as page views, feature usage (e.g. connecting a bank, running an AutoDemi session, creating a scenario or goal), and account lifecycle events (sign-up, sign-in, account deletion). PostHog sets first-party cookies and writes to your browser's local storage to maintain an anonymous device identifier and session state. You can opt out at any time using PostHog's user opt-out mechanism (see PostHog's privacy documentation) or by enabling your browser's "Do Not Track" / "Global Privacy Control" signal, which Demi forwards to PostHog.
No advertising cookies. Demi does not use advertising cookies, retargeting pixels, social-media tracking cookies, or third-party ad networks. Your financial data is never shared with advertisers.
Sentry — Error monitoring. We use Sentry to capture application errors and crashes so we can fix bugs quickly. Sentry may record technical session metadata (browser, OS, route, stack traces, request URLs, and limited breadcrumbs of UI interactions) to reproduce errors. Sentry is configured to scrub request bodies and known sensitive fields — it does not capture your bank credentials, Plaid access tokens, account numbers, balances, transactions, or any other personally identifiable financial data.
Yes. As part of our Services, we offer AutoDemi — an AI-powered financial assistant powered by artificial intelligence, machine learning, and natural language processing.
We provide AutoDemi through Anthropic (Claude API). Your input, output, and relevant personal information will be shared with and processed by Anthropic to enable your use of AutoDemi. You must not use AutoDemi in any way that violates Anthropic's terms or policies.
AutoDemi is designed for the following functions: natural language processing, AI insights, and AI predictive analytics.
All personal information processed using AutoDemi is handled in line with this Privacy Notice and our agreement with Anthropic. We never include raw transaction amounts, account numbers, or routing numbers in the AI context window — only aggregated summaries.
You can opt out of AI-based personalisation at any time by:
When personalisation is disabled, AutoDemi will respond without including your personal financial context.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law.
No purpose in this notice will require us keeping your personal information for longer than twelve (12) months past the termination of your account.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it, or, if this is not possible, we will securely store it and isolate it from any further processing until deletion is possible.
We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process, including:
However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
We do not knowingly collect, solicit data from, or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years old.
If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data. If you become aware of any data we may have collected from children under age 18, please contact us at dani@meetdemi.com.
You may review, change, or terminate your account at any time.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us using the details in Section 14. Please note that this will not affect the lawfulness of the processing before its withdrawal.
You can unsubscribe from our marketing and promotional communications at any time by clicking the unsubscribe link in the emails we send, or by contacting us using the details in Section 14. We may still communicate with you for service-related purposes.
To review or change the information in your account, log in to your account settings and update your user account. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. We may retain some information in our files to prevent fraud, troubleshoot problems, or comply with applicable legal requirements.
If you have questions or comments about your privacy rights, you may email us at dani@meetdemi.com.
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.
California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognising or honouring DNT signals, we do not respond to them at this time. If a standard is adopted that we must follow in the future, we will inform you in a revised version of this Privacy Notice.
If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you, correct inaccuracies, get a copy of, or delete your personal information.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, email address, IP address, account name, unique personal identifier | YES |
| B. California Customer Records | Name, contact information, financial information | YES |
| C. Protected characteristics | Age (18+ requirement verified at signup) | YES |
| D. Commercial information | Transaction information, purchase history, subscription details | YES |
| E. Biometric information | Fingerprints and voiceprints | NO |
| F. Internet or network activity | Browsing history, search history, online behaviour | NO |
| G. Geolocation data | Approximate device location (IP-based, for tax calculation) | YES |
| H. Audio, electronic, sensory | Images, audio, video recordings | NO |
| I. Professional or employment | Employment history, job title | NO |
| J. Education information | Student records | NO |
| K. Inferences | Financial archetype profile derived from quiz responses and financial behaviour | YES |
| L. Sensitive personal information | Account login credentials, financial information including account access details, health data (menstrual cycle) | YES |
We only collect sensitive personal information as defined by applicable privacy laws, for the purposes allowed by law or with your consent. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you beyond what is described in this notice.
We will use and retain collected personal information for the duration of your account, plus 12 months following account termination, for all categories above.
To exercise these rights, visit meetdemi.com/contact or contact us using the details at the bottom of this document. We will consider and act upon any request in accordance with applicable data protection laws.
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. If we cannot verify your identity from information already maintained by us, we may request additional information for security or fraud-prevention purposes.
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at dani@meetdemi.com. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.
California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes. If you are a California resident and would like to make such a request, please submit your request in writing using the contact details in Section 14.
Yes, we will update this notice as necessary to stay compliant with relevant laws. The updated version will be indicated by an updated date at the top of this Privacy Notice. If we make material changes, we may notify you either by prominently posting a notice or by directly sending you a notification. We encourage you to review this Privacy Notice frequently.
If you have questions or comments about this notice, you may email us at dani@meetdemi.com or contact us by post at:
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.
To request to review, update, or delete your personal information, please visit: meetdemi.com/contact
06 How Do We Handle Your Social Logins?
Our Services offer you the ability to register and log in using your Google account. When you do this, we will receive certain profile information including your name, email address, and profile picture.
We will use this information only for the purposes described in this Privacy Notice. We are not responsible for other uses of your personal information by Google. We recommend reviewing Google's privacy policy to understand how they collect, use, and share your personal information.