Privacy Policy
Effective Date: March 30, 2026
At Demur, we take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use, and share your information as described in this Privacy Policy.
Your use of Demur's Services is at all times subject to our Terms of Service. Any terms we use in this Policy without defining them have the definitions given to them in the Terms.
Key points before we get into the details:
- We do not allow third-party AI providers to use your Personal Data to train AI models.
- Audio recordings are processed for transcription and are not retained after transcription is complete, unless you explicitly choose to save a recording.
- Your data is stored in Supabase (PostgreSQL on AWS) infrastructure located in the United States. All data is encrypted at rest and in transit.
As we continually work to improve our Services, we may need to change this Privacy Policy from time to time. We will alert you of material changes by placing a notice on the Demur website, by sending you an email, or by other reasonable means. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.
What This Privacy Policy Covers
This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations. This Privacy Policy does not cover the practices of companies we don't own or control or people we don't manage.
Personal Data
Categories of Personal Data We Collect
| Category | Examples | Shared With |
|---|---|---|
| Profile or Contact Data | First and last name, email address | Service Providers, Parties You Authorize |
| Device / IP Data | IP address, device type, operating system, browser type | Service Providers |
| Web Analytics | Page interactions, referring page/source | Service Providers |
| Professional Data | Job title, employer, professional role | Service Providers, Parties You Authorize |
| Recordings & Transcriptions | Audio recordings and transcriptions of depositions and meetings captured through our Services | Service Providers (ASR processing), Parties You Authorize |
| Documents & Exhibits | Legal documents, exhibits, and other files you upload to the platform | Service Providers, Parties You Authorize |
| Other Voluntarily Provided Data | Case details, speaker labels, notes, chat messages, and any other information you provide through the Services | Service Providers, Parties You Authorize |
Sources of Personal Data
- You— information you provide directly (account registration, uploaded documents, audio recordings) and information collected automatically (device data, usage analytics).
- Third Parties— authentication providers (Google OAuth via Supabase Auth), analytics vendors.
How We Use Your Personal Data
- Providing and Improving the Services— account management, real-time transcription, speaker identification, AI-powered analysis, document processing, and product improvement. We do not allow third-party AI providers to use your Personal Data to train AI models.
- Communicating with You— responding to support requests, sending service-related notices.
- Legal Obligations— complying with applicable law, responding to lawful requests from public authorities.
How We May Disclose Your Personal Data
- Service Providers— we share data with third-party providers who help us operate the Services:
- Supabase— authentication, database, and file storage
- NVIDIA NeMo Parakeet— automatic speech recognition (self-hosted on our infrastructure; audio is not sent to third-party ASR APIs)
- Azure AI Foundry— AI analysis and insight generation (via LiteLLM gateway)
- Modal— backend compute infrastructure
- Vercel— frontend hosting
- Parties You Authorize— other users you share depositions or documents with, your organization if you use a company-provisioned account.
- Legal Requirements— when required by law, regulation, or legal process.
- Business Transfers— in connection with a merger, acquisition, or sale of assets.
Chrome Extension
The Demur Chrome extension (“Remote Legal Intelligence”) captures audio from your browser tab during depositions and meetings for real-time transcription. The extension:
- Only captures audio when you explicitly start a session via the extension's side panel.
- Requires your explicit permission to access your microphone.
- Streams audio directly to our backend for real-time transcription. Audio is processed in memory and is not stored on our servers after transcription is complete, unless you choose to save a recording.
- Detects supported meeting platforms (Google Meet, Zoom, Microsoft Teams) to offer a notification prompt. No data is captured or transmitted until you choose to start a session.
- Stores session state locally in your browser using the Chrome Storage API. This data does not leave your device.
Cookies
We use cookies and similar technologies (local storage, session tokens) to operate the Services:
- Essential Cookies— required for authentication and core functionality.
- Functional Cookies— remember your preferences and settings.
We do not currently use advertising or third-party tracking cookies. You can manage cookies through your browser settings.
Data Storage and Security
Your data is stored in Supabase infrastructure (PostgreSQL on AWS) located in the United States. All data is encrypted at rest and in transit. We implement security measures including row-level security policies, API key authentication, and TLS encryption for all communications.
While we take reasonable measures to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.
Data Retention
- Audio Recordings— processed for transcription in real time. Raw audio is not retained after transcription unless you explicitly save the recording.
- Transcripts and Analysis— retained as long as you maintain an active account. You may delete individual depositions and their associated data at any time.
- Account Data— retained as long as your account is active. Upon account deletion, all associated data is permanently removed.
Personal Data of Children
We do not knowingly collect or solicit Personal Data about children under 16. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us at privacy@getdemur.com.
State Law Privacy Rights
California
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) regarding your Personal Data, including the right to know what data we collect, the right to deletion, and the right to opt out of the sale of your data. We do not sell your Personal Data to third parties.
Nevada
We do not sell Personal Data as defined under Nevada Revised Statutes Chapter 603A.
European Union, United Kingdom, and Swiss Data Subject Rights
If you are located in the EU, UK, or Switzerland, Demur, Inc. is the data controller of your Personal Data. We process your data on the following legal bases:
- Contractual Necessity— to provide the Services you have requested (account management, transcription, document storage).
- Legitimate Interest— to improve the Services, ensure security, and communicate with you.
- Consent— where expressly indicated at the point of collection (e.g., microphone access, optional features).
You have the following rights:
- Access— request a copy of your Personal Data.
- Rectification— request correction of inaccurate data.
- Erasure— request deletion of your data.
- Portability— request a machine-readable export of your data.
- Objection— object to processing based on legitimate interest.
- Withdrawal of Consent— withdraw consent at any time where processing is based on consent.
Your data may be transferred to the United States for processing. To exercise any of these rights, contact us at privacy@getdemur.com.
Contact Information
If you have any questions about this Privacy Policy, please contact us:
Demur, Inc.
Email: privacy@getdemur.com