← Back to Demokaze

Security & Data Handling

How we handle public URLs, generated videos, and your account data.

How it works

Demokaze only supports public URLs. When you paste a URL, Demokaze takes a screenshot of the public page, sends it to our AI model to script a walkthrough, then records a real browser session. The output is an MP4 video stored temporarily on our servers. We do not ask for product credentials and we do not log into private or authenticated pages.

Responsible public-URL use

Demokaze is designed for public launch pages, changelogs, docs, and marketing pages. Only generate launch assets for pages you have the right to showcase, critique, compare, or use in your own launch materials. Do not use generated videos to impersonate another company, imply endorsement, or misrepresent a product.

Data encryption

All data is encrypted in transit via TLS 1.3. Videos are stored on encrypted persistent volumes. API requests are authenticated and validated before processing.

Data retention

Generated videos are retained for 30 days, then automatically deleted. You can delete your videos at any time from the demo result page or by contacting support with the demo ID. Screenshots used during generation are cached in memory for up to one hour and are never persisted to disk.

Data we process

  • Page screenshots — sent to Anthropic's Claude API for analysis. Anthropic does not train on API inputs.
  • Generated videos — stored on encrypted persistent volumes. Automatically deleted after 30 days.
  • IP addresses — used for rate limiting only, not stored long-term.

Infrastructure

  • Demokaze runs on Railway (EU/US regions)
  • Video generation happens in isolated Docker containers
  • Each recording session uses a fresh browser instance that is destroyed after completion
  • Videos stored on encrypted persistent volumes
  • All traffic served over HTTPS/TLS 1.3
  • No client-side analytics or tracking pixels

Access control

Authentication is handled by Clerk. We never store passwords. Payment processing is handled by Stripe — we never see or store credit card numbers. API access is gated by authenticated keys, and all generation requests are validated and rate-limited.

Third-party processors

ServicePurposeData shared
Anthropic (Claude)AI script generationPage screenshots
RailwayHosting & video storageGenerated videos
ClerkAuthenticationEmail, OAuth profile
StripePayment processingPayment details (handled by Stripe)
UpstashRate limitingHashed IP addresses

What we don't do

  • We don't sell data to third parties
  • We don't use your generated videos for AI training
  • We don't access authenticated pages or private content
  • We don't store cookies or session tokens from recorded sites
  • We don't track users across sites

GDPR & privacy

We process minimal personal data. Video generation requires only a public URL. We do not track users across sites. You can request data deletion at any time by emailing hello@demokaze.com.

Compliance

  • GDPR compliant — EU data subject rights supported
  • CCPA compliant — California privacy rights supported
  • SOC 2 Type II — on our roadmap
  • DPA available on request for enterprise customers

Responsible disclosure

If you discover a security vulnerability, please report it to hello@demokaze.com. We take all reports seriously and will respond within 48 hours.

Peace of mind

  • 14-day money-back guarantee on Pro, no questions asked
  • Cancel anytime, no long-term contract
  • Delete your demos anytime from the result page
  • Email support with 24-hour response time for Pro users

Questions?

If you have security questions or need a DPA for your organization, contact us at hello@demokaze.com