1. Introduction and Scope

Welcome to CrispDemo. This Privacy Policy explains how helpful bits GmbH ("Company," "we," "us," or "our") collects, uses, discloses, and protects information about you when you use our CrispDemo desktop application, website located at www.crispdemo.com, and related services (collectively, the "Services").

CrispDemo is an AI-powered desktop video editing application for macOS and Windows that enables users to create polished demo videos from raw recordings through a chat-first interface. The application provides AI-driven video editing, voice dictation for prompts, and knowledge base functionality through integration with multiple third-party AI providers.

By accessing or using our Services, you agree to this Privacy Policy and our Terms of Service. If you do not agree with this Privacy Policy, please do not use our Services.

We reserve the right to modify this Privacy Policy at any time. We will notify you of material changes by updating the "Effective Date" above and, where appropriate, by sending you an email notification or displaying a prominent notice within our Services. Your continued use of the Services after any changes indicates your acceptance of the updated Privacy Policy.

2. Company Information

CrispDemo is operated by helpful bits GmbH, a German limited liability company (Gesellschaft mit beschränkter Haftung) organized under German law, offering services to users in the United States, European Union, European Economic Area, and United Kingdom.

For users in the European Union and European Economic Area, helpful bits GmbH serves as the data controller responsible for your personal information collected through the Services.

For users in the United States, helpful bits GmbH operates subject to applicable U.S. federal and state privacy laws, including state-specific privacy regulations described in Section 10 of this Privacy Policy.

3. Territorial Scope and Geolocation Controls

Our Services are available only to users physically located in authorized territories: the United States, the European Union (EU), the European Economic Area (EEA), and the United Kingdom (UK).

3.1 Geolocation Information Collection

We collect and process geolocation information to verify that you are accessing our Services from an authorized territory. This information is collected:

• When you first access our Services
• Periodically during your use of the Services to ensure continued compliance
• Through IP address analysis and device location services

3.2 Use of Geolocation Information

We use geolocation information solely for the following purposes:

• Verifying that users are accessing Services from authorized territories
• Blocking access from unauthorized territories
• Detecting and preventing circumvention of territorial restrictions
• Complying with legal obligations and licensing restrictions

3.3 Access Restrictions

If our geolocation controls determine you are accessing the Services from outside authorized territories, we will:

• Block your access to the Services
• Display a notice explaining the territorial restriction
• May suspend or terminate your account if circumvention is detected

Use of VPNs, proxies, or other technologies to circumvent our geolocation controls is prohibited under our Terms of Service and may result in immediate account termination.

4. Notice at Collection: Information We Collect

We collect several categories of information from and about users of our Services. The following table provides a comprehensive overview of the personal information we collect, the sources from which we collect it, the purposes for which we use it, and whether we disclose it to third parties.

Note: We do not collect sensitive personal information such as Social Security numbers, driver's license numbers, financial account information (processed by payment processors), precise geolocation data, racial or ethnic origin, religious beliefs, genetic data, biometric data for identification purposes, health information, or information about sex life or sexual orientation.

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Provision of Services

• Operating and maintaining the CrispDemo application and services
• Processing your video projects, text inputs, and voice recordings through AI providers
• Generating AI responses, video edits, and dictation transcriptions
• Managing your video projects and knowledge base
• Synchronizing data across your devices
• Providing video editing functionality and rendering

5.2 Account and Billing Management

• Creating and maintaining your account
• Authenticating your identity
• Processing credit purchases
• Verifying payment status and credit balance
• Communicating billing status and receipts

5.3 Communications

• Sending service-related notifications and announcements
• Responding to your inquiries and support requests
• Providing customer service and technical assistance
• Notifying you of changes to our Terms or Privacy Policy
• Sending marketing communications (with your consent where required)

5.4 Service Improvement and Development

• Analyzing usage patterns and trends to improve Services
• Developing new features and functionality
• Conducting research and analytics
• Testing and troubleshooting technical issues
• Optimizing performance and user experience

5.5 Security and Fraud Prevention

• Detecting and preventing fraud, abuse, and security incidents
• Enforcing territorial restrictions through geolocation verification
• Protecting against unauthorized access and use
• Investigating suspicious activity
• Maintaining system integrity and security

5.6 Legal Compliance

• Complying with applicable laws, regulations, and legal processes
• Responding to government requests and law enforcement
• Enforcing our Terms of Service and other agreements
• Protecting our legal rights and interests
• Resolving disputes and preventing prohibited activities

5.7 Aggregated and De-identified Data

We may create aggregated, de-identified, or anonymized data from information we collect. This data does not identify you personally and is not subject to this Privacy Policy. We may use such data for any purpose, including research, analytics, and marketing.

6. Desktop Application Privacy

6.1 Local Data Storage

CrispDemo stores certain information locally on your computer to provide functionality and improve performance:

• User preferences and settings
• Video project files and assets
• Knowledge base documents
• Cache data and video proxies for performance optimization
• Authentication tokens (stored securely in the OS credential store)

Local data remains on your computer and is not automatically transmitted to our servers except when necessary to provide Services (e.g., AI processing, video analysis).

6.2 Video Project Privacy

Our application processes video files and project data with specific privacy considerations:

• Local Processing: Video files are stored and processed locally on your computer. Only specific frames or analysis data are transmitted to AI providers when you use AI features.
• AI Transmission: Video analysis data, chat prompts, and editing instructions are transmitted to our servers and third-party AI providers only when you explicitly use AI features.
• Project Files: Project configuration files (markdown-based) are stored locally in your project folder and may be synced when using AI features.
• Rendered Output: Final rendered videos remain on your local computer and are not uploaded to our servers.

6.3 Desktop Permissions

Our application may request the following desktop OS permissions:

• Microphone: Required for voice dictation functionality for chat prompts
• Network Access: Required to communicate with our servers and AI providers
• File System Access: Required to read and write video project files
• Notifications: Optional, for service notifications and render completion alerts

You can manage these permissions through your system settings. Denying permissions may limit functionality.

6.4 Data Deletion on Uninstall

When you uninstall the CrispDemo application:

• Application preferences and cache data may be removed
• Video project folders you created remain on your computer unless you manually delete them
• Data stored on our servers (account information) will remain until you request deletion
• To fully delete your account and server-stored data, contact us at [email protected]

7. Information Sharing and Disclosure

We share your information with third parties only in the limited circumstances described below. We do not sell your personal information.

7.1 Third-Party AI Providers

To provide our core Services, we share your text inputs, voice recordings, and related context with the following third-party AI providers:

• OpenAI: For GPT model processing and text generation
• Google: For Gemini model AI processing
• Anthropic: For Claude model language processing
• xAI: For Grok model processing
• OpenRouter: For model routing across supported providers

These providers process your data according to their own privacy policies and terms of service. We recommend reviewing:

• OpenAI Privacy Policy: https://openai.com/privacy
• Google Privacy Policy: https://policies.google.com/privacy
• Anthropic Privacy Policy: https://www.anthropic.com/privacy
• xAI Privacy Policy: https://x.ai/legal/privacy-policy
• OpenRouter Privacy Policy: https://openrouter.ai/privacy

7.2 Service Providers

We engage third-party companies and individuals to perform services on our behalf, including:

• Cloud hosting and infrastructure providers
• Data storage and database services
• Analytics and performance monitoring
• Customer support and communication tools
• Email delivery services
• Security and fraud prevention services

These service providers have access to your information only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.

7.3 Payment Processors

Payments are processed through third-party payment processors. We do not have access to your payment card information. Payment processors process payments according to their privacy policy and terms of service. We receive only transaction confirmation and billing status from payment processors.

7.4 Business Transfers

If helpful bits GmbH is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in our Services of any change in ownership or use of your personal information.

7.5 Legal Requirements and Protection of Rights

We may disclose your information if required to do so by law or if we believe in good faith that such action is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Detect, prevent, or address fraud, security, or technical issues
• Protect the rights, property, or safety of helpful bits GmbH, our users, or the public
• Investigate potential violations of our Terms or policies

7.6 Aggregated or De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you. This may include usage statistics, industry trends, or demographic information shared with partners, researchers, or the public.

7.7 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

8. Third-Party AI Provider Data Processing

A core function of CrispDemo is processing your text and voice inputs through third-party AI providers. This section provides additional detail about how your data is handled in this process.

8.1 Data Transmission to AI Providers

When you use AI-powered features (video analysis, editing prompts, dictation), we transmit the following information to third-party AI providers:

• Your text input, chat messages, or voice recording
• Video frames or analysis data for video editing features
• Context information you've added to your knowledge base (if included in your prompt)
• Prompt instructions and parameters
• Settings and preferences relevant to the AI request (e.g., model selection)

8.2 AI Provider Data Practices

Third-party AI providers process your data according to their own privacy policies. Based on their published policies:

• Data Retention: Most providers retain API input data for short periods (typically 30 days) for abuse monitoring, then delete it
• Model Training: Enterprise and API users' data is generally not used for model training unless explicitly opted in
• Privacy Controls: We utilize business/enterprise API tiers where available to ensure stronger privacy protections
• Data Location: AI providers may process data in various geographic locations

We cannot control how AI providers process your data once transmitted. We recommend reviewing their privacy policies for complete information about their data practices.

8.3 Minimizing Data Transmission

To protect your privacy, we:

• Only transmit data to AI providers when you explicitly use AI features
• Process video files locally and only send specific frames or analysis data when needed
• Do not upload your complete video files to external servers
• Allow you to control which AI provider processes your data through model selection
• Do not transmit unnecessary metadata or device information

8.4 AI Provider Selection

You can control which AI provider processes your data by selecting different models in the application settings. Different providers have different privacy practices, costs, and capabilities. We provide information about each provider within the application to help you make informed choices.

9. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.

9.1 Security Measures

• Encryption: Data transmitted between your computer and our servers is encrypted using industry-standard TLS/SSL protocols
• Secure Storage: Sensitive data stored on your computer is protected using the OS credential store and encryption
• Access Controls: We implement strict access controls to limit who can access user data
• Authentication: We use secure authentication mechanisms to protect your account
• Monitoring: We monitor our systems for suspicious activity and potential security incidents
• Regular Updates: We regularly update our security practices and software to address new threats

9.2 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Notification will be provided via email to the address associated with your account and/or through a prominent notice in our Services.

9.3 Your Security Responsibilities

You are responsible for maintaining the security of your account credentials. We recommend:

• Using a strong, unique password for your account
• Not sharing your account credentials with others
• Keeping your computer and OS software up to date
• Using device security features like login passwords and FileVault encryption
• Immediately notifying us if you suspect unauthorized access to your account

10. State-Specific Privacy Rights (United States)

Residents of certain U.S. states have specific privacy rights under state law. This section describes rights available to residents of California, Virginia, Colorado, Connecticut, and Nevada.

10.1 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

You have the right to request disclosure of:

• Categories and specific pieces of personal information we have collected about you
• Categories of sources from which we collected your personal information
• Our business or commercial purposes for collecting or selling personal information
• Categories of third parties with whom we share personal information
• Specific pieces of personal information we have about you

Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to certain exceptions under California law.

Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

Right to Opt-Out of Sale or Sharing

We do not sell your personal information as defined by California law. If our practices change, we will update this Privacy Policy and provide you with notice and an opportunity to opt out.

Right to Limit Use of Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes other than those permitted under CPRA without providing you the right to limit such use.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights. We will not:

• Deny you goods or services
• Charge different prices or rates, including through discounts or penalties
• Provide a different level or quality of goods or services
• Suggest you will receive different prices, rates, or quality of goods or services

Authorized Agent

You may designate an authorized agent to make requests on your behalf. We may require verification that you authorized the agent and verification of your identity.

California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

10.2 Virginia Privacy Rights (VCDPA)

If you are a Virginia resident, you have the right to:

• Confirm whether we are processing your personal data and access such data
• Correct inaccuracies in your personal data
• Delete personal data you provided to us
• Obtain a copy of your personal data in a portable format
• Opt out of targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects

10.3 Colorado Privacy Rights (CPA)

Colorado residents have similar rights as Virginia residents under the Colorado Privacy Act, including rights to access, correct, delete, and obtain a portable copy of personal data, as well as opt out of certain processing activities.

10.4 Connecticut Privacy Rights (CTDPA)

Connecticut residents have rights similar to Virginia and Colorado residents under the Connecticut Data Privacy Act, including rights to access, correct, delete, data portability, and opt-out rights.

10.5 Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of certain covered information we have collected about you to third parties. We do not currently sell your covered information as defined under Nevada law. If our practices change, we will update this Privacy Policy and provide Nevada residents with an opt-out opportunity.

10.6 Exercising State Privacy Rights

To exercise any of the rights described above, please contact us at [email protected] with "State Privacy Rights Request" in the subject line. We will verify your identity before processing your request and respond within the timeframe required by applicable state law.

11. International Data Transfers

helpful bits GmbH is a German company, but our Services rely on infrastructure and service providers located in multiple countries, including the United States. Your information may be transferred to, stored in, and processed in countries other than your country of residence.

11.1 EU/EEA/UK Users

If you are located in the European Union, European Economic Area, or United Kingdom, your personal data may be transferred to and processed in the United States and other countries that may not provide the same level of data protection as your home country.

We implement appropriate safeguards for international data transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Ensuring service providers comply with GDPR requirements
• Implementing technical and organizational measures to protect data
• Conducting data protection impact assessments where required

11.2 Legal Basis for Processing (GDPR)

For users in the EU/EEA/UK, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide Services under our Terms of Service
• Legitimate Interests: Processing for fraud prevention, security, service improvement, and business operations
• Legal Obligations: Processing to comply with applicable laws and regulations
• Consent: Processing based on your explicit consent (which you may withdraw at any time)

11.3 GDPR Rights

If you are subject to the General Data Protection Regulation (GDPR), you have additional rights:

• Right of access to your personal data
• Right to rectification of inaccurate personal data
• Right to erasure ("right to be forgotten") in certain circumstances
• Right to restriction of processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent (where processing is based on consent)
• Right to lodge a complaint with a supervisory authority

12. Children's Privacy

Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If you are under 18, do not use our Services or provide any information to us.

If we learn that we have collected personal information from a child under 18 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have information from or about a child under 18, please contact us immediately at [email protected].

12.1 COPPA Compliance

Our Services comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect, use, or disclose personal information from children under 13. Our Terms of Service require users to be at least 18 years old.

13. Data Retention

We retain your personal information for as long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce our agreements.

13.1 Retention Periods

• Account Information: Retained for the duration of your account plus a reasonable period after account closure for legal compliance
• User Content: Retained while your account is active or as needed to provide Services; deleted upon account deletion or user request
• Video and Chat Inputs: Not permanently stored on our servers; transmitted to AI providers for processing and immediately discarded after processing
• Usage Data: Aggregated usage data may be retained indefinitely in de-identified form
• Transaction Records: Retained for tax and accounting purposes as required by law (typically 7 years)
• Communications: Customer support communications retained for reasonable period to provide ongoing support

13.2 Deletion Requests

You may request deletion of your personal data at any time by contacting us at [email protected]. We will delete your data within 30 days of your request, except where:

• Retention is required by law
• Data is needed to complete a transaction, provide a requested service, or fulfill our Terms
• Retention is necessary to detect security incidents or protect against illegal activity
• Data is needed to exercise or defend legal claims

14. How to Exercise Your Privacy Rights

14.1 Submitting Requests

To exercise your privacy rights, including rights to access, correct, delete, or port your data, please contact us at:

14.2 Verification Process

To protect your privacy and security, we will verify your identity before processing requests to access, correct, or delete your personal information. We may request:

• Email address associated with your account
• Account username or user ID
• Verification that you have access to the email address on file
• Additional information to verify your identity for sensitive requests

14.3 Response Timing

We will respond to your request within the timeframe required by applicable law:

• California (CCPA/CPRA): 45 days, with possible 45-day extension
• Virginia, Colorado, Connecticut: 45 days, with possible 45-day extension
• GDPR (EU/EEA/UK): 30 days, with possible 60-day extension for complex requests

14.4 Account Settings

You can access and modify certain information directly through your account settings in the CrispDemo application, including:

• Email address and account information
• AI provider preferences and model selection
• Video project settings
• Knowledge base documents
• Communication preferences

14.5 Appeal Process

If we deny your privacy rights request, you have the right to appeal our decision. To appeal, respond to our denial email with "Appeal" in the subject line and explain why you believe our denial was incorrect. We will respond to appeals within the timeframe required by applicable law.

15. Do Not Sell or Share My Personal Information

We do not sell or share your personal information as defined by California and other state privacy laws.

We do not:

• Sell your personal information to third parties for monetary consideration
• Share your personal information with third parties for cross-context behavioral advertising
• Use your personal information for targeted advertising based on your activity across different services

We share your data with third-party AI providers solely to provide the Services you request, which does not constitute "selling" or "sharing" under applicable privacy laws. We also share data with service providers who perform services on our behalf, subject to contractual restrictions on their use of your information.

If our practices change in the future, we will update this Privacy Policy and provide required notice and opt-out mechanisms before implementing any sale or sharing of personal information.

16. Cookies and Tracking Technologies

16.1 What We Use

We use cookies and similar tracking technologies on our website to improve functionality, analyze usage, and enhance your experience. The CrispDemo desktop application uses local storage and identifiers but does not use traditional web cookies.

16.2 Types of Technologies

• Essential Cookies: Necessary for authentication, security, and basic functionality
• Analytics: Help us understand how users interact with our Services to improve performance
• Session Tokens: Maintain your login session and preferences
• Local Storage: Store preferences and data locally on your device

16.3 Third-Party Analytics

We may use third-party analytics services to help us analyze usage of our Services. These services may collect information about your use of our Services and other websites/applications over time. We use analytics for service improvement, not for behavioral advertising.

16.4 Your Choices

Most web browsers allow you to control cookies through settings. However, disabling cookies may limit your ability to use certain features of our website. Desktop application data can be controlled through the application settings and your system preferences.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Effective Date" at the top of this Privacy Policy
• Post the revised Privacy Policy on our website and in our desktop application
• For material changes, provide notice via email to the address associated with your account
• For material changes affecting your rights, may display a prominent notice in our Services

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes to this Privacy Policy constitutes your acceptance of the revised policy.

If we make material changes that retroactively expand our rights to use personal information we previously collected about you, we will obtain your consent before implementing such changes.

18. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, please contact us:

18.1 Response Timing

We strive to respond to all privacy inquiries within a reasonable timeframe, typically within 5-10 business days for general inquiries and within timeframes required by law for privacy rights requests.

18.2 Supervisory Authority (EU/EEA/UK Users)

If you are located in the European Union, European Economic Area, or United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law.

18.3 California Consumer Rights Requests

California residents may also contact us via email at [email protected] to exercise CCPA/CPRA rights. We do not discriminate against California residents who exercise their privacy rights.

19. Additional Provisions

19.1 Third-Party Links

Our Services may contain links to third-party websites, applications, or services not operated by us. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices of third parties and encourage you to review their privacy policies.

19.2 AI-Generated Content Privacy

Content generated by AI in response to your prompts may not be unique. Similar prompts submitted by different users may generate similar outputs. We cannot guarantee that AI-generated content has not been generated for other users or does not contain information from other sources.

19.3 California Privacy Rights Notice

Under California Civil Code Section 1798.83, California residents are entitled to request information regarding disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

19.4 Data Protection Officer

For questions specifically related to GDPR compliance or EU/EEA data protection, you may contact our data protection team at [email protected] with "GDPR Inquiry" in the subject line.

19.5 Accessibility

We are committed to making our Privacy Policy accessible. If you have difficulty accessing this Privacy Policy or need it in an alternative format, please contact us at [email protected].