Privacy Policy

Last updated: May 3, 2026

iraa.ai (“iraa.ai,” “we,” “our”) operates the DemoAgent platform, an AI-powered live product-demo service. This policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to customers (SaaS companies that deploy the DemoAgent on their websites) and visitors (end users who interact with the DemoAgent on a customer's site).

1. Information we collect

From customers

  • Account information: name, work email, company name, password hash.
  • Billing information processed by our payment processor (we do not store full card numbers).
  • Product configuration: PDP YAML, demo flows, knowledge content, demo-account credentials.
  • API usage and logs: request timestamps, IP, user agent, error traces.

From visitors (interacting with DemoAgent)

  • Conversation transcripts between the visitor and the DemoAgent, including any contact details (name, email, phone, company) the visitor voluntarily provides.
  • Page-context metadata (URL, page title, referrer) at the time of the demo.
  • Session metadata (start time, duration, agent actions, lead-capture status).
  • IP address and user agent for fraud, rate-limiting, and audit purposes.

Visitor data is collected on behalf of the customer who deployed the DemoAgent. The customer is the data controller for visitor data; iraa.ai is the data processor.

2. How we use the information

  • Provide, maintain, and improve the DemoAgent service.
  • Generate AI agent responses, drive in-app actions, and capture leads.
  • Authenticate users, prevent abuse, and meet legal obligations.
  • Send transactional emails (account, billing, security).
  • Aggregate, anonymized analytics to improve agent behavior and product quality. We do not train foundation models on customer or visitor data.

3. Sub-processors

We rely on the following sub-processors. Each has a data-processing agreement with iraa.ai and is contractually prohibited from using data for any purpose other than providing the service to iraa.ai.

  • Anthropic — LLM inference for agent responses (no training on inference data per Anthropic's terms).
  • ElevenLabs — text-to-speech synthesis (only when voice mode is enabled by the customer).
  • DigitalOcean — application hosting and database (PostgreSQL, Redis).
  • Stripe — payment processing (when paid plans are enabled).

4. Data retention

  • Conversation transcripts and session data: retained for the customer's active subscription, then deleted within 30 days of account closure or upon written request.
  • Aggregated, anonymized analytics: retained indefinitely.
  • Account and billing records: retained for the period required by tax and accounting law (typically 7 years).

5. Security

We use TLS for all data in transit, at-rest encryption for databases, scoped API keys, role-based access control for internal staff, and audit logging on every demo session. Demo-account credentials configured by the customer are stored encrypted and are never passed into LLM context.

6. Your rights

Depending on your jurisdiction (e.g., GDPR, CCPA), you may have rights to access, correct, delete, port, or restrict processing of your personal data. To exercise these rights, email hello@iraa.ai. We will respond within 30 days.

7. International transfers

iraa.ai processes data in the United States and India. By using the service you consent to the transfer of your information to these jurisdictions, subject to the safeguards described in our Data Processing Agreement (available on request for customers on paid plans).

8. Children

The service is not directed at children under 16, and we do not knowingly collect personal data from them.

9. Changes to this policy

We may update this policy. Material changes will be announced via email to account owners and posted at the top of this page with a new “Last updated” date.

10. Contact

Questions or requests: hello@iraa.ai.