HomeAboutPrivacyTerms
Demetria logo

Demetria Privacy Policy

Effective Date: May 3, 2025

1. Introduction

Demetria ("we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our web application (Demetria.org) and AI chatbot service (the System).

2. Information We Collect

By submitting queries to the System, you consent to the collection and processing of the information as described in this Privacy Policy.

We may collect the following types of information:

  • User Input: Text and data submitted to the AI chatbot in direct response to user queries.
  • Technical Data: IP address, browser type, device type, and usage analytics are continuously logged automatically by Google as a part of standard operation.
  • The user information is kept to a minimum, in the form of technical data used for system logging for maintenance and security.

3. How We Use Your Information

We use submitted data to:

  • Provide our AI chatbot service in accordance with the Demetria Terms of Service (Performance of a Contract)
  • Provide and improve our AI chatbot and services (Legitimate Interest)
  • Analyze user interactions to enhance performance (Legitimate Interest)
  • Ensure security and prevent abuse (Legitimate Interest and potentially Compliance with a Legal Obligation)
  • Comply with legal obligations (Compliance with a Legal Obligation)
  • Our legitimate interests include understanding how our service is used to make it better and more secure for all users.

4. GDPR Compliance

We are committed to complying with the General Data Protection Regulation (GDPR) for users in the European Union. This includes respecting your rights to access, rectify, erase, and export your personal data, as described in this Privacy Policy.

5. Use of Google Cloud Services

Our chatbot uses Google Cloud’s Vertex AI API to process your inputs and generate responses. By using the System, you acknowledge that your data may be processed by Google in accordance with their Terms of Service and Privacy Policy.

Google Cloud acts as a subprocessor for the System, operating under a data processing agreement (DPA). We remain the data controller for user data, while Google processes user input on our behalf to deliver AI functionality.

By using the System, you acknowledge that your data may be processed by Google as our data processor.

Data processed by Google Cloud may be transferred outside the EU/EEA.

6. Data Sharing

We do not sell your data. We may share data with:

  • Service providers such as Google Cloud for processing chatbot user queries
  • Authorities when required by law
  • The System only shares data with Google for the purpose of processing user queries, no other user data is shared externally.

7. Data Retention

We retain user input data only for the duration of the user session (no cookies) in order to provide the System, or as required by applicable laws.

Google as a third party provider of the AI functionality may retain user queries for improving their services, the System by itself does only retain user data in the form of server-side logs as a part of the Google Cloud platform.

8. Your Rights

The data you submit (text prompts) is not stored by the System.

Right to Information/Access: The System only retains user data during each session. After the user ends the session (such as closing a web browser tab) all user data is removed. Technical data such as logs are anonymous in the sense that no session ID is stored and browser information is generic which prevents identifying individual users.

Right to Rectification: The information provided by the System is in the form of AI responses for text queries by unidentified users.

Right to Erasure ("Right to be Forgotten"): The System only processes user information in the form of text queries that are automatically erased when each session ends.

Right to Restriction of Processing: The System only processes user queries (text prompts). Users can control processing by choosing what text they submit.

Right to Object to Processing:The users can stop the System from processing their user data by stop submitting user queries. The System does not process user data after a session has been closed.

Right to Data Portability: The System retains no user data to export.

Right not to be subject to automated decision-making: The System does not use automated decision-making.

Right to Lodge a Complaint: The user has the right to file a complaint to applicable authorities within the user's jurisdiction (the System is a global service).

9. Security

We take reasonable technical and organizational measures to protect your data. However, no system is completely secure, and we cannot guarantee absolute security.

All traffic between the user and the System is via HTTPS.

The System only handles user information during each session.

We are committed to using trusted third parties to maintain appropriate security measures, e.g., as required by GDPR for processor contracts.

10. Children's Privacy

The System is not generally intended for children under the age of 13 (or equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children.

The System is designed to be family friendly and children can use it under adult supervision.

11. Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be posted here with the effective date updated.