1. Roles
For personal data of your end users (people who view walkthroughs you publish), Heal Demo acts as a processor and you act as the controller. For personal data of your account administrators and authorized seat users, Heal Demo acts as a controller for the limited purposes of identity, authentication, billing, security, and product improvement. These Terms apply in addition to our Privacy Policy.
2. Scope of processing
Subject matter: hosted recording, storage, generation, and delivery of product walkthroughs. Duration: term of the underlying subscription plus the deletion window in section 8. Nature and purpose: as described in our Privacy Policy. Categories of data subjects: your account administrators, authorized seat users, and end viewers. Categories of personal data: account identifiers (email, name, hashed credentials), session metadata (IP, user-agent), walkthrough content authored by you, end-viewer telemetry (anonymous viewer ID, referrer, user-agent, ISO country, step events), and billing identifiers. We process this data only on your documented instructions, including via the configuration choices you make in the product.
3. Subprocessors
You authorize Heal Demo to engage subprocessors to provide the service. The current list is published at /privacy. We will give at least 30 days' advance notice via our status page before adding or replacing a subprocessor. You may object to a new subprocessor on reasonable data-protection grounds within that notice window; if we cannot accommodate the objection, you may terminate the affected portion of the service and receive a pro-rata refund of prepaid fees.
4. Security measures
We maintain the following technical and organizational measures:
- TLS 1.2+ for all data in transit between client, web app, worker, and viewer.
- Encryption at rest provided by our managed-storage subprocessors (Cloudflare R2, Neon, Upstash).
- API tokens and extension tokens are stored as SHA-256 hashes; raw tokens are shown to users exactly once at creation.
- Production access is limited to a small number of named operators authenticated via SSO with mandatory MFA. Shared credentials are prohibited; each production action is attributable to a named individual. Full access-control procedures are documented in our internal security documentation, available on written request at
[email protected]. - Centralized error and performance telemetry (Sentry) with a server- and client-side PII scrubber that strips credentials, email addresses, and sensitive request fields before events are transmitted.
- Regression-tested healing pipeline gated on accuracy and false-positive thresholds before each release.
5. Data-subject rights
We will, taking into account the nature of the processing, reasonably assist you in responding to access, correction, deletion, portability, restriction, and objection requests from your end viewers. Forward such requests to [email protected] and we will respond within 10 business days. Requests from your own account administrators and seat users are handled directly under our Privacy Policy, and may be exercised through the self-service Privacy & data section in the dashboard.
6. International transfers
Primary data residency for the service is the United States. Where personal data of EEA, Swiss, or UK data subjects is transferred to or accessed from outside those regions, the transfer is governed by the European Commission's Standard Contractual Clauses (Implementing Decision 2021/914), and, for UK data, by the UK Addendum. We have completed transfer-impact assessments for our subprocessors and will provide them on reasonable request. EU-only data residency for Team-tier customers with strict sovereignty requirements is a roadmap item, not currently available.
7. Incident notification
We will notify you without undue delay, and in any event within 72 hours of becoming aware, of any confirmed personal-data breach affecting your tenant. The notification will describe, to the extent then known, the nature of the breach, the categories and approximate number of data subjects and records affected, the likely consequences, the measures taken or proposed in response, and a contact for follow-up.
8. Return or deletion
On termination of the underlying subscription, and at your written instruction, we will delete or return all personal data we process on your behalf within 30 days of the termination date. Backup copies are purged within 30 additional days under our backup-rotation schedule. Where law requires longer retention (for example, tax records associated with paid subscriptions), we will retain only what is required and only for as long as required.