Demi
Help Center
Get Demi

Privacy & Security

Demi acts on your behalf — so keeping your data safe and giving you full control is the foundation everything else is built on.

You Control What Demi Can Do

Every sensitive action Demi takes requires your explicit permission. Before Demi can send an email, create a calendar event, or interact with any connected service, it asks for your approval. You decide what Demi is allowed to do and can change those decisions at any time.

  • Read freely, write carefully — Demi can read your calendar and inbox to stay informed, but any action that creates, sends, or modifies something requires your approval first.
  • Adjustable autonomy — In Settings, you control how independently Demi operates. Start conservative and increase autonomy as you build trust.
  • Revoke anytime — Disconnect any integration or revoke any permission from Settings at any time. Changes take effect immediately.

How Your Data Is Protected

Encrypted in Transit and at Rest

All communication between your devices and Demi is encrypted. Your stored data is encrypted at rest, so it is protected even in storage.

Minimal Data Access

Demi only requests the minimum permissions it needs from each connected service. It does not bulk-download your data or store copies of your emails and files.

Secure Authentication

Demi uses phone-number verification to sign you in. No passwords to remember, leak, or reuse. Each session is secured with short-lived tokens that expire automatically.

Full Audit Trail

Every action Demi takes on your behalf is logged with a timestamp and result. You can review what Demi did, when it did it, and whether it succeeded — at any time.

Integration Security

When you connect a service like Gmail or Google Calendar, Demi uses the industry-standard secure authorization flow provided by that service. Your login credentials are never shared with or stored by Demi. Instead, the service issues a limited-access token that Demi uses to act on your behalf.

You can see all your connected services and their status in Settings > Integrations. Disconnecting a service immediately revokes Demi's access.

What Demi Does Not Do

  • No selling or sharing your data — Your information is used solely to help you. It is never sold, shared with advertisers, or used to train models on other people's data.
  • No background surveillance — Demi only accesses your connected services when executing a task you requested or a recurring task you set up. It does not passively monitor your accounts.
  • No hidden actions — Every action is visible in your task history and audit trail. If Demi does something, you can see it.

Review Your Permissions

Visit Settings > Permissions on your iPhone to see exactly what Demi is allowed to do. You can tighten or loosen controls at any time without affecting your connected services.

Previous

Your First Task

Next

Troubleshooting