Skip links
Log in
Get a demo
DemandTec Total Lifecycle Pricing Platform

Privacy Policy

Privacy Policy
Terms of Use
Accessibility
Contract Terms
Cookie Policy
Anti-slavery Statement

Last modified: February 13, 2026

DemandTec, LLC and our subsidiaries (“DemandTec,” “we,” “us,” or “our”) are a U.S.-based global SaaS company that provides a retail pricing platform to business customers (“Customers”). This Privacy Policy applies to our website and our services (collectively, the “Services”), and describes how we collect, use, and disclose information when you visit our Sites or otherwise engage with us. By accessing or using our Service, you certify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Policy. 

We are committed to protecting your privacy and handling personal information in compliance with applicable laws, including the laws of all 50 U.S. states (such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), and other applicable state privacy laws), the Gramm-Leach-Bliley Act (“GLBA”), the General Data Protection Regulation (“GDPR”) in the European Union, and the UK GDPR, among others. 

In most cases, we act as a data processor (or “service provider” under some U.S. laws) for our Customers, who are the data controllers (or “businesses” under some U.S. laws) responsible for the personal information they collect. We process this information solely on behalf of and as instructed by our Customers and we implement appropriate technical and organizational measures to protect the data we process on behalf of our Customers. Our Customers are responsible for obtaining necessary consents and providing privacy notices to their customers. For questions about a Customer’s data practices, contact them directly. 

In some cases, we act as a data controller. We act as data controller when we collect and process contact information and account details of our Customers and prospective customers, when we collect and process information about visitors to our website, when we process personal information for our own business purposes, such as billing, fraud prevention, and service improvements, and when we collect and use analytics data related to the performance and usage of our Service. In these instances, we determine the purposes and means of processing and comply with all applicable controller obligations under relevant privacy laws. 

This Privacy Policy explains what information we collect and process, and how we collect, use, disclose, and protect personal information. It applies to information we collect through the Service and other interactions. “Personal information” means any information that identifies or relates to a natural person or sometimes referred to as an identifiable individual. 

If you do not agree to the practices described in this Privacy Policy, please do not use our Services. 

1. Information We Collect 

We collect the following types of personal information: 

When Acting as a Data Processor 

When processing data on behalf of our Customers, we may collect and process: 

  • Analytics Data: Aggregated usage trends to improve the Service. 
  • Identifiers: Name, username, email address, phone number, user preferences, etc. 
  • Device and Usage Data: Collected through the use of cookies (discussed below). 


When Acting as a Data Controller 

When acting as a data controller, we may collect and process: 

  • Analytics Data: Aggregated usage data to improve the Service. 
  • Contact and Account Information: Name, email address, phone number, company details, account information, business relationship data, billing information and payment card details, transaction history, and communication records when you subscribe to the Service, inquire about it, or interact with our sales team. 
  • Internet or Network Activity: Device identifiers, IP address, browsing history, and information about how you use our Service. 
  • Marketing Data: Preferences and interactions with our emails or website. 
  • Professional Information: Job title, employer, and professional qualifications of customer representatives. 
  • Location Data: Zip code, IP address, and other location data to provide you with more information about our Service in your area. 


2. How We Collect Information 

  • Directly from You: When you provide information during registration, communicate with us, make inquiries, and provide comments and opinions. 
  • Automatically: Through the website (e.g., via cookies), server logs and analytics tools, through our platform. 
  • From Third Parties: Such as business partners, publicly available professional databases, social media sites, and Customers.  

3. How We Use Information 

We use personal information for the following purposes: 

When Acting as Data Processor  

  • To provide, maintain, and improve our Service. 
  • To comply with Customer instructions, such as storing or analyzing content and generating reports. 
  • To implement security measures, performance monitoring, and for other internal operations, such as debugging. 
  • To troubleshoot technical issues. 
  • To comply with legal obligations applicable to us. 
  • To verify identities and to detect and prevent fraud.

     

When Acting as Data Controller 

  • To provide, maintain, and improve our Service, including using anonymized or aggregated data for analytics. 
  • To manage Customer accounts and relationships, process payments, and provide customer support. 
  • To implement security measures, performance monitoring, and for other internal operations, such as debugging. 
  • To inform Customers about our products, services, and updates (subject to communications preferences). 
  • To verify compliance with our policies. 
  • To evaluate and conduct corporate transactions, such as mergers, acquisitions, reorganizations, and sales of assets. 
  • To troubleshoot technical issues. 
  • To comply with legal obligations applicable to us. 
  • To verify identities and to detect and prevent fraud. 

4. Legal Bases for Processing 

We rely on one, some, or all of following legal bases for processing personal information: 

  • Contractual Necessity: Processing necessary for the performance of our contracts with Customers or to take steps at a Customer’s request before entering into a contract. 
  • On Behalf of Businesses: Processing necessary as a service provider on behalf of a business. 
  • Legitimate Interests: Processing necessary for our legitimate interests or those of a third party (like service improvements and security), provided these interests are not overridden by your rights and freedoms. 
  • Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject. 
  • Consent: Processing based on the specific consent of Customers for one or more specific purposes. 

5. Sharing and Disclosure of Information 

We do not sell personal information. We share information with the following categories of recipients: 

  • With Subprocessors and Service Providers: Third parties who help us deliver our products and services. 
  • With Customers and Business Partners: Other companies with whom we may co-offer services or conduct joint marketing activities. 
  • Professional Advisors: Our accountants, lawyers, auditors, insurers, and other advisors. 
  • Authorities and Third Parties: Law enforcement, regulators, and other government authorities. 
  • Corporate Transaction Recipients: Third parties in connection with a corporate transaction, such as a merger or sale of our business. 


Subprocessors and Service Providers 

We engage various subprocessors and service providers to assist us in providing our services, including:  

  • Cloud Infrastructure Providers: Companies that provide the infrastructure on which our services run. 
  • Payment Processors: Companies that process payments on our behalf.  
  • Customer Support Tools: Services that help us provide customer support.  
  • Analytics Providers: Services that help us understand how our Services are used.  
  • Communication Services: Email service providers and other communication tools.  
  • Security Services: Providers of security and fraud prevention services. 
  • Enablement Services: Services that help us provide training materials. 


We maintain a current list of all subprocessors we use, which is at demandtec.com/subprocessors. We conduct due diligence on all subprocessors to ensure they provide sufficient guarantees to implement appropriate technical and organizational measures to meet the requirements of applicable privacy laws. We enter into agreements with our subprocessors that impose data protection obligations consistent with this Privacy Policy and applicable law.  

As a U.S.-based company providing services globally, we may use subprocessors outside the United States, EEA, UK, and India. For any subprocessor processing personal data subject to applicable privacy laws that is located in a country without an adequacy decision, we ensure appropriate safeguards are in place through: 

  • Standard Contractual Clauses (“SCCs” approved by the European Commission or UK equivalent) 
  • Additional security measures to protect data transfers 
  • Regular assessments of the legal environment in the destination country 


Customers may request copies of relevant data transfer mechanisms by contacting us at the contact information provided at the end of this Policy. 

The SCCs and other transfer mechanisms provide data subjects with enforceable rights and effective legal remedies, including: 

  • The right to lodge a complaint with a supervisory authority 
  • The right to judicial redress 
  • The right to compensation for damages 

6. Cookies and Tracking Technologies 

We use cookies, web beacons, pixels, and similar tracking technologies on our website to enhance functionality and analyze usage. 

  • Types of Cookies:
    • Strictly Necessary Cookies: Necessary for the functioning of our Services
    • Performance Cookies: Help us understand how visitors interact with our Services
    • Functional Cookies: Remember your settings and preferences
    • Targeting Cookies: Track your browsing habits to deliver targeted advertising 


 You can manage your cookie preferences by:  

  • Adjusting your browser settings to block or delete cookies 
  • Using the cookie preference center on our website 
  • Adjusting your device settings to limit ad tracking 
  • Opting out of analytics tracking where available 


Please note that disabling certain cookies may limit the functionality of our services. 

Do Not Track Signals: Some browsers include a “Do Not Track” (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no universal standard for how DNT signals should be interpreted. We do not currently respond to DNT signals, but you can use the cookie preference tools described above to manage tracking. 

Website and Service Analytics 

We use analytics tools to collect information about how users interact with our Service, including: 

  • Pages visited and features used 
  • Time spent on pages or in the application 
  • Links clicked 
  • Technical information (browser type, device type, operating system) 
  • Referring website or source 


This information helps us improve our Service, understand user behavior, and optimize user experience. Analytics data is typically aggregated and anonymized. 

7. Rights Related to Automated Decisions 

If you are subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you, in certain jurisdictions the data controller must give you the right to: 

  • Obtain human intervention and review 
  • Express your point of view regarding the automated decision 
  • Contest the decision 
  • Request an explanation of the decision and the logic involved 


As a data processor for our Customers, we will work with the relevant Customer to facilitate these rights. 

No Sensitive Data Profiling 

Our Service does not use automated decision-making or profiling for decisions involving sensitive personal information. 


8. AI and Machine Learning 

When using data for AI training purposes, we implement the following safeguards: 

  • Data minimization and pseudonymization techniques 
  • Technical measures to prevent the extraction of personal information from trained models 

We do not share personal information with external parties for the purpose of training their AI models. 


9. Data Security 

We implement reasonable security measures, including encryption, access controls, firewalls, and regular audits, to protect personal information. However, no system is entirely secure, and we cannot guarantee that data breaches will never occur. 

Processor Obligations 

When acting as a data processor, we will notify our Customers without undue delay after becoming aware of a personal data breach. We will provide our Customers with sufficient information to meet their own notification obligations and cooperate with Customers in their breach response efforts. 

Controller Obligations 

When a breach affects personal information for which we are the data controller (Customer and prospective customer information), we will notify follow applicable law with respect to all notification requirements, including:  

  • GDPR and UK GDPR: Notification to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible, if the breach is likely to result in a risk to the rights and freedoms of individuals. Notification to affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms. 
  • U.S. State Laws: Notification in accordance with applicable state breach notification laws, which typically require notification to affected individuals within a reasonable time (often 30-60 days) and, in some cases, to state attorneys general or other authorities. 

 

10. Account Deletion and Data Erasure 

Customers may request deletion of their accounts at any time by contacting their designated account manager. 

 

11. Data Retention 

Customer, Prospective Customer, and Business Data (As Data Controller) 

We retain Customer, prospective customer, and Business data for as long as necessary to: 

  • provide the Service and fulfill our contractual obligations; 
  • comply with legal, tax, and accounting obligations (typically 7 years for financial records); 
  • resolve disputes and enforce our agreements; and 
  • pursue legitimate business interests 

Marketing data is retained until you opt out or withdraw consent. 


12. Your Rights and Choices 

Rights Regarding End User Data 

If you are an end user, you should direct requests regarding your personal data to the relevant Customer (the data controller). We will assist Customers in responding to such requests as required by law. 

Rights Regarding Customer and Prospective Customer Data 

Depending on your location and applicable law, you may have the following rights: 

  • Right to Know: to request what personal information is collected, sold, or disclosed. 
  • Access and Portability: to request access to your personal information and receive a copy in a portable format. 
  • Correction: to request correction of inaccurate or incomplete personal information. 
  • Deletion: to request deletion of your personal information, subject to legal exceptions. 
  • Restriction: to request restriction of processing of your personal information. 
  • Objection: to object to processing based on legitimate interests or for direct marketing purposes. 
  • Opt Out: to opt out of sales and sharing of your personal information. 
  • Withdraw Consent: where processing is based on consent, to withdraw consent at any time (without affecting the lawfulness of prior processing). 
  • Non-Discrimination: you will not receive discriminatory treatment for exercising your privacy rights. 


To exercise these rights, contact us at the contact information at the end of this Policy.  We will respond to requests within the timeframes required by applicable law. We may need to verify your identity before processing your request. In some cases, we may need to limit or deny your request if permitted or required by law, or if we cannot verify your identity. 

 

13. Children’s Privacy 

Our Service is not directed to children and we do not knowingly collect personal information from children of any age. If we learn we have collected information from a child under the applicable age of consent without parental consent, we will delete it promptly.  


14. Third-Party Links and Services 

Our website or Service may link to third-party sites or integrate third-party services that are not operated or controlled by us, including: 

  • Payment processors 
  • Social media platforms 
  • Partner services 
  • Help documentation and resources 
  • Customer websites (accessed through our Service) 

We are not responsible for the privacy practices, content, or security of any third-party websites or services. These third parties have their own privacy policies and terms of service, which may differ from ours. 

Our Service may allow Customers to integrate with third-party applications and services. When Customers enable such integrations, data may be shared with the integrated third-party service according to the Customer’s configuration. We are not responsible for our Customer’s or any third party’s data practices, so we recommend you review all applicable privacy policies and notifications. 


15. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Privacy Policy on our website and update the “Last Updated” date. For material changes, we will provide additional notice, such as by email or through a prominent notice in the Service. We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices. Your continued use of our services after the revised policy becomes effective indicates your acceptance of the updated terms. 


16. Complaints 

If you have a complaint about our privacy practices, please contact us using the information provided at the end of this Policy. We will make every effort to respond to your complaint within 30 days. 

 

17. Contact Us 

For questions, requests, or complaints, please contact our Data Protection Representative: Paul Yuro.  

  • Email: privacy@demandtec.com 
  • Mail: DemandTec, LLC, 110 N. Wacker Drive, Suite 3150, Chicago, IL 60606 
This website uses cookies to improve your web experience.