Privacy Policy

Last updated: March 30, 2026

CommentGem ("we," "our," or "us") operates the CommentGem Chrome extension and the commentgem.com website. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

1. Information we collect

1.1 Information you provide

• Account information: If you create an account for Pro features, we collect your email address and an encrypted password.
• YouTube API key: If you provide your own YouTube Data API key (BYOK), it is stored in your browser's local storage. When you use the extension, your API key is transmitted to our server solely to make YouTube Data API calls on your behalf. We do not use your key for any other purpose. We are actively working toward a fully client-side architecture where your key never leaves your browser.
• Payment information: If you subscribe to CommentGem Pro, payment is processed by Stripe. We do not store your credit card number, CVC, or full card details. Stripe provides us with a customer ID and subscription status only.

1.2 Information collected automatically

• Anonymous usage analytics: We collect anonymous usage events such as which features are opened, how often analyses run, and error reports. Each install is assigned a randomly generated anonymous ID (UUID) stored locally in your browser. This ID is not linked to your email, name, IP address, or any personal identifier. Analytics are processed by PostHog through our backend on Railway. You can disable analytics at any time in the extension settings, and you can reset your anonymous ID whenever you choose.
• YouTube comment data: When you analyze a video, comments are fetched from the YouTube Data API in real-time. We may temporarily cache comment data on our server for performance purposes. We do not permanently store YouTube comments or associate them with your account.
• AI Chat (Gemini): If you use the AI Chat feature, your question and the relevant comments from the current analysis are sent to Google's Gemini API to generate a response. We do not store the contents of these conversations on our servers. Google's use of this data is governed by Google's privacy policy and API terms.

1.3 Information we do NOT collect

• We do not collect your YouTube browsing history
• We do not access your YouTube account or credentials
• We do not track which videos you watch
• We do not collect personal identifiers (name, email, or IP address) for analytics
• We do not sell any personal data to third parties

2. How we use your information

We use the information we collect to:

• Provide and maintain the CommentGem extension and its features
• Process YouTube Data API requests using your provided API key
• Manage your Pro subscription and billing through Stripe
• Send you important service updates (e.g., billing confirmations, security notices)
• Improve the extension based on anonymous usage patterns
• Respond to support requests

3. Data sharing

We do not sell, rent, or trade your personal information. We share data only with the following subprocessors, each used for a specific purpose:

• Stripe: For payment processing (Pro subscriptions). Stripe's privacy policy applies to payment data.
• Supabase: For account authentication and user profile storage. Data is stored securely with row-level security policies.
• Google/YouTube Data API: Your API key is used to fetch publicly available YouTube comment data. Google's API Terms of Service apply.
• Google Gemini API: If you use AI Chat, questions and related comments are sent to Gemini to generate responses. Google's privacy policy applies.
• PostHog: For aggregating anonymous product analytics. PostHog only receives the anonymous ID and event data described in section 1.2.
• Railway: Our backend infrastructure provider. Railway processes data in transit between the extension and our backend services.

4. Data storage and security

Your account data is stored in Supabase (hosted on AWS) with encryption at rest and in transit. Your YouTube API key is stored in your browser's local storage. When transmitted to our server for API calls, it is sent over HTTPS. We use industry-standard security measures to protect your data, but no method of transmission over the internet is 100% secure.

5. Your rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Delete: Request deletion of your account and associated data
• Revoke API key: Remove your YouTube API key from the extension at any time through the extension settings
• Cancel subscription: Cancel your Pro subscription at any time through your account settings or Stripe's customer portal
• Disable analytics: Turn off all anonymous usage analytics from the extension settings. When disabled, no analytics data leaves your browser.
• Reset anonymous ID: Rotate your anonymous analytics ID at any time through the extension settings, effectively breaking any link to prior anonymous activity.
• Data portability: Request your data in a machine-readable format

To exercise these rights, contact us at support@commentgem.com.

6. Cookies

The commentgem.com website may use essential cookies for authentication and session management. We do not use advertising or tracking cookies. The Chrome extension uses chrome.storage.local for storing your preferences and API key — this is not a cookie and is not accessible by websites.

7. Third-party links

Our extension and website may contain links to third-party services (YouTube, Stripe, Google Cloud Console). We are not responsible for the privacy practices of these services. We encourage you to review their respective privacy policies.

8. Children's privacy

CommentGem is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of CommentGem after changes are posted constitutes acceptance of the revised policy.

10. Google API Services User Data Policy

CommentGem's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use YouTube Data API access to fetch publicly available comment data for the features described in this extension.

11. Contact us

If you have questions about this Privacy Policy or our data practices, please contact us at support@commentgem.com.