Privacy Policy

Last updated: March 30, 2026

CommentGem ("we," "our," or "us") operates the CommentGem Chrome extension and the commentgem.com website. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

1. Information we collect

1.1 Information you provide

• Account information: If you create an account for Pro features, we collect your email address and an encrypted password.
• YouTube API key: If you provide your own YouTube Data API key (BYOK), it is stored in your browser's local storage. When you use the extension, your API key is transmitted to our server solely to make YouTube Data API calls on your behalf. We do not use your key for any other purpose. We are actively working toward a fully client-side architecture where your key never leaves your browser.
• Payment information: If you subscribe to CommentGem Pro, payment is processed by Stripe. We do not store your credit card number, CVC, or full card details. Stripe provides us with a customer ID and subscription status only.

1.2 Information collected automatically

• Usage data: We may collect anonymous usage statistics such as the number of videos analyzed, feature usage frequency, and error logs to improve the extension. This data is not linked to your identity.
• YouTube comment data: When you analyze a video, comments are fetched from the YouTube Data API in real-time. We may temporarily cache comment data on our server for performance purposes. We do not permanently store YouTube comments or associate them with your account.

1.3 Information we do NOT collect

• We do not collect your YouTube browsing history
• We do not access your YouTube account or credentials
• We do not track which videos you watch
• We do not sell any personal data to third parties

2. How we use your information

We use the information we collect to:

• Provide and maintain the CommentGem extension and its features
• Process YouTube Data API requests using your provided API key
• Manage your Pro subscription and billing through Stripe
• Send you important service updates (e.g., billing confirmations, security notices)
• Improve the extension based on anonymous usage patterns
• Respond to support requests

3. Data sharing

We do not sell, rent, or trade your personal information. We share data only with:

• Stripe: For payment processing (Pro subscriptions). Stripe's privacy policy applies to payment data.
• Supabase: For account authentication and user profile storage. Data is stored securely with row-level security policies.
• Google/YouTube Data API: Your API key is used to fetch publicly available YouTube comment data. Google's API Terms of Service apply.

4. Data storage and security

Your account data is stored in Supabase (hosted on AWS) with encryption at rest and in transit. Your YouTube API key is stored in your browser's local storage. When transmitted to our server for API calls, it is sent over HTTPS. We use industry-standard security measures to protect your data, but no method of transmission over the internet is 100% secure.

5. Your rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Delete: Request deletion of your account and associated data
• Revoke API key: Remove your YouTube API key from the extension at any time through the extension settings
• Cancel subscription: Cancel your Pro subscription at any time through your account settings or Stripe's customer portal
• Data portability: Request your data in a machine-readable format

To exercise these rights, contact us at support@commentgem.com.

6. Cookies

The commentgem.com website may use essential cookies for authentication and session management. We do not use advertising or tracking cookies. The Chrome extension uses chrome.storage.local for storing your preferences and API key — this is not a cookie and is not accessible by websites.

7. Third-party links

Our extension and website may contain links to third-party services (YouTube, Stripe, Google Cloud Console). We are not responsible for the privacy practices of these services. We encourage you to review their respective privacy policies.

8. Children's privacy

CommentGem is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of CommentGem after changes are posted constitutes acceptance of the revised policy.

10. Google API Services User Data Policy

CommentGem's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use YouTube Data API access to fetch publicly available comment data for the features described in this extension.

11. Contact us

If you have questions about this Privacy Policy or our data practices, please contact us at support@commentgem.com.