Privacy Policy

1. Introduction

Comment Assistant ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and web application (collectively, the "Service").

By using Comment Assistant, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Password (encrypted and hashed)
• Google account information (if you sign up with Google OAuth)

2.2 API Keys

We securely store your OpenAI API key in our database. This key is encrypted and used solely to generate AI-powered replies on your behalf. We never share your API key with third parties.

2.3 Usage Data

We may collect information about how you use the Service, including:

• Number of replies generated
• Types of replies requested
• Extension usage patterns

2.4 Technical Data

We automatically collect certain technical information, including:

• Browser type and version
• Device information
• IP address (for security and analytics)
• Session cookies

3. How We Use Your Information

We use the collected information for:

• Providing and maintaining the Service
• Authenticating your account and managing your session
• Processing your API requests to generate replies
• Sending verification emails and password reset codes
• Improving and optimizing the Service
• Detecting and preventing fraud or abuse
• Complying with legal obligations

4. Data Storage and Security

We implement industry-standard security measures to protect your information:

• All passwords are hashed using secure algorithms
• API keys are encrypted at rest in our database
• Data transmission is encrypted using HTTPS/TLS
• Regular security audits and updates
• Access controls and authentication requirements

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Third-Party Services

5.1 OpenAI

We use OpenAI's API to generate replies. When you use our Service, your API key and the content you request replies for are sent to OpenAI. Please review OpenAI's Privacy Policy to understand how they handle your data.

5.2 Google OAuth

If you sign up using Google, we receive basic profile information (email, name) from Google. This is governed by Google's Privacy Policy.

5.3 Hosting Services

Our Service is hosted on Render (backend) and Netlify (frontend). These services may process your data as necessary to provide hosting services.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in operating our Service (e.g., hosting, email delivery)
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share your information

7. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Update: Correct or update your account information
• Delete: Request deletion of your account and data
• Opt-out: Uninstall the extension at any time
• Data Portability: Request your data in a portable format

To exercise these rights, please contact us at the email address provided below.

8. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze Service usage

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of the Service.

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to the transfer of your information to these countries.

11. Data Retention

We retain your personal information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: