Privacy Policy

CommentsPickerPro is the data controller for personal data collected through this website and application. If you have questions about how we handle your data, contact us at commentspickerpro@gmail.com.

We collect information you provide directly: • Account data: name, email address, hashed password. • Platform credentials: social media API tokens you enter in Settings (AES-256 encrypted at rest). • Campaign data: source URLs, filter rules, comment text, and winner records. • Payment data: handled exclusively by Paddle. We store only your Paddle customer ID. • Usage data: pages visited, features used, session timestamps, and browser/OS type.

We process your personal data on the following legal bases: • Contract performance: processing account and campaign data is necessary to provide the service (Art. 6(1)(b) GDPR). • Legitimate interests: analytics and security monitoring (Art. 6(1)(f) GDPR). • Legal obligation: retaining transaction records as required by applicable tax laws (Art. 6(1)(c) GDPR). • Consent: for optional marketing emails, which you may withdraw at any time.

CommentsPickerPro uses YouTube API Services to fetch and display YouTube comments on your behalf. By using YouTube-related features, you also agree to Google's Terms of Service: https://www.youtube.com/t/terms Our use of information received from YouTube APIs is governed by Google's Privacy Policy: https://policies.google.com/privacy You may revoke CommentsPickerPro's access to your YouTube/Google account at any time via Google's Security Settings page: https://myaccount.google.com/permissions For Facebook and Instagram, we access public comments via the Meta Graph API only for posts you specify. We request the minimum permissions required and do not post, delete, or modify any content on your behalf. To request deletion of Facebook/Instagram data we hold, visit: https://commentspickerpro.com/data-deletion For all connected platforms (YouTube, TikTok, Instagram, Facebook, Twitter/X), comment data is: • Stored only for your active campaign and history retention period (7 days). • Never sold, shared with third parties, or used to train AI models. • Processed strictly to provide the comment-picking functionality you requested. • Deleted within 24 hours of disconnecting the platform or closing your account.

• Account data: retained for the lifetime of your account and deleted within 30 days of closure. • Campaign & comment data: retained for 7 days after campaign end, then purged. • Winner records: retained indefinitely unless you delete them manually. • Payment records: retained for 7 years as required by tax law.

Under GDPR and applicable privacy laws, you have the right to: • Access: request a copy of all personal data we hold about you. • Rectification: correct inaccurate or incomplete data. • Erasure: request deletion of your account and associated data. • Portability: receive your data in a structured, machine-readable format. • Objection: object to processing based on legitimate interests. • Restriction: request we limit how we process your data. To exercise any right, email commentspickerpro@gmail.com. We will respond within 30 days.

We do not sell personal data. We share data only with: • Paddle (payment processing) — subject to Paddle's Privacy Policy. • Hosting/infrastructure providers under data processing agreements. • Law enforcement when legally required.

We use session cookies for authentication and local storage for preference settings. No third-party advertising cookies are placed. See our Cookie Policy for full details.

We implement industry-standard security measures: HTTPS everywhere, AES-256 encryption for credentials at rest, bcrypt password hashing, rate limiting, and regular dependency audits.

We may update this policy to reflect changes in law or our practices. We will notify registered users by email at least 14 days before material changes take effect.

You can request complete deletion of your account and all associated data at any time: • In-app: Go to Settings → Danger Zone → Delete Account. • By email: Send a request to commentspickerpro@gmail.com with the subject line "Data Deletion Request" and include the email address linked to your account. We will delete all your data within 30 days and send a confirmation email. For Facebook and Instagram users: If you connected your Facebook or Instagram account to CommentsPickerPro, you can request deletion of all Facebook/Instagram data we hold by visiting our dedicated data deletion page: https://commentspickerpro.com/data-deletion Disconnecting your Facebook or Instagram account immediately revokes our API access and deletes stored tokens. Any cached comment data is purged within 24 hours.