Privacy Policy

1. Introduction

Comparly ("we," "us," or "our") operates comparly.io. This Privacy Policy describes how we collect, use, share, and protect personal information when you use our competitive intelligence service for analyzing App Store reviews.

By using our Service, you consent to the practices described in this Privacy Policy. If you do not agree with these practices, please do not use our Service.

2. Information We Collect

• Account information: When you register, we collect your email address through Supabase authentication (via email/password or OAuth providers such as Google).
• Payment information: Payment processing is handled entirely by Stripe. We store only your Stripe customer ID and subscription ID to manage your account. We never receive or store your credit card numbers or bank account details.
• Usage data: We collect information about your use of the Service, including analysis session history, app IDs you have analyzed, timestamps, and usage counts for rate limiting and service improvement.
• App Store data: When you analyze an app, we access publicly available App Store reviews and metadata from Apple's App Store. This data consists of user reviews written by third parties.
• Analysis results: AI-generated analysis outputs are cached on our servers to improve performance and reduce API costs.

3. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service
• Process payments and manage subscriptions
• Enforce rate limits and prevent abuse
• Cache analysis results for performance optimization
• Send account-related communications (such as billing notifications and service updates)
• Improve and develop new features for the Service

AI Training: We do not use your queries, analysis inputs, or results to train AI models. Review text sent to our AI provider (Anthropic) is subject to their commercial API data policies, which prohibit training on commercial API inputs.

4. Data Storage and Security

Your data is stored in our database systems and Supabase (for authentication). We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

We do not sell your personal information to third parties. While we take security seriously, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services to operate Comparly:

• Supabase: Authentication and user management
• Stripe: Payment processing (subject to Stripe's Privacy Policy)
• Vercel: Hosting and infrastructure
• Anthropic (Claude): AI analysis provider. Review text is sent to Anthropic's API for processing. Under Anthropic's commercial API terms, inputs are automatically deleted within 30 days and are not used for model training. For details, see Anthropic's Privacy Center.
• Sentry (if enabled): Error monitoring for backend services. No personally identifiable information is intentionally collected.

We may add analytics tools in the future to understand usage patterns. If we do, we will update this Privacy Policy accordingly.

6. Legal Disclosures

We may disclose your personal information when we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request (including subpoenas, court orders, or warrants)
• Enforce our Terms of Service or other agreements
• Protect the security or integrity of the Service
• Protect the rights, property, or safety of Comparly, our users, or the public

If we are legally required to disclose your information, we will attempt to notify you in advance (to the extent permitted by law) so you may seek protective measures.

7. Cookies and Tracking

We use authentication tokens stored in your browser to maintain your logged-in session. We do not currently use advertising or tracking cookies. If we implement analytics cookies in the future, we will update this policy and, where required by law, obtain your consent.

8. Data Retention

We retain your account information and usage data for as long as your account is active. Analysis results are cached and may expire based on changes to the underlying review corpus (typically when the review count shifts significantly).

When you delete your account, we will delete your personal information from our primary systems within 30 days. Some information may persist in backups for a limited period and will be deleted according to our backup retention schedule. Third-party services (such as Stripe and Supabase) may retain certain records according to their own data retention policies.

9. Your Rights

All users: You can access, update, or delete your personal information at any time through the Settings page. Full account deletion will remove all associated data, including analysis history, sessions, and authentication records within our primary systems.

California residents (CCPA/CPRA): If you are a California resident, you have the right to know what personal information we collect and how it is used, request deletion of your personal information, opt out of the sale of personal information (we do not sell your data), and not be discriminated against for exercising your privacy rights. To exercise these rights, contact us at the email below.

European Economic Area and UK residents (GDPR/UK GDPR): If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation, including:

• Right of access to your personal data
• Right to rectification of inaccurate personal data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing your personal data is typically contractual necessity (to provide the Service you requested), your consent (where applicable), or our legitimate interests (such as improving the Service and preventing fraud), balanced against your rights. To exercise your GDPR rights, contact us using the information below.

10. International Data Transfers

Comparly is based in the United States, and your data will be processed and stored in the United States. If you are accessing the Service from outside the United States, including from the EEA or UK, you acknowledge that your personal information may be transferred to, stored, and processed in a country that may not provide the same level of data protection as your home jurisdiction.

For transfers from the EEA or UK, we rely on appropriate legal mechanisms such as Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms. By using the Service, you consent to such transfers.

11. Children's Privacy

The Service is not intended for users under 13 years of age (or 16 in the EEA where applicable). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and notify you via the email address associated with your account or through a prominent notice on the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our data practices, please contact us at: support@comparly.io