Privacy Policy

Last Updated: May 2026

Your Control Over Your Data: CommentShark will not do anything without your permission. We only access your YouTube channel to view your channel information and to post comments on your behalf when you explicitly request it. CommentShark will not make any changes to your channel without your direct action.

This Privacy Policy explains how CommentShark collects, uses, and protects your information when you use our service. By using CommentShark, you agree to the collection and use of information as described in this policy.

Revoking Access

You can revoke CommentShark's access to your data at any time via Google's security settings:

https://security.google.com/settings/security/permissions

YouTube Data API

CommentShark uses YouTube API Services as an API client and follows the YouTube API Services Terms of Service. By using CommentShark, you agree to be bound by the YouTube API Services Terms of Service and Google's Privacy Policy.

Information We Collect

CommentShark collects minimal information necessary to provide the service:

  • Login Information: Your email address and name from Google OAuth authentication
  • YouTube Channel Data: Basic channel information, video details, and comments (as authorized by you)
  • Payment Information: If you subscribe to a paid plan, payment processing is handled by Stripe. CommentShark does not store your credit card or payment details.

We do not collect or store any sensitive information such as passwords. All authentication is handled securely through Google OAuth.

How We Use Your Information

CommentShark uses the information collected from your YouTube account, including YouTube API Services data, solely to provide and improve the service you have signed up for. Specifically, your information is used to:

  • Authenticate you and maintain your account session via Google OAuth.
  • Read your channel metadata, video metadata, and comments so we can display them in your dashboard and analytics views.
  • Match incoming comments against the moderation and auto-reply rules you have configured, and — only when a rule fires — post replies, moderate, or remove comments on your behalf via the YouTube Data API.
  • Generate AI-assisted reply suggestions and rule recommendations when you explicitly invoke an AI-powered feature.
  • Provide aggregate analytics (sentiment, engagement, top commenters) about your own channel back to you.
  • Send transactional emails (sign-in confirmations, billing receipts, security alerts) and, only if you have opted in, periodic activity-digest emails about your channel.
  • Process payments and manage subscription entitlements for paid tiers.
  • Maintain service reliability, detect abuse, debug errors, and comply with legal obligations.

We do not use YouTube API Services data, or any data derived from it, to train generalized AI/ML models, to build advertising profiles, or for any purpose other than providing the CommentShark service to you. We do not sell your data.

How We Process Your Information

Your information is processed on cloud infrastructure operated by Amazon Web Services (AWS) in the United States. Processing includes:

  • Storing OAuth refresh tokens (encrypted at rest) so the service can call the YouTube Data API on your behalf for the features you have enabled.
  • Storing a rolling window of your synced YouTube comments and channel metadata (maximum 30 days — see "Data Retention" below) in a managed database, used as a working set for matching, analytics, and the dashboard.
  • Sending comment text and prompt context to our third-party AI providers when, and only when, you invoke an AI-powered feature (e.g. AI reply, rule suggestion, sentiment classification). The providers we use for this purpose are listed below.
  • Generating short-lived embeddings of comments and transcripts to power semantic search and matching features.
  • Logging request and event metadata (no comment bodies in long-term log storage beyond what is necessary to debug a specific failure) for monitoring and abuse prevention.

All data is transmitted over TLS in transit and encrypted at rest. Access to production systems is restricted to authorized CommentShark personnel and is audit-logged.

How We Share Your Information

CommentShark does not sell, rent, or trade your personal information or YouTube API Services data. We share information only as described below.

Internal parties

Within CommentShark, access to user data is limited to the authorized engineering, support, and operations personnel who need it to operate the service, respond to support requests, or investigate abuse or security incidents. All personnel are bound by confidentiality obligations. We do not share user data with internal teams for marketing, advertising, or model-training purposes.

External parties (sub-processors)

We rely on the following third-party service providers ("sub-processors") to operate CommentShark. Each receives only the minimum data necessary to perform its function, and each is contractually required to protect that data:

  • Google LLC (YouTube Data API, Google OAuth) — Authentication, channel/video/comment reads, and writes (posting replies, moderating comments) you authorize. Governed by Google's Privacy Policy.
  • Amazon Web Services, Inc. (AWS) — Hosting, compute (Lambda), database, object storage (S3), email delivery (SES), and supporting infrastructure in the United States.
  • Stripe, Inc. — Payment processing for paid subscriptions. CommentShark never sees or stores your full card number; Stripe handles payment data under its own privacy policy.
  • Google LLC (Gemini API) — Additional AI inference for AI-powered features, invoked only when you explicitly use those features. Data submitted via the paid Gemini API is not used to train Google's models.

We will update this list when sub-processors change. We do not transfer YouTube API Services data to any third party for the purpose of advertising, model training, profiling, or any use beyond providing CommentShark functionality to you.

Legal and safety

We may disclose information when we have a good-faith belief that doing so is required by law, valid legal process (e.g. a subpoena or court order), or necessary to protect the rights, safety, or property of CommentShark, our users, or the public — for example, to prevent fraud, abuse, or security incidents. Where legally permitted, we will notify the affected user before disclosure.

Business transfers

If CommentShark is involved in a merger, acquisition, financing due-diligence, reorganization, bankruptcy, or sale of assets, user information may be transferred as part of that transaction. We will notify you (via email and/or a prominent notice on this page) of any such change in ownership or use of your information.

Log Data

When you use CommentShark, we may collect standard log data through our hosting infrastructure. This may include:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent
  • Error logs for debugging purposes

This data is used solely for maintaining service quality, debugging issues, and improving the user experience.

Cookies and Authentication

CommentShark uses JSON Web Tokens (JWT) for authentication rather than traditional cookies. Google's OAuth authentication service may use cookies as part of the login process. We do not use tracking cookies or third-party advertising cookies.

Data Storage and Security

Your data is stored securely using industry-standard practices with encryption in transit and at rest. While we strive to use commercially acceptable means of protecting your information, please be aware that no method of electronic transmission or storage is 100% secure.

Data Retention

Synced YouTube comment and channel metadata are retained for a maximum of 30 days and then automatically purged. Audit and activity logs are retained for up to 90 days for support and debugging purposes.

If you delete your CommentShark account, all synced YouTube data is deleted immediately, your OAuth refresh token is revoked, and any active subscription is cancelled. You can also revoke CommentShark's access to your YouTube data at any time through Google security settings, which immediately prevents further synchronization.

Service Status

CommentShark offers both free and paid subscription tiers. Users may subscribe to paid plans to access advanced features, higher usage limits, and AI-powered capabilities. While we make every effort to provide reliable service, the platform may occasionally be unavailable for maintenance or updates. User data may be modified or removed as part of system updates.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by posting the updated policy on this page with a new "Last Updated" date. Your continued use of CommentShark after any changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at support@commentshark.com

View Terms of Service →