Privacy Policy

ExportComments ("we", "us", "our") operates the website exportcomments.xyz and the related dashboard, browser extension, and API (collectively, the "Service"). This Privacy Policy describes how we collect, use, and share information about you when you use our Service.

By using ExportComments, you agree to the collection and use of information in accordance with this policy.

We collect the following categories of information:

• Account data: name, email address, hashed password (or Google OAuth identifier).
• Billing data: subscription plan, transaction IDs from PayPal. We do not store credit card numbers — they are handled by PayPal.
• Usage data: exports you create, monitors you set up, API requests, and aggregate analytics.
• Technical data: IP address, browser type, OS, and device identifiers used for security and abuse prevention.
• Communications: messages you send through support tickets or the contact form.

We use your information to:

• Provide, operate, and maintain the Service.
• Process payments and manage subscriptions.
• Send transactional emails (account, billing, support replies).
• Detect and prevent fraud, abuse, and security incidents.
• Improve the product through aggregate analytics.
• Comply with legal obligations.

We do not sell your personal information, and we do not use your account data to train AI models.

When you export comments from a public social post, we fetch comment data from that platform on your behalf. This data is stored in your account only, encrypted at rest, and is visible only to you.

You are responsible for ensuring you have the right to access and process comments under the source platform's terms and applicable law (e.g. GDPR Article 6 lawful basis).

We use essential cookies for authentication and session management, and limited analytics cookies to understand product usage. See our Cookie Policy for details.

We share data with the following processors:

• Neon (PostgreSQL): database hosting (US/EU).
• Vercel: application hosting and CDN.
• PayPal: payment processing.
• Resend: transactional email delivery.
• Google OAuth: sign-in (only if you choose this method).

Each processor is bound by contract to use your data only as instructed by us and to maintain appropriate security measures.

• Account data: retained while your account is active.
• Export files: retained until you delete them or close your account.
• Billing records: retained for 7 years for tax compliance.
• Server logs: 30 days.

When you delete your account, we delete personal data within 30 days except where retention is legally required.

If you are in the EU, UK, or California you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data.
• Receive a copy of your data in a portable format.
• Object to processing or request restriction.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, email privacy@exportcomments.xyz. We respond within 30 days.

We use industry-standard measures: encryption in transit (TLS) and at rest (AES-256), hashed passwords (bcrypt), least-privilege database access, and regular security reviews. No system is perfectly secure — please report suspected vulnerabilities to security@exportcomments.xyz.

We process data primarily in the United States and the European Union. Where data is transferred across borders, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

ExportComments is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. The "Effective" date at the top of this page indicates the latest revision.

Questions about this policy? Email privacy@exportcomments.xyz.