CGM ComparatorCGM Comparator
Legal

Privacy Policy

Last updated: March 2026

1. Who we are

CGM Comparator is a research platform developed by Xinxin Yu, a graduate researcher at the University of Waterloo. Contact: x57yu@uwaterloo.ca.

2. What data we collect

  • Account data via Google OAuth: When you sign in with Google, we receive your name and email address from Google. We do not receive or store your Google password.
  • CGM data you upload: Files and prompts you submit are processed by AI models to generate analyses. This data is stored in association with your account to power the session records feature.
  • Usage logs: Standard server logs including IP address, browser type, pages visited, and timestamps. Used for operational reliability and security monitoring only.
  • Billing data: If you upgrade to a paid plan, payment processing is handled entirely by Stripe. We do not store credit card numbers.

3. How we use your data

  • To authenticate you and maintain your session
  • To run AI model analyses on the data you submit
  • To store and display your session history
  • To process payments and manage subscription plans
  • To maintain platform security and reliability

We do not sell your data or use it for advertising.

4. Third-party services

  • Google OAuth — for authentication. Governed by Google's Privacy Policy.
  • AI model providers (OpenAI, Anthropic, Google Gemini, DeepSeek, Cohere) — your uploaded data is sent to these providers to generate analyses. Each has its own privacy policy.
  • Stripe — for payment processing. Governed by Stripe's Privacy Policy.
  • Neon / PostgreSQL — for database storage. Data is stored in encrypted form in-transit and at rest.

5. Data retention

Your account and session data are retained while your account is active. Free-tier session history is retained for 7 days; Pro for 90 days; Team indefinitely. You may request deletion of your account and all associated data by emailing x57yu@uwaterloo.ca. Requests are processed within 30 days.

6. Security

We use HTTPS for all traffic, store passwords as cryptographic hashes (bcrypt), and use session tokens stored in browser session storage (cleared when the tab is closed). We do not use persistent tracking cookies or advertising pixels.

7. Your rights

Depending on your jurisdiction (GDPR, CCPA, PIPEDA), you may have rights to access, correct, export, or delete your personal data. Contact x57yu@uwaterloo.ca to exercise any of these rights.

8. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users or via a notice on this page. The "Last updated" date at the top will always reflect the most recent revision.

HomeAboutTerms of ServiceContact