Privacy Policy
Effective date: March 18, 2026 · Last updated: March 18, 2026
AI Model Comparator ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to our website and all related services (collectively, the "Service").
Our Privacy Commitment
- We never sell your personal data to third parties — not now, not ever.
- We may use anonymised, de-identified prompt data for research. We never re-identify it.
- You can export or delete your data at any time.
- We encrypt sensitive data in transit and at rest.
- We will notify you promptly in the event of a breach affecting your data.
1. Who We Are
AI Model Comparator is operated by the team behind app.423pm.com. For data-protection purposes, we are the data controller of personal information collected through the Service. Contact details are provided in Section 12.
2. Information We Collect
2.1 Information You Provide Directly
| Category | Examples |
|---|---|
| Account information | Email address, display name, password hash |
| Prompts and queries | Text you submit for AI model comparison |
| API keys | Third-party AI service keys you choose to store |
| Payment details | Billing name, address (card numbers handled by Stripe) |
| Custom system prompts | Saved system instructions you create |
| Support communications | Messages you send to our support channels |
2.2 Information Collected Automatically
When you use the Service we automatically collect: IP address; browser type and version; operating system; referring URL; pages visited and time spent; session identifiers; feature-usage events (e.g., models selected, export format used); and performance metrics (response times, token counts, error rates). This data is used to operate, secure, and improve the Service.
2.3 Cookies and Similar Technologies
We use the following types of cookies and local-storage tokens:
| Type | Purpose | Can you opt out? |
|---|---|---|
| Essential | Authentication session, CSRF protection | No — required for the Service to function |
| Analytics | Aggregate usage statistics (page views, feature adoption) | Yes — via the cookie banner or browser settings |
| Preference | Theme, language, last-used models | Yes — clearing site data removes them |
3. How We Use Your Information
We process your information on the following legal bases and for the following purposes:
| Purpose | Legal basis |
|---|---|
| Providing and operating the Service | Performance of contract |
| Processing payments and managing subscriptions | Performance of contract |
| Sending transactional emails (receipts, security alerts, magic links) | Performance of contract / Legitimate interest |
| Detecting and preventing fraud, abuse, and security incidents | Legitimate interest / Legal obligation |
| Improving and developing new features | Legitimate interest |
| Anonymised research and aggregate benchmarking (see Section 4) | Legitimate interest |
| Sending marketing communications (opt-in) | Consent |
| Complying with legal obligations | Legal obligation |
4. Anonymised Research and Aggregate Insights
We believe that understanding how AI models perform across diverse real-world prompts benefits the broader AI research community and helps us build a better product. To support this, we may analyse anonymised, de-identified versions of prompts and their corresponding AI model responses.
What "anonymised" means in practice: Before any prompt is used for research purposes, we apply a multi-step de-identification process that removes or generalises all direct identifiers (name, email, account ID) and indirect identifiers (IP address, precise timestamps, rare combinations of attributes) that could reasonably be used to re-identify you. The resulting data is stored separately from your account records.
What we do with it: We use anonymised data to: (a) measure and publish aggregate model-performance benchmarks; (b) train internal quality-scoring algorithms; (c) produce marketing materials illustrating the Service's capabilities; and (d) conduct or contribute to academic research on LLM evaluation. Any published findings present only aggregate statistics — individual prompts are never attributed to a specific user.
What we will never do: We will never attempt to re-identify anonymised data, sell it, or share it with third parties in a form that could identify you.
Opt-out: If you prefer that your prompts are excluded from research use entirely, you can toggle this off in Settings → Privacy. This setting takes effect immediately for future queries; previously anonymised data cannot be retroactively removed from aggregate datasets.
5. How We Share Your Information
We do not sell, rent, or trade your personal data to any third party for their own marketing or commercial purposes.
5.1 Third-Party AI Model Providers
When you submit a prompt, it is transmitted to the AI providers you select (e.g., OpenAI, Anthropic, Google, xAI) using either your own API key or our system key. Each provider receives the prompt text and processes it under their own privacy policy. We recommend reviewing the relevant provider policies before submitting sensitive information.
5.2 Service Providers (Sub-processors)
We engage trusted sub-processors to help us operate the Service. Each is bound by contractual data-processing agreements that restrict them to processing your data only on our instructions and prohibit them from using it for their own purposes.
| Sub-processor | Purpose |
|---|---|
| Stripe, Inc. | Payment processing and subscription management |
| Cloud hosting provider | Infrastructure, database, and file storage |
| SendGrid / Twilio | Transactional email delivery |
| Analytics provider | Aggregate usage analytics (privacy-preserving) |
5.3 Legal Disclosures
We may disclose your information if required by law, court order, or valid government request, or if we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect the rights, property, or safety of AI Model Comparator, our users, or the public; or (c) detect, prevent, or address fraud or security issues. Where permitted, we will notify you before making such a disclosure.
5.4 Business Transfers
If AI Model Comparator is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.
6. Data Security
We maintain a written information-security programme that includes the following technical and organisational measures:
| Control | Detail |
|---|---|
| Encryption in transit | TLS 1.2+ on all connections; HSTS enforced |
| Encryption at rest | API keys and passwords hashed/encrypted; database encrypted at rest |
| Password hashing | bcrypt with cost factor 12; passwords never stored in plaintext |
| Access controls | Role-based access; principle of least privilege; MFA for admin accounts |
| Brute-force protection | Automatic account lockout after repeated failed logins; email alert on lockout |
| Vulnerability management | Regular dependency audits; security patches applied promptly |
| Incident response | Written incident-response plan; breach notification within 72 hours where required |
No system is perfectly secure. While we take these measures seriously, we cannot guarantee absolute security and encourage you to use a strong, unique password and enable two-factor authentication where available.
7. Data Retention
| Data type | Retention period |
|---|---|
| Account data | Until account deletion, then 30 days in backup |
| Query history | Duration of active subscription; deleted within 30 days of account closure |
| API keys | Deleted immediately when you remove them from Settings |
| Billing records | 7 years (statutory requirement in most jurisdictions) |
| Security / audit logs | 90 days |
| Anonymised research data | Indefinite (cannot be linked back to you) |
8. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal data. To exercise any of them, contact us at the address in Section 12.
| Right | What it means |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Correct inaccurate or incomplete data (also available in Settings) |
| Erasure | Request deletion of your account and personal data within 30 days |
| Portability | Export your query history in JSON or CSV from the History page |
| Restriction | Ask us to pause processing while a dispute is resolved |
| Objection | Object to processing based on legitimate interest (including research use) |
| Withdraw consent | Opt out of marketing emails or research data use at any time |
We will respond to verified requests within 30 days (or the period required by applicable law). We may need to verify your identity before processing a request.
9. International Data Transfers
Our servers are located in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US, which may have different data-protection laws than your country. Where required (e.g., for transfers from the European Economic Area), we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure an adequate level of protection.
10. Children's Privacy
The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (to the address on your account) and/or by displaying a prominent notice within the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact and Data Protection Officer
For privacy questions, data-subject requests, or to report a concern, please contact us:
If you are located in the EEA and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local supervisory authority.
Cookie & Tracking Notice
We use cookies and browser fingerprinting to track anonymous visitors and improve your experience. This helps us understand how you use our site before and after signup. Your data is retained for 90 days and is used solely for analytics and service improvement. You can opt out at any time in your settings.
By dismissing this notice without declining, you consent to tracking. Learn more in our Privacy Policy.