Privacy Policy

We collect information that customers and users provide directly, including account names, business or workspace names, tenant administrator names and email addresses, billing contact email addresses, allowed website domains, setup preferences, support requests, and messages sent to us.

When visitors use Commentr widgets, we process comment content, commenter display names, commenter email addresses when email verification or authored-comment access is used, moderation status, thread or page references, timestamps, and technical identifiers needed to operate the widget and prevent abuse.

We also collect service data such as tenant keys or key prefixes, portal session data, email verification events, webhook events, subscription status, invoice and payment identifiers, usage counts, logs, diagnostics, device/browser details, IP-derived security signals, and similar operational records.

Subscription checkout, payment method management, invoices, renewals, cancellations, and dunning are handled by Stripe. Payment card details are collected by Stripe Checkout or Stripe Customer Portal and do not pass through Commentr servers. Commentr stores Stripe customer, subscription, price, invoice, checkout session, and payment intent identifiers so that we can reconcile billing state and provide customer support.

We use information to create and manage workspaces, provide tenant portals, authenticate administrators and commenters, display and moderate comments, send setup and verification emails, process subscriptions, measure fair-use limits, detect and prevent abuse, secure the service, troubleshoot problems, respond to support requests, maintain business records, and comply with legal obligations.

We may use aggregated or de-identified information to improve Commentr, understand product usage, and develop new features, provided that the information does not identify a particular person or customer.

We share information with service providers that help us operate Commentr, including hosting, database, email delivery, analytics or diagnostics, security, customer support, and payment processing providers. These providers may process information only as needed to provide services to us and are expected to protect it appropriately.

We may disclose information if required by law, legal process, or a valid government request; to protect the rights, safety, and security of Commentr, our customers, users, or the public; or in connection with a merger, acquisition, financing, or sale of assets. We do not sell raw comment content or customer workspace data.

Customers decide which websites use Commentr, what comments are collected, which administrators have access, and how comments are moderated. For personal information processed through a customer's website or tenant portal, the customer may be the data controller or business, and Commentr may act as a processor or service provider. Customers are responsible for providing any privacy notices, consent mechanisms, and legal bases required for their own websites and end users.

Commentr may use cookies, local storage, or similar technologies to keep administrators signed in, maintain tenant portal sessions, remember verification state, secure requests, and operate embedded widgets. Customers using Commentr on their own websites are responsible for any cookie or tracking notices required by applicable law.

We retain information for as long as needed to provide the service, maintain workspaces, comply with legal and accounting obligations, resolve disputes, enforce agreements, protect against abuse, and support customers. Customers may request deletion of workspaces or account information, subject to billing, security, backup, and legal retention requirements.

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. No internet service can be guaranteed to be completely secure, and users should protect tenant keys, portal access, and account credentials.

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, or objection to certain processing of personal information. You may also have the right to opt out of certain sharing or targeted advertising, if applicable. We will respond to valid requests as required by applicable law and may need to verify your identity before acting on a request.

If your information was submitted through a customer's website, we may direct your request to that customer when they control the relevant data.

Commentr is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Customers may not use Commentr in a way that requires collection of children's personal information unless they have all required legal authority and safeguards.

Commentr and its service providers may process information in the United States and other countries where our providers operate. These countries may have privacy laws that differ from those in your location.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised date. Customers may request support or privacy help through the support contact listed in their setup email or by contacting Commentr through the website.