In this policy, Commento refers to the service offered by Commento, Inc. (the "Company" or "We") through the commento.io website (the "Service"). We sometimes refer to "You". "You" may be a visitor on one of our websites, a user of one or more of our Services ("User" or "Customer"), or a visitor of a User's website embedding the Service ("Visitor"). This document explains what information we collect through your access and use of our Service and how we make use of this information.
What happens when you create an account?
When you create a new account as a User, your full name and email address will be collected. The email address will serve as your identity for all operations on the Service. You will receive all important notifications such as confirmation emails, password reset links, billing invoices, payment reminders, and any updates to our policies and terms of service through this email address. Your email address will not be shared with any external entity or used for any other purpose.
We are required to take certain measures in order to prevent spammers from excessively creating new accounts. This is to prevent an unfair degradation of service to non-malicious Users, which might arise from a consistent attack from spam bots or human spammers. Commento may use reCaptcha and email verification to mitigate such issues, blacklist offending IP addresses, and other techniques.
What data do we collect?
We make it a policy to collect as little user information as possible to allow Users of the Service and Visitors on other websites using the Service to maintain internet privacy, and optionally, allow anonymity.
Service's user data collection is limited to the following:
- Visiting our website: We use Google Analytics on the home page, the plans and pricing page, and the demo page only. This is in order improve these pages by identifying Customer behavior in order to understand and optimize.
- Creating an account as a Customer: As described in the previous section, no personally identifiable information except for your full name and email address is collected.
- Entering payment information: We will collect payment information for the continued offering of the Service at the expiration of the trial period. We use Stripe as the payments processor. No credit card information ever touches our servers — instead, Stripe, a PCI-compliant service (PCI Service Provider Level 1), will store the Customer's payment details providing us with a unique, secret token mapped to your information. This token is then associated with your account on our records and used for all transactions.
- Visiting a website embedding the Service: No information except for incrementing a counter recording the number of visits is collected. This counter is simply used to impose usage limits on Customer accounts. If you are only visiting a website embedding the Service as a Visitor without authenticating yourself, no cookies will be stored in your browser. We do not embed any third-party scripts of any kind in websites using the Service.
- Authenticating as a Visitor of a website embedding the Service: When you choose to authenticate yourself as a Visitor on a website embedding the Service, a unique, randomly generated token ("Session") will be stored as a cookie in your browser in order to remember you on future visits. Upon successfully authenticating yourself with a OAuth provider, all the information returned by the provider is stored and associated with your Session. This may include, but is not limited to, your full name, your email address, your photo, and an URL to your public profile. By authenticating yourself as a Vistor on a website embedding the Service, you consent to allow the Service to display all information except your email address publicly on all comments you create. This information will never be sold to advertisers, marketing agencies, or any other organization for user tracking or any other purpose.
- Communications with the Company: All communications with the Company, such as support requests, feature requests, bug reports, or any feedback may be saved by our staff. This information may also be displayed publicly (such as in the case of testimonials).
- IP Logging: The Service will never log the IP addresses used to access our Service as an User or a Visitor, except in the scenario where it is required to ban or blacklist a particular IP address as a response to spam, malicious, or abusive content. Another exception to this rule is that we may log the IP address used to authenticate yourself as a site administrator for your security.
- Data Use: We do not have any advertising on our website. Any data that we do have will never be shared except under the circumstances described below in our Data disclosure policy. We do not do any analysis on the limited data we do possess with two exceptions:
- Spam filtering: In order to protect other visitors from unwanted spam content, all comments may be automatically scanned for spam in order to block IPs and ban Visitors.
- Basic anonymous statistics: Anonymous statistics may be presented to Customers (answering questions such as "how many comments were made on my website this month?"). This is only for the eyes of the owner of the domain where a Visitor may have created a comment. This is completely anonymous.
Data storage: location, security, and reliability
The Company uses the services of DigitalOcean
to host all components in the United States. All care is taken to securely protect your data, including the encryption of all user data using a secret key accessibly only to the employees of the Company. Backups of the entire database are regularly made in the event it is necessary to restore user data.
When a Customer deletes a domain through the web dashboard interface, all information related to the domain (including user comments, voting data, and views) is permanently deleted from all production servers. Deleted data may be retained in our backups for up to 14 days.
Data disclosure policy
We do not
sell or rent data to any third party, including marketers, advertisers, and tracking agencies.
We may, however, use and disclose data as we believe necessary:
- under applicable law, or payment method rules;
- to enforce our terms and conditions;
- to protect our rights, privacy, safety or property, you or others;
- to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
We may, from time to time, contest court orders if there is a public interest in doing so. In such situations, the Company will not comply with the court order until all legal or other remedies have been exhausted. Therefore, not all court orders may lead to data disclosure.
We reserve the right to periodically review and change this policy from time to time. We will notify all Customers about any such changes through the email address registered with us. Continued use of the Service will be deemed as acceptance of such changes.
Because email communications are not always secure, please do not include credit card or other sensitive data (such as racial or ethnic origin, political opinions, religion, health, or the like) in your emails to us.