This documentation site is about the unstable (upcoming) Comentario version.  Switch to the stable version »

Privacy Policy

Detailed explanation of how we deal with your data

Welcome to the Comentario privacy policy! We pride ourselves upon the fact that we’re privacy-focused. This document explains what information we collect through your access and use of our service and how we make use of this information.

In this Policy, Comentario refers to the service offered by Yktoo Solutions (the “Company” or “We”) through the Comentario website (the “Service”) and the related websites (the “Services”); this umbrella term includes the provided applications, content, and other relevant parts of the functionality. We sometimes refer to “You”, which may be a visitor on one of our websites, a user of one or more of our services (“User” or “Customer”), or a visitor of a page containing comments handled by the service (“Visitor”). This Policy is further complemented by Comentario’s Terms of Service.

If you do not agree with our policies and the terms of the aforementioned Terms of Service, please do not use our Service. By accessing or using our Service, you agree to this Policy.

1. Controller and Processor

Data protection laws and privacy laws in certain jurisdictions differentiate between controllers and processors of personal information. A controller decides why and how to process personal information. A processor processes personal information on behalf of a controller and following the controller’s specification. When you create a comment on a website embedding Comentario, hence becoming a User, we are acting as a controller. When you open a website owned by a User and embedding Comentario, we are acting as a processor.

Our use of Personal Information is to further our legitimate interests to:

  • understand who our Users are,
  • manage our relationship with you and other Users,
  • carry out core business operations such as billing and fulfilling regulatory obligations; and
  • help detect, prevent, or investigate security incidents, fraud, and other abuse or misuse of our Service.

2. What data do we collect?

While using our Service we may collect information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, to you (“Personal Information”). This does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked with you.

2.1. Data provided by User

  • Account creation
    When you create a new account as a User, your full name, email address, and IP address will be collected. If you create an Account using your login from a third-party account, such as Google, Facebook, or Twitter, we will access and collect your personal information provided by that third-party account. The amount of information that is shared with us from that third-party account depends on your privacy settings on your third-party account.
    The email address provided by you will serve as your identity for all operations on the Service. You will receive all important notifications such as confirmation emails, password reset links, and any updates to our Policies and Terms of Service through this email address. Your email address will not be shared with any external entity or used for any other purpose, except in cases when we are obliged to do so by law.
  • Viewing comments
    When you as a Visitor view a page embedding Comentario, Comentario collects and stores the page’s URL and depersonalised properties of your web browser, as well as your country.
  • Leaving a comment
    When you as a User write a comment on a website embedding Comentario, Comentario collects and stores user session information. This applies to both authenticated and unregistered Users.
  • Misuse and abuse prevention
    We are required to take certain measures in order to prevent malicious users (such as spammers and bots) from excessively creating new accounts. This is to prevent an unfair degradation of service to non-malicious users, which might arise from a consistent attack from bots or human users. The Service may use CAPTCHA and email verification to mitigate such issues, record your IP address at any point for blacklisting if found to be in violation of our terms, as well as other techniques.

2.2. Data collected automatically

  • Logging data
    When you use the Service, whether as an authenticated or an unregistered User, we may automatically record information that your browser sends whenever you view or write Comentario comments (“Logging data”). This Logging data may include information such as your IP address, device settings (such as device and browser type, operating system, language preferences), the time and date of each access. We use this information to monitor and analyse the use of the Service, to fend off malicious activity, and to maintain the required service level.
  • Cookies and local storage
    We use cookies and other forms of local data storage provided by your browser for record-keeping purposes, such as storing your Service session identifier and your preferences in the Service. We may also use cookies and other forms of local data storage provided by your browser, in depersonalised form, for analysing the performance of the Service, including third-party analytical engines such as Google Analytics.

2.4. No special category of personal data

We do not collect, process, or otherwise use any sensitive personal data or any special category of personal data, as such terms are defined under applicable privacy laws, as a condition of using the Service.

3. Purposes your personal information is used for

We will share Personal Information in the following circumstances:

  • Operation of our Site and providing the Service.
  • Processing and completion of requested transactions.
  • Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Compliance with legal and regulatory requirements.
  • Enforcement of our Terms of Service and as otherwise described in this Policy.

The purpose of our Service is to allow visitors and users to exchange information on collaborating websites. As a result, some Personal Information may be shared with third parties as described below:

  • Comments you create
    When you leave a comment, it will be publicly available to anyone with access to the website embedding Comentario.
  • Information we share with Users
    We may share the Personal Information we collect as described in this Policy with our Users. When a page embedding comments is viewed, the Users with access to the domain in question may be able to view aggregated information about views of the page, including browser characteristics, geographic regions and other properties of the area where the content is being viewed.
  • Service providers
    We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to improve our Service and to perform Site-related services (such as, without limitation, maintenance services, database management, web analytics, payment processing, fraud detection, and Service enhancement) or to assist us in analysing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
  • Analytics and search engine providers
    We may share Personal Information with analytical and search engine providers that assist us in the improvement and optimisation of the Service.
  • Feedback We may collect feedback from you about your experience to compare your experience with other Users of the Service to improve its quality. This feedback is the property of the Company, and we reserve the right to share it with any third-party.
  • Acquisition, merger, bankruptcy
    The Company may sell, transfer, or otherwise share some or all its assets, including your Personal Information, in connection with a merger, acquisition, reorganisation, sale of assets, or in the event of bankruptcy.
  • Disclosures without your consent
    We may disclose information in response to subpoenas, warrants, court orders, or in connection with any legal process, or in order to comply with relevant laws. We may also share your information in the event of an emergency, to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or otherwise act regarding possible illegal activities, suspected fraud, the safety of person or property, or a violation of our policies.
  • Disclosures with your consent
    We will share information about you when you instruct us to do so, such as when you write a comment through the Service or if we notify you that the information you provide will be shared in a particular manner and you provide such information.

We may also share aggregated information that does not include Personal Information and we may otherwise disclose non-identifying information and Logging data to parties for industry analysis, demographic profiling, and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.

4. Marketing and advertising

We use your Personal Information to tailor our marketing and advertising efforts. To do this, we provide your information to third party advertising networks (such as Google AdSense) and social media companies (such as Facebook, Twitter, and other social media platforms). When we provide data to agencies, ad networks, and other parties for targeted advertising, we do not provide them with your name, financial information, or any other sensitive information. We use online identifiers such as email, cookies, and device identifiers to help us provide targeted advertising to you and others like you.

We may also use aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal information we have collected from you to enable us to display advertisements to target audiences.

To opt out of targeted advertising, you may use the following links provided by third parties that manage opt outs for some ad networks:

5. Email communication

When you sign up for our Services, we may send you marketing emails. You can opt-out at any time by selecting the “Unsubscribe” option in the email you received from us. The withdrawal of your consent will not impact the lawfulness of processing based on your consent prior to the withdrawal.

Please note that even if you opt-out of receiving commercial emails, you will still receive emails that are transactional in nature, such as actions taken on your account, updates to our online policies, and other transactional communications.

6. Data storage and rights

6.1. Data location

The company uses the services of Netlify (USA), Cloudflare (USA), and Scaleway (France/Netherlands) to host all components. All care is taken to securely protect your data, including the encryption of all user data using a secret key accessibly only to the employees of the company (your password is not accessible to anyone as it’s cryptographically hashed). Backups of the entire database are regularly made in the event it is necessary to restore user data.

6.2. Cross-border data transfers

When you use our Service, your Personal Information may be transferred to our service providers and trusted partners who maintain processing facilities outside the European Economic Area (“EEA”). This is only for the purposes of providing, and to the extent necessary to provide, the Service to you. The privacy laws in these countries may not be as protective with your information as the laws in your jurisdiction. Nonetheless, the Company takes reasonable measures to ensure that adequate security measures are in place to safeguard and maintain the integrity of your Personal Information on transfer.

6.3. Data retention

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

When you choose to delete your account through the Service’s web interface, all derived information related to the account (including, but not limited to, comments, connected domains, and usage data) is permanently deleted from all servers. The account itself is kept in our registry for the duration of up to one year. Deleted data may be retained in our backups for another 30 days.

6.4. Data cleanup

In order to maintain the level of performance of the service, we execute periodic data cleanup routines to remove data that we deem either obsolete or irrelevant. These data items are in general removed within 90 days, or less.

Our cleanup routines are laid out in the Addendum I to this privacy policy.

6.5. Your data rights

  • Deletion
    You can ask us to delete all or some of your Personal Information (for example, if it is no longer necessary to provide the Service to you). In such case you may no longer be able to use the Service unless you create a new account with us.
  • Change or correct
    You can edit some of your Personal Information through your Account. You can also ask us to change, update, or fix your Personal Information in certain cases, particularly if it is inaccurate.
  • Object to, or limit or restrict, use of information (“Opt-Out”)
    You can ask us to stop using all or some of your Personal Information or to limit our use of it (such as objecting to the processing of your Personal Information for our marketing purposes).
  • Right to access or take your information
    You can ask us for a copy of your Personal Information and can ask for a copy of Personal Information you provided in machine readable form.
  • Right to non-discrimination
    We will not discriminate against you for exercising your data rights. To make a request please use our contact form. We will consider your request in accordance with applicable laws.

Please note that when certain requests will be subject to necessary verification requirements. Only you or someone legally authorised to act on your behalf may exercise the right to deletion and the right to access or take your information. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

We will only use Personal Information provided in the request to verify the requestor’s identity or authority to make it.

7. Not directed to children

Our Service is not directed to persons under 18. We do not knowingly collect information from persons under 18. As such, we do not knowingly “sell,” as that term is defined under applicable law, including the CCPA, the Personal Information of minors.

If you are a parent or guardian of a minor who is under 16 years old and using our Service, you may contact us using the contact form to request and arrange for deletion of any Personal Information, if any, we may have collected about the minor.

For privacy reasons we may first request proof of relationship to the minor.

Our Service, email updates, and other communications may occasionally contain links to websites of others, including our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

9. Modifications to Privacy Policy

We reserve the right to periodically review and change this policy from time to time. We will notify all customers about any such changes through the email address registered with us. Continued use of the service will be deemed as acceptance of such changes.

10. Contacting us

If you have any questions about this Privacy Policy, please contact us via the contact form.

Because email communications are not always secure, please do not include credit card or other sensitive data (such as racial or ethnic origin, political opinions, religion, health, or the like) in your messages to us.

Addendum I: Data Cleanup Policy

Data subject to removalRetention period
CommentsUntil deleted
User sessions28 days
Page views45 days

See also