Privacy Policy
Last updated: April 2026
1. Introduction
Komments ("we", "us", "our") is operated by Utilities Studio / Hariom Sharma. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our commenting platform, marketing website, and admin dashboard (collectively, the "Service").
By using the Service, you agree to the terms described in this policy. If you do not agree, please do not use the Service.
2. Data we collect
Account data
When you register as a site owner, we collect your email address, display name, and password hash (if using email/password auth). OAuth logins provide a verified email address from your provider.
Commenter data
Commenters on sites that embed Komments provide their email address and display name to authenticate. Anonymous commenting stores a session identifier only.
Comment content
We store the full text of comments, replies, and reactions. We also store any images uploaded alongside comments in Cloudflare R2.
Technical data
We log IP addresses for rate limiting and abuse moderation. We collect browser user-agent strings and referring URLs for moderation context. We do not use this data for advertising.
Billing data
Payment details are handled entirely by Stripe. We store only a Stripe customer ID and subscription status -- never raw card numbers.
3. How we use your data
- To authenticate users and maintain sessions
- To render and serve comments to your site's visitors
- To run AI moderation via OpenAI to filter spam and harmful content
- To send transactional emails (comment notifications, account changes)
- To process subscription payments via Stripe
- To enforce rate limits and detect abuse
- To respond to support requests
We do not sell your data. We do not use your data for advertising purposes.
4. Data storage
All data is stored on Cloudflare's infrastructure. Comment data lives in Cloudflare D1 (SQLite at the edge). Uploaded images are stored in Cloudflare R2 object storage. Cloudflare's data centres are distributed globally; your data may be replicated across regions to reduce latency.
Cloudflare processes data under its own privacy policy and data processing agreements. For European users, Cloudflare provides Standard Contractual Clauses (SCCs) for international data transfers.
5. Third parties
6. Data retention
We retain your account data and comments for as long as your account is active. When you delete your account, we delete your personal data and all comments associated with your account within 30 days, except where retention is required by law or for fraud prevention.
Billing records are retained for 7 years as required by applicable financial regulations.
7. Your rights
You have the right to:
- Access -- request a copy of your personal data
- Correction -- correct inaccurate data
- Deletion -- request deletion of your account and data
- Export -- download all your comments as JSON via the admin dashboard (Settings -- Export Data)
- Objection -- object to processing of your data for certain purposes
To exercise any of these rights, email privacy@komments.io. We will respond within 30 days.
8. Cookies
We use only essential cookies: an authentication session cookie and a theme preference cookie. We do not use advertising cookies or third-party analytics cookies. See our GDPR & Cookie Policy for full details.
9. Children's privacy
The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.
10. Changes to this policy
We may update this policy from time to time. We will notify you of material changes via email or a prominent notice in the admin dashboard. Continued use of the Service after changes constitutes acceptance of the new policy.
11. Contact
For privacy-related questions, email privacy@komments.io.