v0.0.141
Join to Waitlist Private Alpha

Privacy Policy

Last updated: January 5, 2025

Introduction

This Privacy Policy explains how Crowment ("we," "our," or "us") collects, uses, and protects your personal information when you use our comment system service and website. We are committed to protecting your privacy and ensuring transparency about our data practices.

Information We Collect

Information You Provide Directly

  • Account Information: When you create an account, we collect your name, email address, and authentication information from supported OAuth providers (Google, Discord).
  • Profile Information: You may optionally provide a profile picture, bio, and other profile details.
  • Comments and Content: Any comments, posts, or other content you submit through our service.
  • Payment Information: When you purchase premium features, payment processing is handled by Lemon Squeezy. We do not store your full payment card details.

Information We Collect Automatically

  • Usage Data: Information about how you use our service, including pages visited, features used, and interaction patterns.
  • Device Information: Your IP address, browser type, operating system, device identifiers, and other technical information.
  • Cookies and Tracking: We use cookies and similar technologies to enhance your experience and analyze service usage.
  • Performance Data: Data collected through Cloudflare services for security, performance optimization, and analytics.
  • Database Analytics: We collect usage and performance metrics from our database systems (CockroachDB) to optimize service performance and reliability.
  • Notification Metrics: When using our notification services, we may collect delivery and engagement metrics to improve notification effectiveness.

How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To provide, maintain, and improve our comment system service.
  • Authentication: To verify your identity and manage your account through OAuth providers.
  • Communication: To send you service-related notifications, updates, and support responses via email and in-app notifications.
  • Security: To protect against fraud, abuse, and security threats.
  • Analytics: To understand how our service is used and improve user experience.
  • Performance Optimization: To monitor system performance, database efficiency, and service reliability.
  • Legal Compliance: To comply with legal obligations and protect our rights.

Information Sharing and Disclosure

Third-Party Service Providers

We share information with trusted third-party providers who help us operate our service:

  • Cloudflare: For content delivery, security, and performance optimization.
  • Google OAuth: For authentication services when you choose to sign in with Google.
  • Discord OAuth: For authentication services when you choose to sign in with Discord.
  • Lemon Squeezy: For payment processing and subscription management.
  • Email Service Providers: We may use services like Amazon SES or Brevo for sending transactional emails, newsletters, and notifications.

Self-Hosted Infrastructure Services

We operate some services on our own infrastructure, but these may still collect operational data:

  • Database Systems (CockroachDB): Our self-hosted database collects performance metrics, query analytics, and usage statistics to ensure optimal service performance.
  • Notification Services (Novu): Our self-hosted notification system may collect delivery metrics, engagement data, and performance analytics to improve notification reliability.

Public Information

Comments and other content you post through our service may be publicly visible on websites where our comment system is embedded. Your username and profile information may also be displayed alongside your comments.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests from government authorities.

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Specifically:

  • Account information is retained while your account is active and for a reasonable period after deletion.
  • Comments and content may be retained to maintain the integrity of discussions on websites using our service.
  • Usage and analytics data may be retained in aggregated or anonymized form for longer periods.
  • Email delivery logs and notification metrics are retained for operational purposes and may be kept for up to 12 months.
  • Database performance metrics and system analytics are retained to ensure service reliability and may be stored indefinitely in anonymized form.

Our Technology Infrastructure

To provide you with a reliable and secure service, we use a combination of third-party services and self-hosted infrastructure:

Self-Hosted Services

These services run on our own infrastructure, giving us greater control over your data:

  • Database (CockroachDB): Your comments, account information, and service data are stored in our self-hosted database cluster. While self-hosted, this system collects operational metrics such as query performance, database health, and usage patterns to ensure optimal service delivery.
  • Notification System (Novu): Our self-hosted notification service handles email notifications, in-app alerts, and other communications. It may collect delivery status, open rates, and engagement metrics to improve notification reliability and effectiveness.

Email Services

For reliable email delivery, we may use:

  • Amazon SES: For transactional emails, password resets, and account notifications
  • Brevo (formerly Sendinblue): For marketing emails, newsletters, and bulk communications

These services may have access to your email address and email engagement data (such as opens and clicks) as necessary to provide email delivery services.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Secure infrastructure provided by trusted cloud providers

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to certain limitations.
  • Portability: Request a machine-readable copy of your data.
  • Objection: Object to certain processing of your information.
  • Restriction: Request restriction of processing in certain circumstances.

Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences and settings
  • Analyze service usage and performance
  • Provide security and fraud protection

You can control cookies through your browser settings, but disabling certain cookies may affect service functionality.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses and adequacy decisions where applicable.

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

GDPR Compliance (EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

  • We process your data based on legitimate interests, consent, or contractual necessity.
  • You have the right to withdraw consent at any time where processing is based on consent.
  • You have the right to lodge a complaint with your local data protection authority.
  • We may transfer your data outside the EU only with appropriate safeguards in place.

CCPA Compliance (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • We do not sell your personal information to third parties.
  • You have the right to know what personal information we collect, use, and disclose.
  • You have the right to request deletion of your personal information.
  • You have the right to non-discrimination for exercising your privacy rights.

Get notified —
Crowment is coming soon

Be the first to try Crowment Comments. Join our waitlist and we'll email you as soon as we launch. No spam — just up to 2 thoughtful updates per month.

Privacy Policy Terms of Service Cookie Policy

© 2025 Crowment. All rights reserved.