Komments
Sign in Get started
Legal

GDPR & Cookie Policy

Last updated: April 2026

1. GDPR compliance

Komments is committed to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). We process personal data only for the purposes described in our Privacy Policy and on a lawful basis.

2. Data controller

Controller: Utilities Studio / Hariom Sharma

Country: United Arab Emirates

Contact: [email protected]

If you embed Komments on your website and collect comments from your users, you act as a data controller for your site's visitors. Komments acts as a data processor on your behalf. We process visitor data only as necessary to provide the commenting service.

3. Legal basis for processing

Contract performance (Art. 6(1)(b))
Processing your account data and comments to deliver the Service you signed up for.
Legitimate interests (Art. 6(1)(f))
Logging IP addresses for rate limiting, abuse prevention, and security. Sending transactional notifications about your comments.
Legal obligation (Art. 6(1)(c))
Retaining billing records as required by applicable financial laws.
Consent (Art. 6(1)(a))
Where required (e.g., marketing communications), we obtain explicit consent before processing.

4. Data subject rights

Under the GDPR, EU/EEA residents have the following rights regarding their personal data:

  • Art. 15
    Right of access -- You may request a copy of all personal data we hold about you.
  • Art. 16
    Right to rectification -- You may correct inaccurate or incomplete personal data.
  • Art. 17
    Right to erasure -- You may request deletion of your personal data. Delete your account via Settings -- Delete Account in the admin dashboard.
  • Art. 18
    Right to restriction -- You may request that we restrict processing of your data in certain circumstances.
  • Art. 20
    Right to portability -- Export all your comments as JSON via Settings -- Export Data in the admin dashboard.
  • Art. 21
    Right to object -- You may object to processing based on legitimate interests. Contact us and we will assess your request.

To exercise any right, email [email protected]. We respond within 30 days. If you believe we are not complying with GDPR, you have the right to lodge a complaint with your national data protection authority.

5. Cookies

We use only essential cookies. We do not use advertising cookies, third-party analytics cookies, or tracking pixels.

Cookie Purpose Duration
session Authentication session for the admin dashboard and widget 30 days
theme Stores your light/dark mode preference in localStorage Persistent

The theme value is stored in localStorage, not as a cookie. You can clear it at any time through your browser's developer tools.

6. International data transfers

Data is processed on Cloudflare's global network, which may include servers located outside the European Economic Area (EEA). Cloudflare provides Standard Contractual Clauses (SCCs) and participates in the EU-US Data Privacy Framework, providing adequate protection for international transfers.

AI moderation is performed by OpenAI. Comment text sent for moderation is processed under OpenAI's API terms, which include a Data Processing Addendum providing GDPR-compliant transfer mechanisms.

7. Data Protection Officer

Given the scale of our operations, we are not currently required to appoint a formal Data Protection Officer. Privacy enquiries are handled directly by the data controller. For any privacy concern, contact [email protected].

8. Changes to this policy

We may update this policy as our practices evolve or as required by law. We will notify you of material changes at least 14 days in advance.