CommentProtect

Privacy

Privacy Policy

CommentProtect automates comment moderation, inbox workflows, and AI-powered replies for Facebook and Instagram pages. This policy explains what we collect, how it is used, and the rights available to you.

Open data portalTerms of service

Last updated: May 8, 2026

Questions? Email support@commentprotect.com.

Data We Collect

  • Account data: name, email address, Facebook user ID, role, preferred language.
  • Connected pages: page IDs, names, usernames, and encrypted page access tokens.
  • Content: comments, messages, and replies retrieved through Meta APIs for moderation.
  • Usage analytics: action counts, processing metrics, response times, and audit logs.
  • Billing metadata: plan tier, Stripe customer ID, and subscription state. Card details are not stored.
  • Cookies: session cookies for authentication and security purposes.

How We Use Data

  • Deliver core features including moderation, bulk actions, AI replies, and analytics.
  • Provide AI and translation services using anonymized snippets where possible.
  • Send transactional emails such as digests, usage warnings, and GDPR notifications.
  • Improve reliability through auditing, logging, and aggregated performance metrics.

Data Sharing

We only share data with processors required to run the service:

  • Meta Platforms: Facebook and Instagram Graph APIs for moderation features.
  • OpenAI: AI moderation and drafting.
  • Google Cloud: Translation services for cross-language workflows.
  • Stripe: Billing, invoicing, tax receipts, and payment dispute handling.
  • Resend: Transactional email delivery.

We never sell data to advertisers or unrelated third parties.

Data Storage and Security

  • Access tokens are encrypted with AES-256-GCM and decrypted only for live API calls.
  • Infrastructure is hosted in hardened cloud environments with strict RBAC controls.
  • Hidden comments remain hidden on Facebook or Instagram even if you cancel service.
  • Stripe handles payment data and maintains PCI-DSS compliance.

Your Rights

  1. Right to Access: Request a copy of your data through the authenticated /gdpr portal.
  2. Right to Erasure: Request deletion at /gdpr. Verified requests are executed within 7 days.
  3. Right to Portability: Export structured JSON or CSV files for transfer to another provider.
  4. Right to Object: Email support to pause processing or AI features.
  5. Right to Rectification: Update account information on the settings pages anytime.

Data Retention

  • Comments remain as long as the account stays active.
  • Hidden comments stay hidden across Facebook and Instagram even after cancellation.
  • Deletion requests are processed within 7 days of verification, then purged from backups within 30 days.

Cookies and Tracking

We use essential cookies for authentication and CSRF protection. Optional analytics cookies, if enabled, measure product performance. No advertising pixels are embedded.

Children's Privacy

CommentProtect is not intended for children under 13. We do not knowingly collect children's personal data.

Changes to this Policy

Material updates will be announced via email and posted here. Continued use after changes indicates consent.

Contact

Email support@commentprotect.com or use the GDPR portal to request access, portability, objection, or deletion.