Privacy Policy

Last updated: February 16, 2026

1. Introduction

DropComments ("we", "our", "us") operates the dropcomments.net website and provides a self-hosted comment widget service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect:

  • First and last name
  • Email address
  • Password (stored securely hashed)

Comment Data

When visitors post comments through our widget, we collect:

  • Comment content
  • Author name (as provided by the commenter)
  • Author email (optional, if provided)
  • IP address (for spam detection and abuse prevention)
  • Page URL where the comment was posted

Site Information

When you register a site, we store the site name, domain, and configuration settings.

3. How We Use Your Information

  • To provide and maintain our comment widget service
  • To manage your account and authenticate access
  • To send email notifications (verification, password resets, comment alerts)
  • To detect and prevent spam, abuse, and fraudulent activity
  • To enforce rate limits and protect against denial-of-service attacks
  • To respond to your support inquiries

4. Data Storage and Security

We take reasonable measures to protect your data, including:

  • Passwords are securely hashed and never stored in plain text
  • CSRF protection on all form submissions
  • Rate limiting on login attempts, registration, and comment posting
  • HTML is stripped from comment content to prevent XSS attacks
  • API requests are validated against registered site domains

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We do not share your data with third parties except as necessary to operate the service (e.g., email delivery) or as required by law.

6. Cookies

We use session cookies to manage your login state. These cookies are essential for the service to function and are not used for tracking or advertising purposes.

7. Your Rights

You have the right to:

  • Access and update your personal information through your account settings
  • Delete your account and all associated data at any time
  • Request a copy of the data we hold about you

To exercise these rights, visit your account settings or contact us.

8. Data Retention

We retain your account data for as long as your account is active. Comment data is retained for as long as the associated site is registered. When you delete your account, all your data, including sites and comments, is permanently removed.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy, please contact us.