Privacy Policy
This Privacy Policy describes how Comment Protocol (“we,” “us,” or “our”) handles information when you use our website at commentprotocol.com (the “Site”) and our open-source browser extension that connects to the same services (the “Extension”). Together, the Site and Extension are the “Services.”
If you do not agree with this policy, please do not use the Services. We may update this page from time to time; the “Last updated” date above will change when we do.
1. Who is responsible
The Services are operated by the project team behind the COMMENTZRUS GitHub organization. For privacy requests, use the contact section at the end of this policy.
2. What the Services do
The Services let people read and post public comments and related content in several contexts—for example internet domains, memes, map places, astronomical objects, prediction-market listings, and on-chain transactions—depending on which parts of the product you use. The Extension shows a comment thread for the site associated with your active browser tab and uses the same backend APIs as the Site.
3. Information we collect
3.1 Account and profile
- Authentication. We use Privy to sign you in (for example with a wallet, email, or social login, depending on how the app is configured). Privy processes login credentials and issues session tokens. Their practices are described in Privy’s privacy policy.
- Identifiers we store. When you authenticate, we create or update a user record tied to a Privy identifier and may store a public username you choose, a karma score used in the product, and timestamps.
3.2 Content you submit (public by design)
- Comments and votes. Text you post, votes on comments, and metadata (such as time of submission and threading) are stored in our database and are visible to other users as part of the Services.
- Memes. If you submit memes, we store a title, a link to an image (
imageUrl), and may store an optional wallet address you associate with the submission. Images may be hosted by us or by third-party URLs you supply, depending on the link you provide.
3.3 Extension: active tab URL
The Extension reads the URL of your active tab so it can show the correct discussion and label the UI. Today, domain-level threads use the hostname derived from that URL when calling our APIs (for example to load comments for example.com). We do not use your open tabs to build a separate advertising profile or sell browsing history; processing is tied to operating the commenting feature.
3.4 Technical, security, and operations data
- Server and edge logs. Our hosting provider and related infrastructure may log data such as IP address, request path, user agent, timestamps, and error diagnostics for security, debugging, and reliability.
- Caching. We may use an in-memory or hosted cache (for example Redis) to store short-lived counters or similar operational values.
- Cookies and local storage. The Site and Privy may use cookies or browser storage to maintain sessions. The Extension uses extension storage APIs for authentication state as allowed by your browser.
3.5 Third-party features on the Site
Some features load data or scripts from other providers when you use them—for example interactive maps may rely on Google Maps when a map API key is configured. Those providers receive requests needed to render the feature and process data under their own terms and policies (for example Google’s Privacy Policy). Other integrations (such as public market or catalog APIs) similarly receive the parameters needed to return results you request.
4. How we use information
We use the information above to:
- Provide, operate, and improve the Services;
- Authenticate users, prevent abuse, and protect security;
- Display public threads, leaderboards, and related product features;
- Comply with law and respond to lawful requests where required.
5. Legal bases (EEA, UK, and similar regions)
Where laws such as the GDPR apply, we rely on appropriate bases including performance of a contract (providing the Services you ask for), legitimate interests (securing and improving the Services, fraud prevention), and, where required, consent (for example for certain optional communications or non-essential cookies if we add them).
6. Sharing and subprocessors
We share information with service providers who help us run the Services—for example Privy (authentication), Vercel (or comparable hosting for the Site and APIs), and database and caching vendors configured in our deployment. They process data on our instructions and under contractual obligations appropriate to their role.
Public content you post is visible to other users and may be accessed through our APIs or pages as designed. We do not sell your personal information in the conventional “data broker” sense. If we introduce advertising or analytics that qualify as a “sale” or “sharing” under U.S. state laws, we will update this policy and offer any legally required opt-outs.
7. Retention
We retain account and content data for as long as needed to provide the Services and for legitimate operational purposes (for example backups and dispute resolution). Server logs are kept for limited periods according to provider defaults and our configuration. You may request deletion where applicable law gives you that right, subject to exceptions (for example information we must keep for legal compliance).
8. Security
We use reasonable technical and organizational measures appropriate to the nature of the Services. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
9. Your choices and rights
Depending on where you live, you may have rights to access, correct, delete, or export certain personal data, or to object to or restrict certain processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us as below. We may need to verify your identity before fulfilling a request.
California residents: California law may grant you additional rights (including to know, delete, and correct personal information, and to opt out of certain “sales” or “sharing”). We describe categories of data we collect in sections 3–4 above.
10. Children
The Services are not directed at children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.
11. International transfers
We may process and store information in the United States and other countries where we or our providers operate. If we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards where required by law.
12. Changes to this policy
We may update this Privacy Policy to reflect changes to our practices or legal requirements. We will revise the “Last updated” date and, where changes are material, we may provide additional notice (for example on the Site or in release notes).
13. Contact
For privacy questions or requests (including data subject rights where applicable), open an issue or discussion on our public repositories, or contact maintainers through GitHub:
If you later publish a dedicated support email, we will add it here so store listings and regulators have a single, stable contact channel.
This policy is provided for transparency and store-review purposes. It is not individualized legal advice; consult qualified counsel for your entity and jurisdictions.