DF
Disfora Native discussions
Overview Pricing About Contact
Log in Start free
Privacy

Privacy Policy

Last updated: March 29, 2026

Plain-language summary

We collect what we need to run the service and keep your account secure. We don't sell your data or build advertising profiles.

1. Introduction

Welcome to Disfora ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at disfora.com ("Website") and use our embeddable commenting platform and related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you consent to the data practices described here.

2. Data controller

Disfora is the data controller responsible for your personal data. If you have questions about how your data is processed, contact us at [email protected].

3. Data we collect

We collect the following categories of personal data:

3.1 Account data. When you register for an account, we collect your email address, username, first name, last name, and a hashed version of your password.

3.2 Payment data. When you subscribe to a paid plan, our payment processor collects your payment card details, billing address, and transaction history. We do not store any card details on our servers. All payment information is handled entirely by our PCI-compliant payment processor. We only receive tokenized references and transaction confirmations.

3.3 Content data. Comments, ratings, votes, and other content you submit through the Service, along with associated metadata (timestamps, page URLs, parent comment references).

3.4 Technical data. We may collect technical data such as IP address, browser type, operating system, device identifiers, time zone, referring URL, pages visited, and session duration. The scope of technical data collected may change over time as we improve the Service.

3.5 Usage data. Information about how you use the Service, including features accessed, actions taken (comments posted, votes cast), frequency of use, and error reports.

3.6 Communication data. Records of correspondence when you contact us for support, including your name, email, and the content of your messages.

4. How we use your data

We use your personal data for the following purposes:

  • Provide and maintain the Service — creating accounts, authenticating users, displaying comments, calculating reputation scores (Clout), and processing payments.
  • Process transactions — managing subscriptions, issuing invoices, handling refunds, and preventing fraudulent transactions.
  • Communicate with you — sending transactional emails (account verification, password resets, billing receipts, subscription changes), and responding to support inquiries.
  • Maintain security — detecting abuse, enforcing rate limits, preventing spam, and protecting the integrity of the platform.
  • Improve the Service — analyzing usage patterns to fix bugs, improve performance, and develop new features.
  • Comply with legal obligations — responding to lawful requests from public authorities and meeting regulatory requirements.

We do not use your personal data for automated decision-making or profiling that produces legal effects. We do not sell your data to third parties. We do not serve advertisements.

We process personal data under one or more of the following legal bases:

  • Contract performance — processing necessary to provide the Service you have subscribed to.
  • Legitimate interests — processing necessary for our legitimate interests (security, fraud prevention, service improvement), provided these do not override your rights.
  • Consent — where you have given explicit consent (e.g., marketing communications). You may withdraw consent at any time.
  • Legal obligation — processing necessary to comply with applicable laws.

6. Data sharing and third parties

We share personal data only when necessary to operate the Service:

  • Payment processors — we use third-party payment processors to handle billing. They receive the data necessary to process your payment and are bound by their own privacy policies and PCI DSS compliance obligations.
  • Infrastructure providers — we use cloud hosting and CDN providers to deliver the Service. Data is processed on our behalf under data processing agreements.
  • Email delivery — transactional emails (receipts, verification, notifications) are sent through third-party email providers.
  • Legal compliance — we may disclose data if required by law, subpoena, court order, or government request.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity.

We do not share data with advertisers or data brokers. Public content (comments, usernames, Clout scores) is visible to other users of the Service by design.

7. Cookies and tracking

We use cookies and similar technologies as follows:

  • Authentication cookies — httpOnly cookies that maintain your login session. These are essential for the Service to function and cannot be disabled.
  • CNAME-based cookies — for sites using the embedded widget, authentication cookies are set on a subdomain of the site owner's domain (e.g., comments.example.com) via DNS CNAME. This makes them first-party cookies in the browser context.

We do not use third-party advertising cookies, tracking pixels, or analytics cookies that identify individual users. We do not participate in cross-site tracking.

8. Data retention

We retain personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specifically:

  • Account data — retained until you delete your account.
  • Payment records — retained for as long as required to comply with tax and accounting regulations.
  • Comments, ratings, and content — retained for as long as the associated project exists. When content is soft-deleted by a user or moderator, it remains in our systems indefinitely to maintain the integrity of discussion threads and reputation scores. When a user deletes their account, we remove the association between their identity and their content, but the content itself remains.
  • Project data — when a Project Owner deletes a project, all data associated with that project (comments, ratings, configurations, domains) is permanently removed.

When you request account deletion, we remove your personal identity data and disassociate your content. Any projects you own will also be permanently deleted, along with all associated project data. This action is irreversible.

9. Data security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption in transit (TLS 1.2+) and at rest for sensitive data.
  • Password hashing using bcrypt with appropriate cost factors.
  • Token-based authentication with automatic rotation and replay detection.
  • Access controls that limit data access to authorized personnel.
  • Regular security reviews and dependency updates.

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If we become aware of a breach affecting your data, we will notify you and relevant authorities as required by applicable law.

10. Children and the Service

Disfora has two sides: Project Owners who pay to embed our widget on their websites, and end users who browse those websites and may choose to create accounts and comment. We do not restrict account creation by age. Users of all ages may create accounts and participate in discussions on websites that use Disfora.

Project Owners are responsible for ensuring their websites comply with applicable laws regarding minors, including COPPA where relevant. We reserve the right to remove any content or data that we believe is intended to harm or exploit children.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a notice on the Website. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Email: [email protected]