Privacy Policy for Hyvor Talk

Last Updated: 1st of July 2022


This page covers how we collect and use the information you enter at Hyvor Talk.

TL;DR As a privacy-first product, we do not sell your data to third-parties or advertisers.

Hyvor Talk, (us, we, our), operates the website and provides a commenting platform for websites.

Information you provide to us when using Hyvor Talk

Note: Hyvor signup information (user data) is collected at Hyvor Auth, please refer to Hyvor's main privacy page to see how we use your signup information. Your Hyvor account will be used at all the services at Hyvor including Hyvor Talk.

1. Website Information

When website owners add their website ( to Hyvor Talk, we will ask them for the following information.

  1. Website Name: A name to identify their website.
  2. Website Domains: One or more domains that they wish to use Hyvor Talk.

All data related to websites, including comments and webpage data, will be deleted when deleting the website from the console.

2. Payment Information

For all the types of payments done when subscribing to paid plans, we use the secure service from Paddle works as our merchant of record, and it stores your credit card information, Paypal IDs, etc. for recurring payments.

3. Single Sign-on

When setting up Single sign-on, the data website owners provide (name, picture, and email) of the user will be saved in our database. The name and picture will be used in the comments. The email is only used to send email notifications to the user, and never displayed publicly.

The website owner can request us to delete all the SSO information at any time.

Information we collect from client websites

A client website is a website that uses Hyvor Talk. The information we collect from those websites are minimal and listed here.

Hyvor Talk does not place any tracking, advertising, affiliate, or any third-party codes on client websites. All of the above data is collected by our system.

When commenting on websites

When someone publishes a comment (guest, hyvor, or SSO) on a website, the current IP address of the user will be saved, and the moderators of the website can see it. It is commonly used to ban spammers by IP address.

Information we collect when you use our website

We may collect information about how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time spent on those pages, and other diagnostic data.

These data will only be collected when using the following types of pages in Hyvor Talk. We do not collect these data from our client websites when the website owner places the installation code on their website.

Cookies and Local Storage Usage

In the comments section, we use one cookie to save the login state of the user.

Cookie Name Cookie Usage
authsess Used to save the login state across all subdomains of This is set by when logging in.
talksess Used for all save session for OpenID Connect Single Sign-on

Additionally, we save a token named hyvor_talk_lst in local storage of your website as a fallback for web browsers that block third-party cookies. This is a short-lived, website-specific, ip-restricted, cryptographic token.

Data Storage

We use DigitalOcean, a third-party hosting provider, to host our services. Your information will be saved on our servers in Frankfurt, Germany. Even we own the database, website owners have the right to retain their data at any time.

Data Security

We use HTTPS/TLS encryption to protect data transferred between you and our site. All of your data is stored safely on our databases and always backed up on external servers that we own. Therefore, we guarantee the safety of your stored data. However, the data transferred through the internet is not always completely safe. You are responsible for taking appropriate actions to secure your account.


1. Administrative Emails

We will let website owners know about their account, security, policy, and service updates through email. They can only unsubscribe from these emails by deleting their website from the console.

2. Non-administrative Emails

We do not send non-administrative (newsletter, etc.) emails.

Service Providers

All the service providers mentioned below are only used on our website (landing pages, console, etc.) and never added to your website or comments section.

Merchant of Record: Paddle

Our order process is conducted by our online reseller is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns. Paddle is operated by Market Ltd., 15 Bermondsey Square, SE1 3UN London, United Kingdom, and Paddle Payments Ltd, Core B, Block 71, The Plaza, Park West, Dublin 12, Ireland.

Further information about handling user data can be found in Paddle's privacy policy at

Analytics: Splitbee

We use Splitbee Analytics for web analytics on our website. Splitbee tracking code is added to our landing pages, blog, and the console to track usage. Splitbee is only used to track and improve our product and marketing by analyzing referrals and conversion rates.

For more information, refer to Splitbee's privacy policy.

Privacy FAQ

1. What information do you collect from the visitors of my website?

We only collect the information that is necessary to run the commenting platform and make better communities. We save user's visit time (not personally identifiable) for analytics purposes. And, we save the IP address of the user only when they publish a comment. IP address is one of the most important metric for spam detection. We do not use IP addresses for any other purposes. As a website owner, you can disable IP address collection from the console.

2. Do you track users?

No. Even the same user visits two pages that have Hyvor Talk embedded, we do not know that the user is the same user. We are completely focused on helping websites building better engaging communities - not tracking users or their activities for advertising or data analysis.

3. Do I need to show cookie consent if I use Hyvor Talk?

According to GDPR and ePD (ePrivacy Directive) you are not required to show cookie consents to use strictly necessary cookies (ex: cookies used for login). At Hyvor Talk, we only use cookies/local storage to save the user's login status. Therefore, using Hyvor Talk alone does not require you to use cookie consents on your website. However, if you use other services that use cookies, you may need to show cookie consents.

4. How do I add Hyvor Talk to my privacy policy?

Here's a minimum template that you have use in your privacy policy.

This website uses Hyvor Talk service as the commenting platform. The comments and other data exchanged are stored securely within the Hyvor Talk system. Your personal data will be processed and transmitted in accordance with the General Data Protection Regulation (GDPR). For more information, please refer to their privacy policy.

If you use Single Sign-on, this sentence will be necessary.

We use Hyvor Talk's Single Sign-on feature to connect our userbase with the comments system. Your account details will be used when you choose to comment.

Updates to Privacy Policy

We may update this privacy policy page from time to time. The last update time is shown at the top of this document. Any major updates to our privacy policy will be notified to all the users via email and through the website.