Privacy Policy for Hyvor Talk

Last Updated: 1st of July 2022

Introduction

This page covers how we collect and use the information you enter at Hyvor Talk.

TL;DR As a privacy-first product, we do not sell your data to third-parties or advertisers.

Hyvor Talk, (us, we, our), operates the https://talk.hyvor.com website and provides a commenting platform for websites.

Information you provide to us when using Hyvor Talk

Note: Hyvor signup information (user data) is collected at Hyvor Auth, please refer to Hyvor's main privacy page to see how we use your signup information. Your Hyvor account will be used at all the services at Hyvor including Hyvor Talk.

1. Website Information

When website owners add their website (example.com) to Hyvor Talk, we will ask them for the following information.

  1. Website Name: A name to identify their website.
  2. Website Domains: One or more domains that they wish to use Hyvor Talk.

All data related to websites, including comments and webpage data, will be deleted when deleting the website from the console.

2. Payment Information

For all the types of payments done when subscribing to paid plans, we use the secure service from paddle.com. Paddle works as our merchant of record, and it stores your credit card information, Paypal IDs, etc. for recurring payments.

3. Single Sign-on

When setting up Single sign-on, the data website owners provide (name, picture, and email) of the user will be saved in our database. The name and picture will be used in the comments. The email is only used to send email notifications to the user, and never displayed publicly.

The website owner can request us to delete all the SSO information at any time.

Information we collect from client websites

A client website is a website that uses Hyvor Talk. The information we collect from those websites are minimal and listed here.

  • Webpage URL - Used in the console and emails
  • Webpage Identifier - Used to identify each webpage uniquely.

Hyvor Talk does not place any tracking, advertising, affiliate, or any third-party codes on client websites. All of the above data is collected by our system.

When commenting on websites

When someone publishes a comment (guest, hyvor, or SSO) on a website, the current IP address of the user will be saved, and the moderators of the website can see it. It is commonly used to ban spammers by IP address.

Information we collect when you use our website

We may collect information about how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time spent on those pages, and other diagnostic data.

These data will only be collected when using the following types of pages in Hyvor Talk. We do not collect these data from our client websites when the website owner places the installation code on their website.

  • Landing Pages
  • Console - Where website owners moderate comments

Cookies and Local Storage Usage

In the comments section, we use one cookie to save the login state of the user.

Cookie Name Cookie Usage
authsess Used to save the login state across all subdomains of hyvor.com. This is set by auth.hyvor.com when logging in.
talksess Used for all save session for OpenID Connect Single Sign-on

Additionally, we save a token named hyvor_talk_lst in local storage of your website as a fallback for web browsers that block third-party cookies. This is a short-lived, website-specific, ip-restricted, cryptographic token.

Data Storage

We use DigitalOcean, a third-party hosting provider, to host our services. Your information will be saved on our servers in Frankfurt, Germany. Even we own the database, website owners have the right to retain their data at any time.

Data Security

We use HTTPS/TLS encryption to protect data transferred between you and our site. All of your data is stored safely on our databases and always backed up on external servers that we own. Therefore, we guarantee the safety of your stored data. However, the data transferred through the internet is not always completely safe. You are responsible for taking appropriate actions to secure your account.

Emails

1. Administrative Emails

We will let website owners know about their account, security, policy, and service updates through email. They can only unsubscribe from these emails by deleting their website from the console.

2. Non-administrative Emails

We do not send non-administrative (newsletter, etc.) emails.

Service Providers

All the service providers mentioned below are only used on our website (landing pages, console, etc.) and never added to your website or comments section.

Merchant of Record: Paddle

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns. Paddle is operated by Paddle.com Market Ltd., 15 Bermondsey Square, SE1 3UN London, United Kingdom, and Paddle Payments Ltd, Core B, Block 71, The Plaza, Park West, Dublin 12, Ireland.

Further information about handling user data can be found in Paddle's privacy policy at https://paddle.com/privacy.

Analytics: Splitbee

We use Splitbee Analytics for web analytics on our website. Splitbee tracking code is added to our landing pages, blog, and the console to track usage. Splitbee is only used to track and improve our product and marketing by analyzing referrals and conversion rates.

For more information, refer to Splitbee's privacy policy.

Updates to Privacy Policy

We may update this privacy policy page from time to time. The last update time is shown at the top of this document. Any major updates to our privacy policy will be notified to all the users via email and through the website.