Privacy Policy

1. Embeds

This section covers all data collected through Lipwalk embeds placed on customer websites.

1.1 Data Collected Through Embeds

1.1.1 User Account Information

• Lipwalk Users: Data collected at registration (email, name) and during usage.
• SSO Users: Data shared by website owners via Single Sign-On. May include name, email, and profile information.
• Guest Commenters: Name, email (optional), and other information provided when publishing a comment.

1.1.2 Comment Content

• The content of comments posted by users
• Any attachments or media uploaded with comments

1.1.3 IP Address

• Collected if enabled by the website owner
• Used for abuse prevention and spam detection
• Stored securely and not shared with third parties

1.1.4 Interaction Data

• Reactions: User's reaction choice (like, love, etc.)
• Ratings: Star ratings provided by users
• Votes: Upvotes and downvotes on comments
• Timestamps: When actions occurred

1.2 Use of Collected Data

We use the data collected through embeds to:

• Facilitate comments, reactions, ratings, and other interactive features
• Provide and improve the Lipwalk service
• Prevent abuse and detect spam
• Send email notifications (if enabled)
• Generate analytics reports for website owners
• Comply with legal obligations

1.3 Data Retention

• Data collected through embeds is retained for as long as necessary to provide our services.
• Users may request deletion of their data at any time.
• When a website owner cancels their subscription, comment data is retained for 30 days before deletion unless export is requested.

1.4 Data Sharing

Data collected through embeds may be shared with:

• Website owners (limited to data related to their website)
• Service providers (e.g., hosting, email delivery)
• Law enforcement when required by law

We never sell data to third parties or share it for advertising purposes.

1.5 Session Replay (Optional Feature)

Session replay is an optional feature that website owners can enable. When enabled:

• End users must provide explicit consent before recording begins
• Recording captures DOM changes, clicks, and scroll events (not video)
• Sensitive data (passwords, credit cards) is automatically masked
• Website owners can configure additional masking rules
• Users can opt-out at any time via the consent banner
• Recordings are stored encrypted and deleted after the configured retention period

Important: Website owners are responsible for ensuring their use of session replay complies with applicable privacy laws and for displaying appropriate consent notices.

1.6 Cookies and Local Storage

Lipwalk embeds use the following storage mechanisms:

1.7 Website Owner Responsibilities

Website owners using Lipwalk are responsible for:

• Updating their privacy policy to disclose the use of Lipwalk
• Obtaining necessary consent from users in jurisdictions that require it
• Configuring optional features (IP logging, session replay) appropriately for their region
• Responding to data subject requests from their users

2. Website & Console

This section covers data collected on lipwalk.com and app.lipwalk.com.

2.1 Data Collected

• Account Information: Email, name, password (hashed)
• Billing Information: Processed securely through Stripe
• Usage Data: Pages visited, features used (for improving the service)

2.2 Analytics

We use privacy-respecting analytics to understand how our website and console are used. We do not use Google Analytics or other invasive tracking tools. Our analytics are aggregate and do not track individual users across sessions.

3. Your Rights

You have the following rights regarding your data:

• Access: Request a copy of your data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Export: Export your data in a standard format
• Objection: Object to certain processing activities

To exercise these rights, contact us at privacy@lipwalk.com

4. GDPR Compliance

Lipwalk is committed to GDPR compliance. We act as:

• Data Controller: For data collected on our website and console
• Data Processor: For comment data collected on behalf of website owners

Legal Basis for Processing

• Comments: Legitimate interest (providing the commenting service)
• Account data: Contract performance (providing our service)
• Session replay: Explicit consent (opt-in required)
• IP addresses: Legitimate interest (spam/abuse prevention)

Consent Management

For features requiring consent (like session replay), Lipwalk provides built-in consent management. Website owners can configure consent banners to comply with GDPR, ePrivacy, and other regulations. Consent is:

• Freely given, specific, informed, and unambiguous
• Recorded with timestamp for audit purposes
• Easily withdrawable at any time

We offer Data Processing Agreements (DPAs) to customers who require them. Contact us at legal@lipwalk.com to request a DPA.

5. Security

We take security seriously:

• All data is encrypted in transit (TLS 1.3)
• Data at rest is encrypted using AES-256
• Regular security audits and penetration testing
• SOC 2 Type II compliance (in progress)

For security concerns, contact security@lipwalk.com

6. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by email or through our service. Continued use of Lipwalk after changes constitutes acceptance of the updated policy.