Privacy Policy

CONTENTS
  1. Overview
  2. Our role (controller vs. processor)
  3. Information we collect
  4. How we use information
  5. Legal bases
  6. Cookies & tracking
  7. Sharing & providers
  8. Retention & deletion
  9. Security
  10. International transfers
  11. Your rights
  12. Children
  13. Changes
  14. Contact

1. Overview

Gabden builds privacy-first tools for website conversations. This policy explains what information we handle, why, and the choices you have. Our core promise: no tracking cookies, no fingerprinting, and no cross-site advertising profiles. We measure usage in aggregate, not by following individuals around the web.

2. Our role (controller vs. processor)

3. Information we collect

Account data. When you create a Gabden account we store your name, email address, a hashed password, your plan, and workspace/site settings. If you enable two-factor authentication, we store an encrypted secret and hashed recovery codes.

Conversation data. When someone posts through the widget, we store what the site's form collects, typically a display name, the message body, the page URL, an optional email and website, reactions, moderation status, and timestamps. Website owners choose what their form requires.

Identity sign-in (optional). If a commenter chooses to sign in with Google or GitHub, we receive a verified name, email, a stable provider ID, and an avatar URL from that provider, and use it to attribute their comment. Guests can always post without signing in.

Analytics data (Gabden Analytics). When a site owner installs our analytics tag, we record aggregate page-visit events: the page path, referrer domain, country code, browser/OS/device family, and timestamps. Analytics is cookieless and stores no personal data and no IP addresses. A visitor's IP is used only in memory to compute a monthly-rotating one-way hash that groups a visitor's pageviews and distinguishes new from returning visitors within a rolling 30-day window. The IP is then discarded. The hash can't be reversed, doesn't work across other websites, and doesn't survive its monthly rotation, so no one can be identified or tracked long-term.

Reactions data. The reactions widget stores only aggregate counts per page (for example, "24 people chose the Love reaction on this URL"), with no cookies and no per-visitor records.

Technical & security data. To keep the Service secure and functional we process limited data such as a derived IP signal (hashed for rate-limiting and reaction de-duplication), the user agent string, and basic request metadata. We do not use this to build advertising or cross-site profiles.

4. How we use information

5. Legal bases

Where the GDPR or similar laws apply, we rely on: contract (to provide the Service you request), legitimate interests (to secure the Service, prevent abuse, and understand aggregate usage), consent (for optional features such as social sign-in), and legal obligation where applicable.

6. Cookies & tracking

We keep this minimal. The dashboard uses a first-party session cookie to keep you logged in. The embedded widget does not set tracking cookies; it uses your browser's localStorage/sessionStorage to remember a commenter's chosen identity on that browser, and the API responds with Cache-Control: no-store and no Set-Cookie. We do not use third-party advertising or analytics trackers, fingerprinting, or cross-domain identifiers.

7. Sharing & service providers

We do not sell personal data. We share limited data with vetted providers strictly to run the Service, under contractual safeguards, for example: a hosting/CDN and security provider, a transactional email provider, and (only if a commenter chooses it) the Google or GitHub sign-in they select. We may also disclose information where required by law or to protect rights and safety.

8. Retention & deletion

We keep account and conversation data for as long as your account or site is active, and as needed to provide the Service, comply with law, and resolve disputes. Deleting a comment removes it from the live conversation; deleting a site schedules its data for permanent deletion after a grace period. Routine security backups expire on a limited schedule. Account owners can export their conversation data (JSON or CSV) and request deletion.

9. Security

We use industry-standard measures including encrypted transport (HTTPS), hashed passwords, prepared database statements, CSRF protection, encrypted 2FA secrets, and origin/domain checks on the API. No system is perfectly secure, but we work to protect your data and to respond promptly to issues.

10. International transfers

Gabden and its providers may process data in countries other than yours. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

11. Your rights

Depending on where you live, you may have rights to access, correct, export, restrict, object to, or delete your personal data, and to withdraw consent. Account holders can manage much of this in the dashboard. For visitor-submitted content, contact the website owner (the controller); we will assist them as their processor. To exercise rights with Gabden, email [email protected]. You may also complain to your local data-protection authority.

12. Children

The Service is not directed to children under the age of digital consent in their region, and we do not knowingly collect their personal data. If you believe a child has provided data, contact us and we will delete it.

13. Changes

We may update this policy as the Service evolves. Material changes will be reflected by updating the "Last updated" date and, where appropriate, by notifying account owners.

14. Contact

Privacy questions or requests: [email protected].