Privacy & GDPR

The honest version: what Lipwalk collects, what it deliberately does not, and the controls readers get without having to email anyone.

Last updated: June 2026

The whole policy in six lines

  • • No ads, no third-party trackers, no selling or renting data.
  • • IP addresses are stored only as salted hashes, never raw.
  • • Session replay records DOM events, not video; every input field is masked.
  • • Do-Not-Track is honored automatically for replay.
  • • Readers can export or delete their own data from the widget, self-serve.
  • • Replay recordings auto-delete in 30/90/180 days by plan.

1. Data in the embedded widgets

When you comment, react, or rate through a Lipwalk widget on someone's site, Lipwalk stores the content you submit, the display name you choose (or "Anonymous"), an optional email if you provide one for reply notifications, and the time it happened.

For spam defense and vote integrity, Lipwalk computes a salted, irreversible hash of your IP address and discards the raw IP; the hash cannot be reversed into your address. The widget may also derive a browser fingerprint signal as a secondary abuse signal.

Because spammers and abusive actors move between sites, Lipwalk correlates these hashed signals across the sites that use Lipwalk to detect and stop coordinated abuse (its Fleet Shield protection). This is a security function on a legitimate-interest basis (see section 5): the hashed signals are used only to rate-limit, challenge, or block abuse, never for advertising, profiling, building a marketing picture of you, or sale. Signals decay over time and are deleted on a fixed retention schedule, and a site owner can disable fleet-wide enforcement for their own site.

Comments pass through automated spam and safety checks. The routine checks run on Lipwalk's own servers, so your words are not sent to any outside service for ordinary moderation. In the rare case content is genuinely borderline, only the text needed for that one decision may be sent to a cloud provider for a second opinion.

If a site owner turns on image attachments, images you upload are stored to show alongside your comment. Each image is re-encoded to strip embedded metadata (including location data) before it is served, and is screened for known illegal material. The site owner can remove any image you post, and you can delete your own content with the tools in section 4.

Site owners can subscribe to webhooks about activity on their own sites; those deliveries contain comment excerpts and identifiers and go to endpoints the site owner controls.

2. Session replay

On plans that include it, site owners can enable session replay to understand how pages are used. Recordings are streams of DOM events (clicks, scrolls, page mutations), not video and not screenshots. Every input field is masked by default before data leaves the browser, and site owners can additionally mask or block any element.

Replay honors your browser's Do-Not-Track setting automatically: if it's on, nothing records. Site owners can also disable recording per page. The recorder script only loads in sessions that are actually being recorded.

Recordings expire automatically on the site's plan schedule: 30 days (Growth), 90 days (Business), or 180 days (Enterprise). A cleanup job permanently deletes expired recordings.

3. Cookies and storage

The widget sets no advertising, analytics, or third-party tracking cookies. This is the complete inventory:

NameWherePurposeLifetime
lw_commenter_<site>Browser localStorageKeeps a reader signed in to the widget on that one site. Scoped per site; never shared across sites.Until sign-out or token expiry
lw_commenterCookieCommenter session for widget requests.Session-scoped
lw_refreshCookie (httpOnly)Set only if a reader creates or signs in to a Lipwalk account; refreshes their session.Until expiry or sign-out
lipwalk-themeBrowser localStorageLight/dark preference on this website.Until changed

No advertising cookies. No analytics cookies. No third-party cookies.

4. Your rights, self-serve

If you've commented through Lipwalk, you can act on your data directly from the widget, no support ticket required:

  • Export. Download everything Lipwalk holds about your commenter identity (comments, ratings, votes) as JSON.
  • Delete. A confirmed two-step request anonymizes your identity and removes your content. Deletion is immediate, not queued behind a review.
  • Unsubscribe. Every notification email carries a one-click unsubscribe that works without signing in.

For anything these tools don't cover, email [email protected].

5. GDPR roles

For data collected through widgets embedded on a customer's site, the site owner is the data controller and Lipwalk is the data processor, acting on their configuration (moderation settings, replay on/off, anonymous commenting on/off). For dashboard accounts and billing, Lipwalk is the controller.

Legal bases: performance of a contract (providing the commenting service), legitimate interest (abuse prevention, including the cross-site correlation of salted, irreversible hashes described in section 1; a Legitimate Interest Assessment is documented), and consent where a site's own policy requires it. Billing runs through Stripe; Lipwalk never sees or stores full card numbers.

Lipwalk runs on a short list of sub-processors, each used only for what it says: Amazon Web Services (hosting and storage), Cloudflare (content delivery and abuse protection), Stripe (billing), Amazon SES (transactional email), and, only for the rare borderline moderation check above, a cloud AI provider. None of them receive data for advertising, and none are sold or rented your readers' data.

6. Security

Traffic is encrypted in transit. Secrets live in a managed secrets store, not in code. Webhook deliveries are HMAC-signed so receivers can verify origin. Access to production data is limited to what operating the service requires, and Lipwalk maintains a written security posture with a deployment checklist re-walked on every release.

If you find a vulnerability, email [email protected] and Lipwalk will respond quickly and credit you if you want.

7. Changes

When this policy changes materially, Lipwalk will update the date at the top and notify site owners by email before the change takes effect.