Skip to content

Does cactus.chat need a privacy statement?

Hi,

I'm very interested in using Cactus Comments in a new small website and maybe in contributing in the future.

Coming from an EU country, I have to prepare my privacy statement for being GDPR ready. If I use your server, I have to declare that the comments and associated data like ip addresses are transmitted to a third party (you). I couldn't find any privacy policy on cactus.chat regarding topics like data retention, deletion etc. I'm not sure if it would be legal to use a 3rd-party service without such a document, even if I mentioned that in my policy. Website maintainers have to deal with this kind of stuff, that's why I think information about this is an important step towards a production-ready service. As an alternative, we could of course self-host CC, but nevertheless, a data protection faq section in the docs would be nice. Questions could be e.g.:

  • Which data is collected and processed, and why?
  • What can users do if they want their comments to be deleted?
  • Where is the server's location?
  • The policy has to state that website users can link their comments with their matrix id after login.

I am not an expert in this topic, but I can try to help with this issue.