Nemo Script Comments LogoNemo Script Comments

Nemo Script Comments
  • Français
  • American English
  • Home
  • Documentation
  • Why?
General Data Protection Regulation (GDPR)

Privacy Policy

General Data Protection Regulation (GDPR)

Our commitment to your privacy

PRIVACY POLICY & DATA MANAGEMENT (GDPR)
Effective from [1 June 2026]
The purpose of this privacy policy is to inform users of the scriptcomment.com website about how their personal data is collected, as well as to set out the commitments of the Publisher (Nemo Script Comments).
This concerns data protection within the PHP script offered for sale.
This also applies to the contact form(s), the comments system and the comments on the scriptcomment.com website.
________________________________________
PART 1: Data collected by the Publisher (for the sale of the script)
The Publisher processes the data of Customers purchasing the script solely for the purposes necessary to fulfil the sales contract and provide
.
1.Data collected
• Surname, first name or company name.
• Email address (for sending the script, updates and licence keys).
• Domain name and subdomain(s) associated with the licence.
• Billing details.
2.Retention period
Billing details are retained for 10 years (legal accounting requirement). Data relating to the licence and email address are
retained for as long as the licence is active in order to provide product updates.
3.Recipients of the data:
This data is strictly confidential and is never sold on.
It is only shared with the technical service providers necessary for the sale (secure payment gateways such as Stripe/PayPal,
website host) and the software development provider (updates, bug fixes).
4. Contact form
This data is received via email; it is not stored in a database, nor is it sold on. It remains strictly confidential and is
used solely to respond to the enquiry.
________________________________________
PART 2: GDPR Compliance of the Script (For the Purchaser / Administrator)
Important note for the Purchaser: As the installer and administrator of the script on your server, you are the Data Controller
processing of data belonging to users who post comments on your site.
The script’s publisher has no access to, control over, or responsibility for this data.
The script has been designed in accordance with the ‘Privacy by Design’ principle (data protection by design) to help you comply with the GDPR through the following features:
1.Local Storage and No External Database
The script operates entirely locally on your own server.
No user data (email, username, IP address,
(comment content) is sent to the script’s publisher or to a centralised third party. You retain full control over the storage of your files.
2.Security and Password Encryption
• Registered users’ passwords are encrypted (hashed) using secure native PHP algorithms.
• They are technically unreadable and inaccessible, even to you (the site administrator). In the event of loss, the user will need to reset
their password.
3.Consent Collection and User Rights:
The script natively integrates the tools necessary to comply with end-user rights (particularly for Europe):
• Prior consent (tick box):
The administrator can enable the display of a mandatory tick box below the comment form.
This box includes a configurable link to the host site’s privacy policy, ensuring that European users give compliant consent before submitting their message.
• Right to erasure and rectification (Article 17 of the GDPR):
* Unregistered users (Anonymous):
They have the option to edit or delete their comment directly whilst their session is active.
• Registered users:
They have access to a login area allowing them, at any time, to edit or delete all their comments
entirely independently.
4.Anti-Spam Tools and Captchas (Third-Party Liability)
The script offers several methods of protection against spam, which the Administrator can enable as desired:
• Local and sovereign solutions (Recommended for GDPR compliance): The Honeypot system (invisible field and publication delay) and the text file filtering system (banned words and phrases) run locally without collecting or transferring personal data to third parties.
• Third-party solutions (Google ReCaptcha V2, V3, hCaptcha): If the Administrator chooses to enable these options by entering their own API keys,
users’ browsing data may be transmitted to these third-party providers for behavioural analysis.
It is the Administrator’s responsibility to inform their users of this in their own privacy policy and to obtain their consent where necessary.

Home
Terms and Conditions
Site Map
Privacy