This Privacy Policy explains how your personal data is collected, processed, stored and protected in connection with the social media comment management platform offered under the Commento brand ("Commento" or the "Service"). By using the Service or contacting us, you agree to the practices described in this policy; the policy may be updated from time to time and the current version will be published on this page.

1. Data Controller

Under Turkish Law No. 6698 on the Protection of Personal Data ("KVKK") and the EU General Data Protection Regulation ("GDPR"), the data controller responsible for personal data processing activities related to the Commento Service is:

  • Company: Bigbrains Yazılım Teknolojileri Ltd. Şti.
  • Address: Çankaya, Ankara, Turkey
  • Email: info@commento.co

You may submit your requests under KVKK to the contact address above. For users residing in the EU under GDPR, the same channels may be used; you also retain the right to lodge a complaint with a local supervisory authority where applicable.

2. Personal Data Collected

The following categories of personal data may be processed for the provision of the Service:

Account and identity information: name, surname, company or brand name, email address, phone number (optional), password or technical identifiers used for authentication.

Social media and OAuth data: access tokens, account identifiers, page or channel names, visible profile information and technical metadata required for comment management shared through OAuth or API processes when connecting to Instagram, Facebook, YouTube or other supported platforms.

Comment and content data: comment texts viewed, replied to or processed for moderation through the Service, sender usernames and related metadata provided by social media platforms.

Usage and technical data: session and log records, IP address, browser type, device information, operating system, access times, in-Service click and feature usage statistics, error and performance reports.

If payment transactions are processed through a payment service provider, card or bank information may not be stored directly on Commento servers; in that case, the relevant provider's privacy notice applies.

3. Purposes of Processing

Collected data is processed in a limited manner for the following purposes:

  • Creating your Commento account, authentication and access control
  • Securely connecting social media accounts and collecting, displaying, replying to and moderating comments
  • Providing AI-powered analysis, sentiment analysis and reporting features
  • Contract performance, billing and customer support
  • Service security, fraud prevention, abuse detection and fulfillment of legal obligations
  • Product development, statistical analysis and anonymized reporting
  • Sending you technical notifications, updates and (in accordance with your preferences) marketing communications

4. Legal Basis

Your personal data is processed in accordance with the conditions set forth in Articles 5 and 6 of KVKK; these include explicit provision by law, establishment or performance of a contract, legitimate interest of the data controller (security and service improvement), explicit consent or fulfillment of legal obligations.

For users residing in the European Economic Area or other regions where GDPR applies, processing activities are based on the legal grounds under Article 6 of GDPR: performance of a contract, legitimate interest, legal obligation or explicit consent (e.g. optional marketing or certain cookies).

If processing of sensitive personal data is involved, it is carried out only in limited circumstances provided by law or based on explicit consent and with additional security measures.

5. Cookies and Similar Technologies

Our website and application may use cookies, local storage and similar technologies for session management, security, remembering preferences and (when permitted) analytics or marketing purposes.

  • Essential cookies: Required for basic functions of the site or application; disabling them may affect Service usage.
  • Performance and analytics cookies: Help us understand usage; work with anonymous or pseudonymous data where possible.
  • Preference cookies: Remember language, region or interface settings.

You can manage cookies through your browser settings or (when available) update your preferences via the cookie banner. For third-party cookies, we recommend consulting the relevant providers' policies.

6. Data Retention Periods

Personal data is retained for the duration required by the processing purpose and within the framework of statutory limitation, accounting, tax or regulatory retention obligations. When the purpose ceases or the retention period expires, data is deleted, destroyed or anonymized.

For example: account data is retained as long as your account is active and for a reasonable technical and legal period after account closure; log and security records are typically kept for limited periods; marketing consents are retained until withdrawn or the purpose ends. Periods may be updated as the Service evolves and significant changes may be communicated on this page or via notification.

7. Data Security

Bigbrains Yazılım Teknolojileri implements technical and administrative measures to protect the confidentiality, integrity and availability of personal data. These include encryption (in transit and where appropriate at rest), access controls, personnel training, regular security assessments and binding sub-processors through contracts.

We remind you that data transmission over the internet is not 100% secure; users should also use strong passwords and not share account information. If you notice any suspicious activity, please notify us immediately at info@commento.co.

8. Third-Party Sharing and International Transfers

Your data may only be shared to the extent necessary for providing the Service and in the following situations:

  • Social media platforms: Meta (Facebook/Instagram), Google (YouTube) and similar providers' API terms and privacy policies apply for comment management.
  • Cloud and infrastructure providers: hosting, backup, email and security services.
  • Analytics and communication tools: usage measurement or notification delivery (subject to your preferences and contracts).
  • Legal requests: court orders or binding requests from competent authorities.

Your data may be processed on servers or with sub-processors outside Turkey. In such cases, appropriate safeguards under KVKK and GDPR (standard contractual clauses, adequacy decisions or explicit consent, etc.) are sought.

9. YouTube API Services

This Service uses YouTube API Services to enable users to connect their YouTube channels, fetch video comments, and perform comment analysis. By using YouTube-related features of this Service, you agree to be bound by the YouTube Terms of Service.

Our use of information received from YouTube API Services adheres to the Google API Services User Data Policy, including the Limited Use requirements. For more information about how Google handles your data, please refer to the Google Privacy Policy.

Data we access through YouTube API Services: When you connect your YouTube account to Commento via OAuth 2.0, we access and process the following YouTube data:

  • Channel information (channel ID, channel name, uploads playlist ID)
  • Video metadata (video titles, descriptions, thumbnails, statistics such as view/like/comment counts)
  • Video comments and replies (comment text, author display names, timestamps, like counts, reply counts)

Purpose of use: This data is used solely for providing comment analysis, sentiment analysis, AI-powered insights, content moderation, and reporting features within the Commento platform. YouTube API Data is NOT sold, redistributed, or used for advertising purposes.

Data retention: YouTube API Data is stored for a maximum of 90 days and is automatically deleted thereafter. Derived metrics (aggregated sentiment scores, anonymized analytics) may be retained longer for historical reporting purposes, but no individual comment text is retained beyond 90 days.

Revoking access: You may revoke Commento's access to your YouTube data at any time through two methods:

Data deletion: Upon revoking access or account deletion, all stored YouTube API Data associated with your account will be deleted within 7 days in accordance with the YouTube API Services Terms of Service.

Contact: If you have questions or complaints about our use of YouTube API Data, please contact us at info@commento.co.

10. Data Subject Rights

Under KVKK, you have the following rights regarding your personal data by applying to the data controller: learning whether your data has been processed, requesting information if processed, learning the purpose and whether it has been used in accordance with its purpose, knowing third parties to whom data has been transferred domestically or abroad, requesting correction if incomplete or incorrect, requesting deletion or destruction where conditions under Article 7 of KVKK are met, requesting notification of correction/deletion operations to third parties to whom data has been transferred, objecting to results arising exclusively through automated analysis, and requesting compensation for damages caused by unlawful processing.

For residents under GDPR, rights include access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability and objection; the right to withdraw consent also applies for consent-based processing.

You may submit your requests with information that can verify your identity to info@commento.co. Requests will be responded to within legal deadlines; fees or reasons for refusal may apply for excessively repetitive or unfounded requests.

11. Children's Privacy

Commento is not commercially directed at children. We do not knowingly collect personal data from individuals under the age of 18. Parents or guardians who believe their children's data has been processed may contact us.

12. Policy Changes

This Privacy Policy may be updated. In case of significant changes, notification may be provided via email or in-Service notification. The effective date is shown as "Last updated" at the top of the page; we recommend reviewing this page regularly.

13. Contact

For questions about privacy, personal data or this policy:

  • Email: info@commento.co
  • Data controller: Bigbrains Yazılım Teknolojileri Ltd. Şti., Çankaya, Ankara, Turkey