The site operates at https://sproutsfeedbackcom.cfd and serves as a platform where users can share feedback, ask questions, and interact through comments. All server operations run on a secure Linux environment located in the United States, employing TLS encryption for data transmission. The domain registration is managed by a reputable registrar, and routine audits are performed to compliance with privacy standards.
User Comments Data Collection Details
When a visitor submits a comment, we record the name, email address, website URL (if provided), the exact timestamp, the visitor’s IP address, and the browser’s user‑agent string. This information helps differentiate genuine comments from automated spam and enables us to apply rate‑limiting rules. The data is stored in a relational database with encrypted fields for email addresses. In , a hash of the email address may be sent to the Gravatar service to retrieve an avatar image; the service’s privacy policy is available at https://automattic.com/privacy/. After a comment is approved, the associated avatar, if any, appears alongside the comment for all site visitors.
Image Upload and EXIF Data
Users may attach image files to their posts or comments. Before uploading, we recommend stripping any embedded geographic coordinates (EXIF GPS) or camera metadata to protect privacy. Tools such as exiftool or built‑in photo editors can remove this data. Once an image is publicly accessible, any visitor can download it and extract remaining metadata using standard utilities. We do not retain original EXIF data on our servers, and each uploaded file is scanned for viruses before being stored in a read‑only bucket.
Cookie Usage for Comments and Sessions
If a visitor opts to save their name, email, and website when commenting, a cookie named comment_author_* stores this information for one year, allowing the form to pre‑fill on subsequent visits. This cookie contains no personal identifiers beyond the values the user entered.
When a user reaches the login page, a temporary session cookie named wp_test_cookie is set to verify that the browser accepts cookies; it is cleared when the browser closes and holds no personal data.
Upon successful authentication, several cookies are created: wordpress_logged_in_* (valid for two days) maintains the logged‑in state, wp-settings-* (valid for one year) preserves display preferences such as admin toolbar visibility, and the optional “Remember Me” feature extends wordpress_logged_in_* to fourteen days. Logging out triggers immediate deletion of these authentication cookies.
When an author edits or publishes a post, a cookie called wp_postpass_* records the post ID for a single day, enabling the editor to return to the same article without reloading the edit screen. This cookie does not include any personal identifiers.
Third‑Party Embedded Media Behavior
Articles may contain embedded elements such as YouTube videos, Vimeo clips, or Twitter posts. These embeds load content directly from the originating service, causing the visitor’s browser to establish a connection with the third‑party server. As a result, the external site may collect the visitor’s IP address, set its own cookies, and track interaction metrics such as play count or scroll position. If the visitor is logged into the third‑party service, additional profile data may be linked to the interaction.
Data Recipients for Password Resets
When a user requests a password reset, an automated email is dispatched containing a unique reset link. The email includes the requesting IP address and the time of the request, allowing us to detect unusual activity. The reset message is sent via a secure email service provider that stores the log of sent messages for a limited retention period for troubleshooting and compliance.
Retention Periods for User Information
All submitted comments and their associated metadata are retained indefinitely in the primary database. This enables automatic recognition of returning commenters and streamlines moderation by bypassing the queue for known participants. Database backups are performed nightly and stored for thirty days, ensuring that comment data can be restored if needed.
Registered users (if any) have a profile that stores their chosen display name, email address, and optional website URL. Users may view, modify, or delete any of these fields at any time through the account dashboard, except for the immutable username. Site administrators possess the ability to edit user profiles for support purposes. All profile records are retained until the user explicitly requests deletion or the account is deactivated.
User Rights Regarding Personal Data
with an account or who have left comments can submit a data access request to receive a machine‑readable file containing all personal information we hold about them. The request can include a demand for erasure of all stored data, except for records required by law, such as security logs or financial transaction records. Requests are processed within thirty days, and confirmation is sent to the user’s registered email address.
External Services Receiving Visitor Data
Comments are evaluated by an automated spam detection service that analyzes the comment content, IP address, email hash, and user‑agent string. The service returns a spam score, which determines whether the comment is held for review or published automatically. No additional personal data beyond what is necessary for spam assessment is transmitted to third parties.