Privacy Policy

InstantModerate is a product by Common Consultancy ApS (CVR: 40295453), registered at Vester Voldgade 83, 5 tv., 1552 Copenhagen K, Denmark.

For questions regarding this policy or your personal data, contact us at common@commonconsultancy.com.

InstantModerate is a software-as-a-service platform that helps businesses moderate comments on their Facebook Pages. It uses keyword-based rules to automatically detect and hide unwanted comments, and provides a dashboard for reviewing, hiding, unhiding, deleting, liking, replying to, and blocking the authors of comments.

When you connect your Facebook account and Pages to InstantModerate, we collect and store the following categories of data:

A) About the connecting user

• Facebook user ID (app-scoped)
• Name (as displayed in the InstantModerate dashboard)

We do not request or collect your email address from Facebook.

B) About connected Pages

• Page ID and Page name
• Page category
• Page access token (stored encrypted; see Section 8)

C) About content

• Post ID, timestamp, and text
• Comment ID, timestamp, and text
• Commenter name and commenter ID (where available)
• Engagement metrics (like count, reply count)
• Moderation status (visible, hidden, which keyword rule matched, audit log events)

We do not access private messages, Messenger conversations, or any data beyond public Page content.

• Display comments in the moderation dashboard (filtering, searching, sorting)
• Automatic keyword-based moderation (auto-hide matching comments)
• Audit logging (who performed which action and when)
• Operational reliability (error logs, without tokens or secrets)

We process personal data in accordance with Article 6 of the GDPR. Processing is based on:

• Article 6(1)(b) (performance of a contract) — where processing is necessary to provide the InstantModerate service to customers.
• Article 6(1)(f) (legitimate interest) — where processing is necessary to operate, secure, and improve the service, including logging, auditing, and abuse prevention.
• Article 6(1)(a) (consent) — where applicable, such as when users voluntarily provide information or connect third-party services.

If you use InstantModerate on behalf of a business or organization, that entity is the data controller and Common Consultancy ApS acts as the data processor. A separate Data Processing Agreement is available upon request.

• Comment data: We retain comments and related moderation data for up to 90 days, after which they are automatically deleted or anonymized.
• Page disconnect: When a Page is disconnected, all associated data (comments, tokens, audit events) is deleted within 7 days.
• Account deletion: Upon request, we delete all account data and associated organization data within 7 days.

For details on how to request data deletion, see our Data Deletion page.

We may share personal data with trusted service providers acting as data processors, solely for the purpose of operating and maintaining the service. These include:

• Scalingo — Application hosting (France / EU)
• Render — PostgreSQL database hosting (United States)

All processors act under data processing agreements and are subject to appropriate confidentiality and security obligations.

We do not sell, rent, or otherwise share your data with third parties for marketing or advertising purposes.

We take appropriate technical and organizational measures to protect your data:

• Page access tokens are encrypted at rest using AES-256-GCM
• Multi-tenant isolation ensures strict separation between organizations
• Access is controlled through invite-only registration and role-based permissions
• All actions are recorded in an audit log
• All connections use TLS/HTTPS encryption in transit

As a data subject, you have the right to:

• Request access to the personal data we process about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your personal data ("right to erasure") where applicable.
• Request restriction of processing or object to processing in certain cases.
• Request data portability where technically feasible.

Requests can be made by contacting us at support@instantmoderate.com. We may need to verify your identity before fulfilling your request.

If you believe that our processing of your personal data does not comply with applicable data protection laws, you have the right to lodge a complaint with your local data protection authority.

In Denmark, this is:

Datatilsynet
Carl Jacobsens Vej 35, 2500 Valby
Email: dt@datatilsynet.dk
Phone: +45 33 19 32 00

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.