Privacy Policy

Last updated: 2026-04-21

1. Who we are

InstantModerate operates under Common Consultancy ApS (CVR: 40295453), based at Vester Voldgade 83, 5 tv., 1552 Copenhagen K, Denmark. Contact: common@commonconsultancy.com

2. What InstantModerate does

The platform assists businesses in moderating Facebook Page comments through keyword-based rules for automatic detection and hiding of unwanted content, plus a dashboard for reviewing and managing comments.

3. Data we collect from Meta / Facebook

A) About the connecting user

  • Facebook user ID (app-scoped)
  • Name (as displayed in dashboard)
  • Email not requested or collected

B) About connected Pages

  • Page ID and name
  • Page category
  • Page access token (encrypted; see Section 8)

C) About content

  • Post ID, timestamp, and text
  • Comment ID, timestamp, and text
  • Commenter name and ID (where available)
  • Engagement metrics (likes, replies)
  • Moderation status and audit logs

Private messages and Messenger conversations are not accessed.

4. How we use the data

  • Display comments in moderation dashboard
  • Automatic keyword-based moderation
  • Audit logging of actions and timing
  • Operational reliability and error tracking

5. Legal basis and your role

Processing follows GDPR Article 6:

  • Article 6(1)(b): Service delivery
  • Article 6(1)(f): Operational security and service improvement
  • Article 6(1)(a): Consent where applicable

Organizations using the service act as data controllers; Common Consultancy ApS operates as processor. Data Processing Agreements available upon request.

6. Retention and deletion

  • Comment data: Retained for up to 90 days, then deleted or anonymized
  • Page disconnect: Associated data deleted within 7 days
  • Account deletion: All data deleted within 7 days upon request

See Data Deletion page for request procedures.

7. Sharing and sub-processors

Product data (Section 3) may be shared with:

  • Replit — Application hosting and PostgreSQL database (United States)

Marketing-website visitor data (IP address, User-Agent, referrer, and page URL) is shared with:

  • PostHog — Website analytics, EU-hosted at eu.i.posthog.com (PostHog Inc., EU data residency). Processes anonymous session events on the legal basis of GDPR Article 6(1)(f) legitimate interest (understanding how the marketing site is used). PostHog is currently configured to avoid cookies and local storage; session data lives only in memory for the duration of the visit. Visitors can opt out by enabling the browser "Do Not Track" signal.

All processors operate under data processing agreements with confidentiality obligations. Data is not sold or shared for marketing purposes.

8. Security

  • Page access tokens encrypted using AES-256-GCM
  • Multi-tenant isolation between organizations
  • Invite-only registration with role-based access
  • Complete audit logging
  • TLS/HTTPS encryption in transit

9. Your rights

Data subjects may:

  • Request access to processed personal data
  • Request corrections to inaccurate information
  • Request erasure where applicable
  • Request processing restrictions or object to processing
  • Request data portability

Contact support@instantmoderate.com. Identity verification may be required.

10. Right to lodge a complaint

Complaints regarding non-compliance with data protection laws may be filed with:

Datatilsynet
Carl Jacobsens Vej 35, 2500 Valby, Denmark
Email: dt@datatilsynet.dk
Phone: +45 33 19 32 00

11. Changes to this policy

Updates will be posted with revised dates. Regular review is recommended.

InstantModerate is a product by Common Consultancy ApS · CVR 40295453