Simple Commenter

Kent · 24 May 2025 11:09

Just came across Simple Commenter on AppSumo, looks like a super handy tool for anyone working with clients. It lets them leave feedback directly on your live site, right in context, without endless email threads. Should be a great time-saver for developers managing revisions and approvals!

GKs · 24 May 2025 13:51

Isn’t it a potential security risk, that the tool always loads and executes JS from a server outside your control ? The code could be changed at any time to perform anything on every users browser …

Kent · 25 May 2025 09:03

That’s a really good question, I hadn’t thought of that. I’ve asked them and will let you know what they say.

mitchellm · 26 May 2025 07:55

Either Kent posted at the AppSumo site or another person asked a similar question. Here was the question and answer:

Question: Hi, I’ve already grabbed the LTD, great tool so far! Quick question on security: since the JS is loaded from your servers, it can execute code on every page it’s embedded in. That means it could, in theory, be changed at any time and access user data, cookies, etc. I know this is common with SaaS tools, but for client-facing sites, it’s something I need to consider carefully. Do you have safeguards like versioning, integrity checks, or plans for a self-hosted/static JS option? And how are you handling compliance (e.g. GDPR) around this? Thanks!

Answer by Developer: I designed this tool mainly for use on preview URLs, not for live production sites, so I recommend removing the script before launching. That said, I know some users do keep it on live environments.

It’s true that any externally loaded script, including mine, could be changed at any time, so trust in the provider is important—recent incidents like the Honey extension show why this matters.

I’m based in the EU and fully accountable under EU law, including GDPR compliance. If you have specific security or compliance concerns, I’m happy to discuss them further.

Regarding GDPR - all our servers and databases are located in Stockholm, Sweden, ensuring that data is stored and processed within the EU. Secondly we only collect data critical for the app’s functionality, to adhere to GDPR’s data minimization rules.

Then we secure data with trusted data centers, HTTPS/TLS encryption for data in transit, encryption for data at rest, and strict access controls. We use referrer checks ensure the Simple Commenter script only works on your authorized website, preventing unauthorized use.

To further comply with GDPR, we’re transparent about data use and support user rights, like data access or deletion requests. Our analytics tool is GDPR-compliant, avoiding invasive tracking or retargeting to respect user privacy.

mitchellm · 26 May 2025 07:57

I’ve already purchased Simple Commenter at the sale price and, in my first day of use, am already finding it quite helpful. It’s great that a person can offer feedback via computer, tablet, or phone.

Kent · 26 May 2025 08:07

Yes that was me :-)

mitchellm · 28 May 2025 03:27

Kent: thanks so much for bringing Simple Commenter to our attention. I never would have known about it otherwise!