@simon Maybe it would be helpful to look at the privacy policy/FAQs of something like Disqus or Discourse, even if you’re not planning on using them? They might have some guidance for their users on how to embed their comments in a GDPR-compliant way.