Privacy Policy
Last updated: May 5, 2026
Welcome to Reviewo. This Privacy Policy explains how Reviewo ("we," "us," or "our") collects, uses, and shares your personal information when you use our Shopify reviews application and website at reviewo.app (collectively, the "Service"). Reviewo is operated from Slovakia. By installing or using the Service, you agree to the terms of this Privacy Policy.
We are committed to complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, and the California Privacy Rights Act (CPRA).
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18.
1. Who This Policy Covers
This Policy applies to:
- Merchants — Shopify store owners who install and use the Reviewo app.
- Shoppers / Reviewers — Customers of Merchants who submit reviews, ratings, or photos through Reviewo.
- Website Visitors — Anyone who visits reviewo.app.
2. Information We Collect
From Merchants (via Shopify)
When you install Reviewo from the Shopify App Store, we receive the following information from your Shopify account:
- Store name, URL, and plan details
- Merchant name and email address
- Order data (order IDs, products purchased, fulfillment dates) — used to send automated review request emails
- Product data (titles, images, IDs) — used to display reviews on your storefront
- Customer names and email addresses — used solely to send review request emails on your behalf
From Shoppers / Reviewers
When a shopper submits a review through Reviewo (via email invitation, widget, or public review page), we collect:
- Name and email address
- Star rating and written review content
- Photos or videos attached to the review
- Slider ratings (e.g., fit, quality, value) if enabled by the Merchant
- Device type, browser, and IP address (for fraud prevention and analytics)
From Website Visitors
When you visit reviewo.app, we automatically collect:
- IP address and approximate location
- Browser type, device information, and operating system
- Pages visited, time spent, and interactions on the site
- Referral source
Information You Provide Directly
If you contact us via email or a contact form, we collect your name, email address, and the contents of your message.
3. How We Use Your Information
To Provide the Service
- Send automated review request emails to Merchant customers on the Merchant's behalf
- Collect, store, moderate, and display reviews, ratings, and photos on Merchant storefronts
- Power the Reviewo widget embedded in Shopify stores
- Provide Merchants with a dashboard to manage their reviews and analytics
- Enable features such as review filtering, Q&A, and changelog/roadmap (if enabled)
For Legitimate Business Purposes
- Monitor and improve the performance, reliability, and security of the Service
- Detect and prevent fraud, spam, and inauthentic reviews
- Respond to support requests and inquiries
- Analyze aggregate usage patterns to improve features
- Send Merchants transactional and product update emails
- Send Merchants marketing communications (you can opt out at any time)
- Comply with legal obligations
For Shoppers / Reviewers
We process reviewer information solely to facilitate the review submission and display process on behalf of the Merchant. We do not use reviewer data for our own marketing purposes without consent. Please note that reviews you submit may be publicly visible on the Merchant's storefront and on the Reviewo public review page.
4. Cookies and Tracking
We use cookies and similar technologies on reviewo.app for the following purposes:
- Essential cookies — required for the Service to function (e.g., session management)
- Analytics cookies — to understand how visitors use our website (e.g., page views, clicks). We may use tools such as Google Analytics.
- Marketing cookies — to serve relevant ads and measure their effectiveness (only with your consent)
You can adjust your cookie preferences through your browser settings. Disabling certain cookies may affect functionality of the Service.
5. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
Service Providers
We share information with trusted third-party vendors who help us operate the Service, including cloud hosting, email delivery, payment processing, analytics, and customer support. These providers are contractually obligated to use your information only as directed by us and in accordance with this Policy.
Merchants
Reviewers' submitted content (name, review text, rating, photos) is shared with the Merchant whose store the review was collected for, and may be displayed publicly on that Merchant's storefront. To understand how a Merchant uses this data, please refer to that Merchant's own privacy policy.
Legal Requirements
We may disclose personal information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers
If Reviewo is involved in a merger, acquisition, asset sale, or similar transaction, your personal information may be transferred as part of that transaction. We will notify you before your information is subject to a different privacy policy.
Aggregate / De-Identified Data
We may share aggregated or anonymized data that cannot identify you personally with partners, researchers, or the public for any lawful purpose.
6. Data Retention
We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this Policy. Specifically:
- Merchant data — retained while your Reviewo account is active. When you uninstall the app, we keep your data in case you reinstall, so your reviews and settings are not lost. We fully delete your merchant data when Shopify issues a shop data erasure request on your behalf (typically within 48 hours of uninstall for stores in protected regions such as the EU and California), or when you explicitly request deletion at support@reviewo.app.
- Reviewer data — retained for as long as the associated review is active. Upon receiving a customer data erasure request from Shopify, or a direct request at support@reviewo.app, we anonymize the reviewer's name and email across their reviews and comments, and delete any pending email invitations. We action such requests within one month, in line with GDPR requirements.
- Website visitor data — retained for up to 24 months in analytics systems.
- Import CSV diagnostics — when a Merchant uploads a reviews CSV through the in-app import wizard and the import fails in a way that suggests the importer itself is missing support for the file format (for example, a required column could not be auto-mapped or no products matched the merchant's catalog), we may retain a copy of that CSV in private encrypted storage for up to 60 days. This is used solely to diagnose and fix import compatibility issues so the merchant can complete their migration. Successfully processed imports and CSVs with only minor per-row errors are not retained. Reviewers whose data appeared in such a CSV may request deletion at support@reviewo.app.
7. Security
We implement commercially reasonable technical and organizational measures to protect your personal information against unauthorized access, loss, or disclosure — including encryption in transit (TLS), access controls, and regular security reviews. However, no system is completely secure. We encourage you to use strong passwords and to contact us immediately if you suspect any unauthorized access to your account.
8. Your Privacy Choices and Rights
For All Users
- Marketing opt-out — You can unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email we send.
- Access and correction — You may request access to or correction of your personal information by contacting us at support@reviewo.app.
- Deletion — You may request deletion of your personal information. We will honor requests subject to any legal obligations to retain certain data.
For Reviewers
If you submitted a review and wish to have it updated or removed, please contact the Merchant directly or email us at support@reviewo.app and we will work with the Merchant to fulfill your request.
9. Additional Rights for EU / UK Residents (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR / UK GDPR:
- Right of access — receive a copy of the personal data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restriction — ask us to pause processing in certain circumstances
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interest or for direct marketing
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing
Legal Bases for Processing
- Performance of a contract — processing necessary to provide the Service to Merchants
- Legitimate interests — operating, securing, and improving the Service; fraud prevention; analytics
- Consent — marketing emails; non-essential cookies
- Legal obligation — compliance with applicable laws
International Data Transfers
Your personal data may be transferred to and processed in countries outside the EEA, including the United States. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for such transfers.
Lodging a Complaint
If you believe we have processed your personal data in violation of the GDPR, you have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO).
10. Additional Rights for California Residents (CPRA)
If you are a California resident, you have the following rights under the California Privacy Rights Act (CPRA):
- Right to know — the categories and specific pieces of personal information we have collected about you in the past 12 months
- Right to delete — request deletion of your personal information, subject to certain exceptions
- Right to correct — request correction of inaccurate personal information
- Right to opt-out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising
- Right to limit use of sensitive personal information — where applicable
- Right to non-discrimination — we will not discriminate against you for exercising your CPRA rights
Categories of Personal Information Collected (CPRA)
| Category | Collected? | Examples |
|---|
| Identifiers | Yes | Name, email address, IP address, store URL |
| Personal information (Cal. Civ. Code §1798.80) | Yes | Name, email address |
| Commercial information | Yes | Order history, products purchased (from Shopify) |
| Internet / network activity | Yes | Interactions with the Service, browser type, pages visited |
| Geolocation data | Yes (approximate) | Derived from IP address |
| Biometric information | No | — |
| Inferences from personal information | No | — |
We do not sell personal information and have not done so in the past 12 months. To exercise your CPRA rights, contact us at support@reviewo.app. We will verify your identity before processing your request and respond within 45 days.
11. "Do Not Track" Signals
We do not currently respond to "Do Not Track" signals from web browsers, as there is no industry-standard approach to honoring such signals. We may allow third-party analytics providers to collect data about your browsing behavior on our Service.
12. Updates to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify active Merchants by email. Continued use of the Service after changes become effective constitutes your acceptance of the updated Policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:
We aim to respond to all privacy-related inquiries within 30 days.