StarFlow Reviews
Privacy Policy

Personal information the App collects

When you install the App, we access the following types of information from your Shopify account through the Shopify Admin API:

• Product data (read_products, write_products): Product titles, handles, and IDs to associate reviews with the correct products and write star rating metafields for theme widget display
• Order data (read_orders): Order fulfillment status and customer email addresses to trigger review request emails after delivery
• Customer data (read_customers): Customer names and email addresses to link reviews with customer accounts and display "Verified Buyer" badges
• Content data (read_content): Metaobject and metafield data used to store and retrieve app configuration settings
• Theme data (read_themes, write_themes): Theme file access to verify whether the app embed block is enabled in the merchant's active theme
• File uploads (write_files): Ability to upload review photos and media to Shopify Files on behalf of the merchant
• Discount data (read_discounts, write_discounts): Access to create and manage discount codes used as review incentives
• Metaobject data (write_metaobject_definitions, write_metaobjects): Used to store app settings as structured metaobjects within the merchant's Shopify account

We also collect the following information directly from you and your customers once the App is installed:

• Review content: Star ratings, review text, reviewer name, reviewer email address, and optionally uploaded photos or videos submitted through the storefront review form
• Merchant account details: Your name, email address, and billing information as provided during app installation and plan selection through Shopify's billing system
• Storefront visitor data: IP addresses, browser type, device information, and time zone of visitors who interact with review widgets on your store
• Email engagement data: Open rates, click-through rates, and delivery status for review request emails sent through the App
• Analytics data: Aggregated review metrics including average ratings, review volume over time, rating distribution, top-reviewed products, and source breakdown

We collect personal information directly from the relevant individual, through your Shopify account, or using the following technologies:

• Cookies: Session cookies are used for embedded app authentication within the Shopify admin. We do not place tracking cookies on your customers' devices. For more information about cookies and how to disable them, visit allaboutcookies.org.
• Log files: Server logs track actions within the App and collect data including IP addresses, browser type, referring pages, and timestamps. These logs are used for debugging and security monitoring.
• Email tracking pixels: Review request emails may contain a 1x1 transparent tracking pixel to record open events and wrapped links to track click events. This data appears in the App's email analytics.

How we use your personal information

We use the personal information we collect from you and your customers to provide the Service and operate the App. Here is how we use each category of data:

• Sending review requests: We use order fulfillment data and customer email addresses to send automated review request emails after a configurable delay period
• Displaying reviews: We use review content (text, ratings, photos, videos, reviewer names) to render review widgets on your storefront through theme app extension blocks
• Moderation: We store review data in our database so you can approve, reject, reply to, or flag reviews from the App's admin interface
• Analytics: We aggregate review data to generate charts and reports showing rating trends, review volume, top products, and source breakdown in the App's dashboard
• Review incentives: If you enable discount code incentives, we use the Shopify Discounts API to create codes that are sent to customers who submit reviews
• WhatsApp requests (Growth plan): If you configure Twilio WhatsApp integration, we use customer phone numbers from order data to send review requests via WhatsApp
• SEO rich snippets: We write product review aggregate rating data to Shopify metafields so that structured data (schema.org) appears in search engine results
• Account communication: We use your merchant email address to send service-related notifications, such as new review alerts and dispute notifications
• Improving the App: We use aggregated, anonymized usage data to identify bugs, improve features, and optimize performance

We do not use your data or your customers' data for behavioral advertising or targeted marketing. We do not sell personal information to third parties.

Sharing your personal information

We share personal information with the following third-party services only as needed to operate the App:

• Shopify: The App communicates with Shopify's Admin API, Billing API, and webhook system as part of normal operation. Payment processing for app subscriptions is handled by Shopify's billing system. We follow Shopify's Partner Program Agreement and security requirements.
• Resend (email delivery): If you use the default email provider, review request emails are sent through Resend. Resend receives the recipient's email address, email subject, and email body content. See Resend's privacy policy.
• Custom SMTP (Growth plan): If you configure your own SMTP server, email data is sent through your chosen provider (Gmail, SendGrid, Mailgun, Amazon SES, or other). We do not control those providers' data practices.
• Twilio (Growth plan): If you enable WhatsApp review requests, customer phone numbers and message content are sent through Twilio. See Twilio's privacy policy.
• Cloudinary (Starter and Growth plans): If you configure Cloudinary for image storage, review photos are uploaded to Cloudinary. See Cloudinary's privacy policy.
• Amazon S3 (Growth plan): If you configure Amazon S3, review photos and media are stored in your S3 bucket. We use your provided credentials to upload files. See AWS privacy policy.
• Hosting infrastructure: The App runs on secure cloud servers. Our hosting provider processes data on our behalf under a data processing agreement and only receives the minimum data needed to serve requests.

We may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful request for information, or to protect our rights.

We do not share aggregated analytics or review data with any other merchants. Each merchant's data is isolated to their own account.

Your rights

European residents (GDPR)

If you are a European resident, you have the right to access the personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

We process your information to fulfill contracts we have with you (for example, providing the review management service you installed) or to pursue our legitimate business interests listed above. Your information may be transferred outside of Europe, including to the United States, where our servers are located.

California residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use it, the right to request deletion of your personal information, and the right to opt out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact us using the information below.

All merchants

Regardless of your location, you can request a copy of your data or ask us to delete it by emailing us. We respond to all data-related requests within 30 days.

Data retention

We retain your data according to these timeframes:

• Reviews and review media: Stored for as long as you actively use the App. Reviews remain in the database until you delete them individually, export and delete in bulk, or uninstall the App.
• Email logs and tracking data: Stored for up to 12 months to support the analytics dashboard and email delivery troubleshooting.
• App settings and configuration: Stored as Shopify metaobjects in your Shopify account for as long as the App is installed.
• Analytics and aggregated data: Review statistics and aggregated metrics are stored for up to 12 months to enable trend reporting.
• After uninstallation: When you uninstall the App, Shopify sends a shop/redact webhook 48 hours later. Upon receiving this webhook, we delete all reviews, email logs, review requests, analytics data, and configuration associated with your store within 30 days. Some anonymized, aggregated data that cannot identify individual merchants or customers may be retained for internal reporting.

If you want your data deleted before uninstalling, or if you want to confirm deletion after uninstalling, email us and we will process your request within 30 days.

Data security

We take the following measures to protect your information:

• All data transmitted between your browser, the App, and Shopify is encrypted with SSL/TLS
• Database access is restricted to authorized processes only, using role-based access controls
• API secret keys and credentials are stored in environment variables, never in source code
• The App uses Shopify session tokens for authentication, not third-party cookies
• Webhook payloads are verified using Shopify HMAC signatures before processing
• We do not store Shopify access tokens outside of the encrypted session storage managed by @shopify/shopify-app-session-storage-prisma

Mandatory compliance webhooks

The App subscribes to all three mandatory compliance webhooks required by Shopify:

• customers/data_request: When a customer requests their personal data, we compile all review content, email logs, and review requests associated with that customer's email address and return the data to the merchant.
• customers/redact: When a customer requests deletion of their personal data, we anonymize or delete all review content, review requests, email logs, and WhatsApp logs associated with that customer's email address for the requesting store.
• shop/redact: 48 hours after a merchant uninstalls the App, we delete all reviews, review replies, review requests, email logs, analytics data, dispute records, and configuration data associated with that store.

Changes to this policy

We may update this privacy policy from time to time to reflect changes to our practices or for legal, operational, or regulatory reasons. When we make changes, we update the "Last Updated" date at the top of this page. For material changes, we notify you through the StarFlow Reviews app dashboard or by email to the address associated with your Shopify account.