Privacy Policy

Last Updated: November 5, 2025

            Important: Review Social is committed to protecting your privacy and complying with GDPR, CCPA, and Shopify's data protection requirements.
        

1. Introduction

Review Social ("we," "our," or "us") is a Shopify application developed by Abandoned Revenue. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify app that converts Judge.me reviews into social media content using AI.

2. Information We Collect

2.1 Information from Shopify

When you install our app, we collect:

Store Information: Store name, domain, contact email, and timezone
Product Data: Product names, images, and descriptions for review context
Order Data: Order IDs (anonymized) to verify review authenticity
Shop Owner Information: Name and email for app communications

2.2 Information from Judge.me

We collect the following review data via Judge.me webhooks:

Review text content
Star ratings
Reviewer name (if provided)
Product associated with review
Review timestamp

2.3 Information from Instagram

When you connect Instagram:

Instagram Business Account ID and username
Access tokens (encrypted) for posting
Basic profile information

2.4 AI Processing Data

Generated image prompts and outputs (via Nanobanan API)
AI-generated captions
Processing logs (retained for 30 days)

2.5 Usage Data

App interaction logs
Feature usage statistics
Error reports and diagnostics
IP addresses (anonymized after 7 days)

3. How We Use Your Information

We use collected information for:

Core Functionality: Converting reviews into social media posts
Content Generation: Using Nanobanan AI to create product images
Instagram Posting: Publishing content to your connected account
Service Improvement: Analyzing usage patterns to enhance features
Customer Support: Responding to your inquiries and issues
Security: Detecting and preventing fraud or abuse
Legal Compliance: Meeting regulatory requirements

4. Data Sharing and Third-Party Services

4.1 Third-Party Services We Use

Shopify: Platform provider (covered by Shopify's privacy policy)
Judge.me: Review data source
Nanobanan (Google Gemini): AI image generation service
Instagram (Meta): Social media posting destination

4.2 What We Share

We share data only as necessary:

With Nanobanan: Review text and product info for image generation
With Instagram: Generated posts and captions
Service Providers: Hosting, analytics, and security providers under strict confidentiality
Legal Requirements: When required by law or to protect our rights

4.3 What We Don't Share

We NEVER:

Sell your data to third parties
Share customer personal information for marketing
Use your data to compete with your business
Share data with unauthorized parties

5. Data Retention

Active Stores: We retain data while your app is installed
After Uninstall: Most data deleted within 48 hours
Backups: Retained for 30 days for recovery purposes
Legal Obligations: Some data retained longer if legally required
Aggregated Data: Anonymized analytics may be retained indefinitely

6. Data Security

We implement industry-standard security measures:

Encryption in transit (TLS 1.3) and at rest (AES-256)
Secure API token storage with rotation
Regular security audits and vulnerability assessments
Access controls and authentication
Automated backup systems
Incident response procedures

7. Your Rights (GDPR & CCPA)

You have the right to:

Access: Request a copy of your data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data
Portability: Receive your data in a structured format
Restriction: Limit how we process your data
Objection: Object to certain processing activities
Withdraw Consent: Revoke permissions at any time

To exercise these rights, contact us at support@abandonedrevenue.com

8. Cookies and Tracking

We use minimal cookies:

Essential Cookies: Required for app functionality (session management)
Analytics: Anonymized usage tracking (you can opt-out)

We do NOT use advertising cookies or cross-site tracking.

9. Children's Privacy

Our app is not intended for users under 16 years of age. We do not knowingly collect data from children.

10. International Data Transfers

Your data may be processed in the United States and other countries. We ensure adequate protection through:

Standard Contractual Clauses (SCCs)
GDPR-compliant data processing agreements
Regular compliance audits

11. Data Deletion Process (Shopify Requirements)

When you uninstall the app or request data deletion:

We receive an automatic webhook from Shopify
Customer data is queued for deletion within 48 hours
Encrypted backups are purged within 30 days
You can also manually request deletion at /data-deletion/

12. Changes to This Policy

We may update this policy periodically. We'll notify you via:

Email to your registered address
In-app notification
Update notice on this page

Continued use after changes constitutes acceptance.

13. Shopify-Specific Disclosures

This app complies with Shopify's API Terms of Service and App Store Requirements:

We access only the data necessary for app functionality
We respect Shopify's data protection standards
We implement Shopify's mandatory webhooks (GDPR, uninstall)
We do not store Shopify access tokens beyond necessary duration

14. Contact Us

Data Controller: Abandoned Revenue

Email: support@abandonedrevenue.com

Support Page: reviewsocial.abandonedrevenue.com/support

Data Deletion Request: reviewsocial.abandonedrevenue.com/data-deletion

EU Representative: If you are located in the EU and have concerns about our data practices, you have the right to lodge a complaint with your local Data Protection Authority.

← Back to Home | Terms of Service | Support