Privacy Policy — Review Copilot
Last updated: July 14, 2026
This Privacy Policy explains how Review Copilot collects, uses, shares, and protects information when a Shopify merchant installs and uses the App. It describes our practices toward Merchants; it is not a consumer-facing store privacy policy.
1. Scope
Review Copilot is an embedded Shopify app that imports product reviews, classifies them by theme, and generates AI summaries and a prioritized action plan. We act as a data processor on the Merchant’s behalf for the data described below.
2. Information we access and collect
The App requests the minimum Shopify access required. Its only access scope is read_products.
- Store information — your
myshopify.comdomain and the Shopify-issued access token used to call the Shopify API on your behalf. - Product catalog (read-only) — product IDs, titles, images, and categories, via the Shopify Admin API.
- Integration credentials — a Judge.me API token you choose to provide so the App can retrieve your reviews. Stored encrypted at rest.
- Review data (imported from your connected provider, e.g. Judge.me) — review text, star rating, the reviewer display name as provided by that provider, and review date. From this we derive theme tags and AI-generated summaries/action items.
- Diagnostic data — limited error/performance data for reliability (see §4). Configured to exclude personal data by default.
We do not request or store Shopify customer personal data. The App uses no customer-scoped Shopify permissions; reviewer names originate from your review provider, not from Shopify customer records.
3. How we use information
- Retrieve and store your product catalog and reviews.
- Classify each review into themes (e.g., sizing/fit, shipping, quality).
- Generate per-product and store-wide summaries and a prioritized, evidence-cited action plan, including a groundedness check on recommendations.
- Operate, secure, debug, and improve the App.
We do not sell your data or use it for advertising.
4. Subprocessors and sharing
We share data only with service providers that help us operate the App:
| Subprocessor | Purpose | Data involved |
|---|---|---|
| Amazon Web Services (AWS) | Application, database, and queue hosting | All App data listed in §2 |
| Google Cloud (Cloud Run) | Infrastructure hosting for our own review-analysis service. Our self-trained classification model runs here; Google does not process review content for its own purposes. | Review body text |
| Anthropic | Summary and action-plan generation only (drafting recommendations and the groundedness check that audits them). Not used for theme classification. | Review body text only — never reviewer names, ratings, or store identifiers |
| Sentry (optional) | Error/performance diagnostics; personal data excluded | Technical diagnostic data |
| Judge.me (or your chosen provider) | The review source you connect | Accessed using the token you provide |
How AI processing is split
Not all AI processing in the App involves a third party, and we think the distinction matters:
- Theme classification runs on our own model. Reviews are tagged by a classification model we trained and host ourselves. This step sends review content to no third-party AI provider — not Anthropic, not anyone else.
- Only summaries and action plans use Anthropic. To draft the written summary and the prioritized action plan (and to audit each recommendation against the reviews it cites), we send review body text to Anthropic’s API.
In both cases we send only the text of the review itself. Reviewer names, star ratings, product identifiers, and your store’s identity are never included. Anthropic does not train its models on data submitted through its API.
We may disclose information if required by law.
5. Data retention and deletion
- We retain your data while the App is installed.
- When you uninstall the App, or when Shopify sends a
shop/redactrequest, we delete your store record and all associated products, reviews, summaries, and stored credentials. - We honor Shopify’s mandatory compliance webhooks:
customers/data_request,customers/redact, andshop/redact. Because we store no Shopify-customer-keyed personal data, the customer data-request and redaction webhooks are acknowledged and logged; shop redaction deletes all of your store’s data. - You can disconnect a review provider at any time by clearing its token in Settings.
6. Security
- Integration tokens are encrypted at rest; the Shopify access token is stored via Shopify’s app framework.
- All traffic is served over TLS/HTTPS.
- Access to production systems is restricted.
- No method of transmission or storage is 100% secure, but we work to protect your data using industry-standard measures.
7. International data transfers
Your data may be processed in US East (AWS us-east-1) and by the subprocessors above, which may operate in other countries. Where required, appropriate transfer safeguards apply.
8. Your rights
Depending on your jurisdiction (e.g., GDPR, CCPA/CPRA), you may request access, correction, deletion, or export of your data. Contact us at katatsu12@gmail.com.
9. Changes to this policy
We may update this policy and will post the revised version with a new “Last updated” date.
10. Contact
Den Zubritskyi
katatsu12@gmail.com