Privacy Policy — Review Copilot

Last updated: July 14, 2026

This Privacy Policy explains how Review Copilot collects, uses, shares, and protects information when a Shopify merchant installs and uses the App. It describes our practices toward Merchants; it is not a consumer-facing store privacy policy.

1. Scope

Review Copilot is an embedded Shopify app that imports product reviews, classifies them by theme, and generates AI summaries and a prioritized action plan. We act as a data processor on the Merchant’s behalf for the data described below.

2. Information we access and collect

The App requests the minimum Shopify access required. Its only access scope is read_products.

We do not request or store Shopify customer personal data. The App uses no customer-scoped Shopify permissions; reviewer names originate from your review provider, not from Shopify customer records.

3. How we use information

We do not sell your data or use it for advertising.

4. Subprocessors and sharing

We share data only with service providers that help us operate the App:

SubprocessorPurposeData involved
Amazon Web Services (AWS) Application, database, and queue hosting All App data listed in §2
Google Cloud (Cloud Run) Infrastructure hosting for our own review-analysis service. Our self-trained classification model runs here; Google does not process review content for its own purposes. Review body text
Anthropic Summary and action-plan generation only (drafting recommendations and the groundedness check that audits them). Not used for theme classification. Review body text only — never reviewer names, ratings, or store identifiers
Sentry (optional) Error/performance diagnostics; personal data excluded Technical diagnostic data
Judge.me (or your chosen provider) The review source you connect Accessed using the token you provide

How AI processing is split

Not all AI processing in the App involves a third party, and we think the distinction matters:

In both cases we send only the text of the review itself. Reviewer names, star ratings, product identifiers, and your store’s identity are never included. Anthropic does not train its models on data submitted through its API.

We may disclose information if required by law.

5. Data retention and deletion

6. Security

7. International data transfers

Your data may be processed in US East (AWS us-east-1) and by the subprocessors above, which may operate in other countries. Where required, appropriate transfer safeguards apply.

8. Your rights

Depending on your jurisdiction (e.g., GDPR, CCPA/CPRA), you may request access, correction, deletion, or export of your data. Contact us at katatsu12@gmail.com.

9. Changes to this policy

We may update this policy and will post the revised version with a new “Last updated” date.

10. Contact

Den Zubritskyi
katatsu12@gmail.com