Privacy policy
Last updated: June 11, 2026
Review Rabbit is a Shopify app that helps merchants collect and display product reviews and post-purchase surveys. This policy explains what data we handle, why, and what happens to it. We’ve tried to keep it readable — if anything is unclear, email support@reviewrabbit.app.
Who’s who
When a merchant installs Review Rabbit on their Shopify store, the merchant is the data controller for their customers’ personal data. Review Rabbit acts as a data processor, handling that data only to provide the service the merchant configured. For the merchant’s own account data (store name, contact email, subscription state), Review Rabbit is the controller.
What we collect
From the merchant’s store (via Shopify)
- Store profile: store domain, store name, contact email, timezone, and plan information.
- Order events: when an order is fulfilled, cancelled, or refunded, Shopify sends us the order ID, the products in it, and the customer’s name, email address, customer ID, and marketing-consent status. We use this to schedule and cancel review requests.
From the merchant’s customers
- Review content: star rating, review text, optional photos, and the name shown with the review. Photos are stored in the merchant’s own Shopify file storage.
- Survey answers: the question asked, the answer chosen, and the customer ID. Survey answers are also written to the customer’s record in the merchant’s Shopify store (metafields in the
review_rabbitnamespace) so the merchant can use them in Shopify’s own tools. - Email engagement: review-request emails record delivery, open, click, bounce, and complaint events so merchants can see what happened and so we stop emailing people who unsubscribe or bounce.
What we don’t collect
- Payment details. Billing runs entirely through Shopify; we never see card numbers.
- Tracking cookies. The embedded admin uses Shopify session tokens; storefront review widgets don’t set cookies; the review form uses your browser’s local storage only to save an unfinished draft on your own device.
How we use data
- Sending review requests and reminders the merchant configured.
- Displaying approved reviews in the merchant’s storefront.
- Recording and aggregating survey answers for the merchant.
- Notifying the merchant about new reviews (per-review or daily digest, per their settings).
- Operating, securing, and debugging the service.
We do not sell personal data, and we do not use customer data for advertising or to train AI models.
Unsubscribes
Every review-request email includes a one-click unsubscribe. Unsubscribes, bounces, and complaints are added to a suppression list so the address is never emailed again — we keep a one-way cryptographic hash of the address (not the address itself) so the suppression survives even if the rest of the customer’s data is deleted.
Where data lives (subprocessors)
We use a small set of infrastructure providers to run the service:
- Fly.io — application hosting (United States).
- Neon — Postgres database (AWS, United States).
- Resend — email delivery and engagement events.
- Upstash — background job queue (message metadata only).
- Shopify — platform APIs and file storage for review photos.
- Cloudflare — DNS and inbound email routing for our own domain.
Data is processed in the United States. Where EU/UK personal data is involved, transfers rely on our providers’ standard contractual clauses.
Retention and deletion
- We keep data for as long as the app is installed and the merchant needs it to operate reviews and surveys.
- When a merchant uninstalls the app, pending review requests are cancelled immediately. Shopify then sends us a deletion request for the store’s data, which we honor.
- Customer deletion: when Shopify sends a customer-redaction request (for example after a GDPR erasure request to the merchant), we delete or anonymize that customer’s personal data in our systems. The suppression hash described above is retained so opt-outs keep working.
- Customer data export: when Shopify sends a data request, we compile everything we hold on that customer (reviews, review requests, survey responses) and provide it to the merchant to pass on.
Your rights
If you’re a shopper who left a review or answered a survey, the store you bought from is the controller of your data — contact them to access, correct, or delete it, and they can route the request through Shopify to us. If you contact us directly at support@reviewrabbit.app, we’ll help or forward the request to the right place.
Security
Data is encrypted in transit (TLS) and at rest. Access to production systems is limited and authenticated. Review photos are validated and re-encoded on upload, and identifying camera metadata (EXIF) is stripped.
Changes
If we make material changes to this policy, we’ll update the date at the top and, for significant changes, notify merchants in the app or by email.
Contact
Review Rabbit · support@reviewrabbit.app