Skip to content

Privacy Policy

This Privacy Policy explains how Galaxy Web Links ("we", "us", or "our") collects, uses, stores, and protects personal data when you install or use the ReviewInsights application (the "App") on a Shopify store.

1. Introduction

ReviewInsights helps Shopify merchants collect, moderate, display, and manage product reviews on their storefronts, including support for theme extensions, app proxy endpoints, Hydrogen/headless integrations, and aggregated product rating widgets.

We are committed to protecting the privacy of merchants and their customers. This policy is designed to meet Shopify App Store requirements and to help you understand our data practices in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR), UK GDPR, and other regional privacy regulations.

This page is provided for informational purposes and does not constitute legal advice. If you have questions about how privacy laws apply to your business, please consult a qualified legal professional.

2. Who This Policy Applies To

  • Merchants who install and use the App in the Shopify admin.
  • Merchant staff who access the App through a Shopify user account.
  • Customers and store visitors who submit product reviews or interact with review widgets displayed on a merchant's storefront.

3. Information We Collect Through Shopify APIs

When a merchant installs the App, we access certain data from the merchant's Shopify store through Shopify's APIs, only as needed to provide the App's functionality and within the permissions granted during installation. This may include:

  • Store domain and shop identifier
  • Product information (such as product IDs, titles, handles, and images)
  • Product metafields used to store aggregated review ratings and review counts
  • Files uploaded to Shopify when review images are stored in the merchant's store
  • App installation, authentication, and session information required to operate the App
  • Billing and subscription status through Shopify App Pricing

We do not request access to customer order data, payment information, or other Shopify data beyond what is required for the App's review management features.

4. Information We Collect Directly From Merchants

When merchants use the App, we may collect and store:

  • Shopify staff account details provided during authentication (such as name, email address, user ID, and locale), where available through Shopify's online session
  • App configuration and display settings (such as widget colors, layout preferences, and text labels)
  • Review moderation actions, bundle configurations, and app usage data necessary to operate the service
  • Technical logs related to app performance, errors, and security events

5. Information We Collect From Merchants' Customers

When a store visitor submits a product review through a merchant's storefront widget, app proxy endpoint, or headless API integration, we may collect:

  • Reviewer name
  • Email address
  • Star rating, review title, and review content
  • Product identifier associated with the review
  • Optional review images submitted with the review
  • Store domain and technical request metadata needed to process the submission

Customer email addresses are collected to help merchants moderate reviews and to support data subject requests. Public storefront displays do not expose reviewer email addresses.

The App does not use cookies, pixels, or other tracking technologies on customer devices for advertising or cross-site profiling. Review widgets load review data through API requests initiated by the merchant's storefront.

6. How We Use Information

We use the information we collect solely to:

  • Provide, operate, maintain, and improve the App's review features
  • Display reviews and aggregated ratings on merchant storefronts
  • Allow merchants to approve, reject, edit, import, export, and syndicate reviews
  • Store review images and update product metafields in the merchant's Shopify store
  • Authenticate merchants and enforce app access and billing requirements
  • Respond to merchant support requests and legal or regulatory obligations
  • Monitor app security, prevent abuse, and troubleshoot technical issues

We do not sell personal data. We do not use merchant or customer personal data for unrelated marketing purposes.

7. Legal Basis for Processing (EEA/UK)

Where applicable privacy laws require a legal basis, we rely on:

  • Performance of a contract — to provide the App to merchants who install and subscribe to it
  • Legitimate interests — to secure, maintain, and improve the App, prevent fraud, and support merchants
  • Legal obligations — to comply with applicable laws and respond to valid requests
  • Consent — where required for optional data collection, such as when a customer voluntarily submits a review

8. Data Sharing and Processors

We may share personal data only with service providers that help us operate the App, such as hosting, database, and infrastructure providers. These providers process data on our instructions and are required to protect it appropriately.

We may also disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Galaxy Web Links, merchants, customers, or others.

Shopify acts as an independent platform provider. Data accessed through Shopify APIs is also subject to Shopify's own privacy practices and merchant agreements with Shopify.

9. International Data Transfers

Galaxy Web Links may process and store data in countries outside the country where you or your customers are located, including outside the European Economic Area (EEA) and the United Kingdom.

Where required, we implement appropriate safeguards for international transfers, such as standard contractual clauses or equivalent protections recognized under applicable data protection laws.

10. Data Retention

We retain personal data only for as long as necessary to provide the App, fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Merchant account and app configuration data is retained while the App remains installed
  • Customer review data is retained until deleted by the merchant, removed through a privacy request, or deleted when the merchant uninstalls the App
  • Technical logs are retained for a limited period needed for security and operations, then deleted or anonymized

11. Data Subject Rights and GDPR Webhooks

Depending on your location, individuals may have rights to access, correct, delete, restrict, or object to certain processing of their personal data, and to request data portability.

The App implements Shopify's mandatory compliance webhooks, including:

  • customers/data_request — to identify customer review data associated with a data subject access request
  • customers/redact — to anonymize customer identity in stored reviews when a customer erasure request is received
  • shop/redact — to delete merchant-related app data after app uninstallation, in accordance with Shopify's data protection requirements

Merchants are responsible for responding to customer privacy requests for their stores. If you need assistance with a request related to data processed by the App, contact us using the details below.

12. Security

We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include access controls, encrypted connections (HTTPS), and secure application infrastructure.

No method of transmission or storage is completely secure. While we work to protect personal data, we cannot guarantee absolute security.

13. Children's Privacy

The App is intended for use by merchants operating Shopify stores and is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided personal data through the App, please contact us so we can take appropriate action.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the App, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of the App after an update constitutes acceptance of the revised policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact: