Voice Reviews ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application.
1. Information We Collect
A. Information from Merchants
When merchants install our app, we collect:
- Shop Information: Store name, domain, contact email
- Product Information: Product IDs and names for reviews
- Usage Data: App settings, preferences, and feature usage
B. Information from Customers
When customers submit voice reviews, we collect:
- Audio Recordings: Voice reviews submitted by customers
- Transcriptions: Text transcriptions of audio reviews
- Rating Data: Star ratings provided by customers
- Optional Information: Customer name and email (if provided)
- Consent Records: Date and time of consent to recording
C. Automatically Collected Information
- Technical Data: IP address, browser type, device information
- Usage Data: Pages accessed, features used, timestamps
- Performance Data: Error logs, API response times
2. How We Use Your Information
We use the collected information for:
- Service Delivery: Providing voice review functionality to merchants and customers
- Transcription: Converting audio reviews to text using AWS Transcribe
- Sentiment Analysis: Analyzing customer sentiment using AWS Comprehend
- Dashboard Display: Showing reviews to merchants in their dashboard
- App Improvement: Analyzing usage patterns to improve our service
- Support: Responding to merchant and customer inquiries
- Legal Compliance: Meeting legal and regulatory requirements
3. Data Storage and Security
Storage Locations
- Audio Files: Stored in Amazon S3 (AWS Sydney region - ap-southeast-2)
- Database: MongoDB Atlas (configurable region)
- Application: Hosted on Heroku
Security Measures
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for stored data
- Access controls and authentication
- Regular security updates and monitoring
- Secure API communication with Shopify
Note: While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.
4. Third-Party Services
We use the following third-party services to provide our functionality:
A. Amazon Web Services (AWS)
- S3: Audio file storage
- Transcribe: Audio-to-text transcription
- Comprehend: Sentiment analysis
AWS Privacy Policy: https://aws.amazon.com/privacy/
B. MongoDB Atlas
- Purpose: Database hosting and management
MongoDB Privacy Policy: https://www.mongodb.com/legal/privacy-policy
C. Shopify
- Purpose: App platform and merchant authentication
Shopify Privacy Policy: https://www.shopify.com/legal/privacy
5. Data Sharing and Disclosure
We do not sell your personal information. We may share data in the following circumstances:
- With Merchants: Customer reviews are shared with the merchant whose products are being reviewed
- Service Providers: AWS, MongoDB, and other essential service providers
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- With Your Consent: When you explicitly consent to sharing
6. Data Retention
We retain data for the following periods:
- Active Merchants: Data retained while the app is installed
- After Uninstall: All merchant data is deleted within 30 days
- Customer Reviews: Retained as long as the merchant's account is active
- Backup Data: Deleted from backups within 90 days
7. Your Rights and Choices
For Merchants:
- Access: View all data we have about your store
- Export: Download your data in CSV format
- Delete: Request deletion of all data by uninstalling the app
- Modify: Update settings and preferences through the dashboard
For Customers:
- Access: Request a copy of your reviews by contacting the merchant
- Delete: Request deletion of your reviews by contacting the merchant
- Opt-out: Choose not to provide optional information (name, email)
8. GDPR Compliance (European Users)
If you are located in the European Economic Area (EEA), you have additional rights under GDPR:
- Right to Access: Obtain confirmation of data processing and access your data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restriction: Request restriction of processing
- Right to Portability: Receive your data in a structured format
- Right to Object: Object to processing of your data
- Right to Withdraw Consent: Withdraw consent at any time
Legal Basis for Processing:
- Consent (for audio recordings)
- Contract performance (for merchants)
- Legitimate interests (for service improvement)
9. Children's Privacy
Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 13, we will delete it immediately.
10. California Privacy Rights (CCPA)
California residents have the right to:
- Know what personal information is collected
- Know whether personal information is sold or disclosed
- Access personal information
- Request deletion of personal information
- Opt-out of the sale of personal information (we do not sell data)
- Non-discrimination for exercising privacy rights
11. Australian Privacy Principles (APP)
For Australian users, we comply with the Australian Privacy Act 1988 and the Australian Privacy Principles. Your data is primarily stored in AWS Sydney region (Australia).
12. Cookies and Tracking
We use minimal cookies and tracking technologies:
- Essential Cookies: Required for app functionality and authentication
- Analytics: To understand app usage and improve performance
You can disable cookies through your browser settings, but this may affect app functionality.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Posting a notice in the merchant dashboard
- Sending an email to registered merchants
- Updating the "Last Updated" date at the top of this policy
Continued use of the app after changes constitutes acceptance of the updated policy.
14. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovery
- Provide details about the nature of the breach
- Outline steps we are taking to address the breach
- Advise on actions you can take to protect yourself
15. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:
- Standard contractual clauses
- Data processing agreements with service providers
- Compliance with local data protection laws