Privacy Policy

This Policy applies to Franko Reviews, including the Shopify app, theme app extension, merchant dashboard, review request emails, hosted review collection pages, storefront widgets, and support communications. It does not replace a merchant's own privacy policy for their store.

Depending on how a merchant uses the app, Franko Reviews may process:

• Merchant and store data: shop domain, store name, store branding, Shopify installation details, app settings, subscription status, support contact details, and theme installation state.
• Product and catalog data: product identifiers, handles, titles, images, descriptions, collections, and product-page information needed to request and display reviews.
• Order and customer data from Shopify: order identifiers, fulfillment status, customer name, email address, product purchased, line items, and review eligibility data.
• Review data: ratings, review text, generated draft text, review titles, photos, conversation transcripts, moderation status, public replies, verification metadata, and submission timestamps.
• Email and event data: review request delivery status, unsubscribe status, bounce or complaint events, and basic message metadata.
• Technical data: IP address, browser or device information, request logs, error logs, security logs, and usage events needed to operate and secure the service.

We use data to:

• Install, authenticate, and operate the Shopify app.
• Sync products and eligible fulfilled orders.
• Send review request emails when enabled by the merchant.
• Host review collection pages and process customer submissions.
• Generate review drafts, product context, and review conversation guidance.
• Display approved reviews and aggregate ratings on storefront widgets.
• Provide moderation, import, support, troubleshooting, analytics, and security.
• Comply with legal obligations, Shopify requirements, and data subject requests.

Franko Reviews may use AI providers to analyze product context, ask review questions, summarize customer feedback, and assist with review drafts. We aim to send only the data needed for the relevant feature. Merchants remain responsible for reviewing and approving content before publishing it.

Where privacy laws require a legal basis, we process merchant account data to perform our contract with the merchant, customer and order data to provide the review service requested by the merchant, operational data for legitimate interests such as security and debugging, and certain records where required by law.

We do not sell personal data. We may share data with service providers that help operate Franko Reviews, such as hosting, database, email delivery, AI processing, logging, and customer support providers. These providers may include Shopify, Vercel, Supabase, Resend, and AI model providers used for review or product-context features. We may also disclose data if required by law or to protect Franko, merchants, customers, or the public.

We keep data only as long as needed for the service, legal compliance, security, and legitimate business purposes. Typical retention periods are:

• Merchant app settings: while the app is installed, then deleted or anonymized after uninstall processing.
• Order/customer review request data: while needed to send requests, verify reviews, handle unsubscribes, and support compliance requests.
• Review content: retained while the merchant uses Franko Reviews unless deleted, redacted, or removed by request or policy.
• Operational logs: retained for a limited period for security, debugging, and abuse prevention.

Shopify requires public apps to support privacy compliance webhooks. Franko Reviews is configured to receive:

• customers/data_request: used to help provide data associated with a customer request.
• customers/redact: used to delete or redact customer personal data when Shopify sends a valid deletion request.
• shop/redact: used to delete or redact store data after the app is uninstalled and Shopify sends the shop deletion request.

Customers can choose whether to submit a review. Review request emails include an unsubscribe option where required. Customers who want to access, correct, or delete data connected to a Shopify store should contact the merchant first, because the merchant is the primary controller of the customer relationship. We will support merchants and Shopify in responding to valid requests.

We use administrative, technical, and organizational measures designed to protect data, including HTTPS, access controls, credential protection, webhook verification, and limited access to production systems. No system is perfectly secure, and we cannot guarantee absolute security.

Franko Reviews and our service providers may process data in countries other than where a merchant or customer is located. Where required, we rely on appropriate transfer mechanisms and contractual protections.

Franko Reviews is intended for ecommerce merchants and customers reviewing purchases. It is not directed to children, and merchants should not use Franko Reviews to knowingly collect personal data from children where parental consent is required.

We may update this Policy from time to time. If we make material changes, we will take reasonable steps to notify merchants, such as updating the in-app notice or changing the "Last updated" date.

Questions or requests about privacy can be sent to fletcher@franko.ai. You can also review the Franko Reviews Terms of Service.