Privacy Policy

Google Reviews for Shopify · Last updated: 3 May 2026

This Privacy Policy describes how the Google Reviews Shopify app ("the App", "we", "us") collects, uses, and protects information when you install and use the App on your Shopify store.

1. Information We Collect

• Shop information. When you install the App, Shopify provides us with your shop domain, access token, and the access scope you granted (read_themes).
• App configuration. Settings you choose in the App, including the Google Place ID for your business, display preferences (style, columns, colors, refresh interval), and the timestamp of the last review refresh.
• Public Google review data. Reviews, ratings, reviewer display names, reviewer profile photo URLs, and Google Maps links retrieved from the Google Places API for the Place ID you configure. This data is publicly available on Google.

The App does not collect or store personal information about your customers (buyers). It does not request access to customer, order, or checkout data.

2. How We Use Information

• To display Google reviews on your storefront via the theme app extension.
• To cache reviews periodically so your storefront loads quickly and we stay within Google API quotas.
• To authenticate requests from your Shopify admin and storefront app proxy.

3. Third-Party Services

The App relies on the following services:

• Shopify — for app installation, authentication, and serving the embedded admin UI. See Shopify's Privacy Policy.
• Google Places API (New) — to fetch the review data shown on your storefront. See Google's Privacy Policy.
• Vercel — hosting provider for the App backend. See Vercel's Privacy Policy.
• Neon — managed PostgreSQL database used to store shop settings and cached reviews. See Neon's Privacy Policy.

4. Data Storage and Security

Data is stored in a managed PostgreSQL database with encryption at rest and TLS in transit. Access tokens are stored encrypted by Shopify's session storage adapter. We do not sell, rent, or share your data with any third party except as required to operate the App (see Section 3) or as required by law.

5. Data Retention and Deletion

• While the App is installed, we retain shop settings and cached reviews so the App can function.
• When you uninstall the App, the app/uninstalled webhook triggers immediate deletion of your shop's settings, cached reviews, and session tokens.
• As an additional safeguard, we honor Shopify's shop/redact compliance webhook (delivered approximately 48 hours after uninstall), which performs the same deletion.

6. GDPR / Shopify Compliance Webhooks

The App responds to all three mandatory Shopify compliance webhooks:

• customers/data_request — the App stores no customer personal information, so there is no data to return.
• customers/redact — the App stores no customer personal information, so there is nothing to redact.
• shop/redact — all shop-level data (settings, cached reviews, sessions) is permanently deleted.

7. Cookies

The App itself does not set cookies. The Shopify admin embeds the App in an iframe and uses Shopify's own session cookies for authentication; those cookies are governed by Shopify's privacy policy.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date above. Continued use of the App after changes are posted constitutes acceptance of the updated policy.

9. Contact

Questions about this policy or about your data can be sent to support@ui-chunx.com.