Privacy Policy: Shopify Apps by Reputon

Effective date: May 9, 2023

Reputon, (hereinafter referred to as "we," "our," "us," or "Reputon") offers applications (as described below) to Shopify merchants (hereinafter referred to "you," "your"). It is important to note that your use of Shopify is subject to Shopify's legal documents. This Privacy Policy applies exclusively to the use of Reputon Apps and explains how we collect, use, disclose, and process Personal Information.

Reputon Apps include, but are not limited to, the following:

  1. Reputon Customer Reviews

  2. Reputon Google Reviews

  3. Reputon Testimonials Slider

  4. Reputon Etsy Reviews

  5. Reputon Amazon Reviews

  6. Reputon Facebook Reviews

  7. Reputon Aliexpress Reviews

  8. Reputon Ebay Reviews

  9. Reputon Amazon Channel

  10. Reputon Blog & Page Builder

This Policy outlines our practices and commitments under the General Data Protection Regulation 2016/679 (the "GDPR"), to the extent that the Services are offered to users in the European Economic Area and the United Kingdom. We might update this Privacy Policy. The use of information we collect now is subject to the Privacy Policy in effect at the time such information is used.

If you have any inquiries or concerns about privacy matters at Reputon, please contact us at info@reputon.com. We highly value your privacy and will make every effort to alleviate any concerns.

Data transfer mechanisms

By using our services, you acknowledge and agree that your Personal Data may be transferred to or stored on computers or servers located in the United States. As many of our external third-party service providers operate outside of the UK, the processing of your Personal Data may require the transfer of data outside of the US.

We only transfer Personal Data to countries that are deemed to provide an adequate level of protection for Personal Data.

For certain service providers, we use specific contracts that have been approved for use in the UK and that provide Personal Data with the same level of protection it would have in the US.

If you would like more information on the specific mechanisms we use to transfer your data, please do not hesitate to contact us.

Data we collect

It should be noted that the extent of data accessible to us is primarily governed by Shopify. Upon installation of the App, we are able to automatically obtain specific categories of data from your Shopify account:

  1. All Apps have access to SHOP INFORMATION via Shopify’s Shop API such as shop’s email address, domain, email, country, etc. The full list of this data can be found here https://shopify.dev/docs/api/admin-rest/2023-04/resources/shop
     
  2. The Customer Reviews and Amazon Channel Apps have access to ORDER INFORMATION, such as order id, order number, product title, product id, tracking number, tracking url, total price, customer name, customer address.
     
  3. The App Customer Reviews has access to CUSTOMER INFORMATION, such as full name and email.

Important: It is essential to note that the Apps do not download, store, or process any data that is part of the CUSTOMER INFORMATION and ORDER INFORMATION. However, these Apps can potentially access this data as it is automatically provided by Shopify.

How do we use your data?

Please find below a description of the data we have access to.

  1. All Apps have access to SHOP INFORMATION for billing purposes and also to be able to provide services that require access to Shopify's Shop API scope.
     
  2. The App Reputon Customer Reviews needs to send automatic emails to your customers based on their orders, which requires access to CUSTOMER INFORMATION and ORDER INFORMATION.
     
  3. The App Reputon Amazon Channel needs to sync Shopify and Amazon orders, price, and inventory, which requires access to ORDER INFORMATION and Amazon ID, price, status and date creation. On top of this, the app requires access to product listings on Amazon, including title, description, ASIN, SKU, image url, available quantity, color, and brand.
     
  4. Reputon widgets (Google Reviews, Amazon Reviews, Facebook Reviews, Etsy Reviews, Ebay Reviews, Aliexpress Reviews) needs to import the corresponding reviews, which require access to shop name, shop domain, email, country, owner name, phone, Shopify plan name.
     
  5. The App Reputon Blog & Page Builder needs to be able to import documents from Google Drive to your Shopify store page, which requires access to the titles of imported documents and their IDs in Google and Shopify.
     
  6. The App Reputon Testimonials Slider needs to be able to display reviews left by your customers, which requires their name and email.

Cookies and similar technologies

Our Apps use functional cookies only. Without these cookies, the Apps would not be able to work correctly. We do not use any marketing or advertising cookies in our Apps.

Security policy

This statement acknowledges that the security of personal data is a top priority for us, and we use commercially acceptable means to protect it. However, it also highlights the fact that no method of transmission over the Internet or electronic storage is completely secure, and that we cannot guarantee the absolute security of personal data

There are several reasons why it is difficult to guarantee the absolute security of personal data. Firstly, there are constantly evolving cyber threats, and new vulnerabilities and attack vectors are discovered all the time. Secondly, there is always the risk of human error, such as employees accidentally disclosing sensitive information or falling for phishing scams. Finally, there are external factors such as natural disasters or power outages that can compromise data security.

Despite these challenges, the company takes a proactive approach to data security, implementing a range of measures to protect personal data. Additionally, we may have policies and procedures in place to limit access to personal data to authorized personnel only, and to monitor data usage and activities to detect any potential security risks.

Data retention

We will keep your Personal Data for a duration that is reasonably necessary to accomplish the objectives for which it was obtained, which includes fulfilling any legal, regulatory, tax, accounting, or reporting obligations. If there is a complaint or we have reason to believe that there is a possibility of legal action concerning our relationship with you, we may hold onto your Personal Data for an extended period. 

When deciding on the appropriate duration for retaining Personal Data, we take into account several factors, including the amount, nature, and sensitivity of the data, the potential risks of unauthorized access or disclosure, the purposes for which we are processing the Personal Data and whether we can accomplish these objectives through alternative methods, and the relevant legal, regulatory, tax, accounting, or other obligations.

If you would like your information to be erased, you may make such a request (please see "Your Legal Rights" below for more details). Alternatively, we may anonymize your Personal Data for research or statistical purposes, rendering it no longer attributable to you. In this case, we may use the anonymized information indefinitely without providing further notification to you.

In Reputon Amazon Channel app, the PII data is kept for 40 days after order shipments.

Once any of Reputon Apps is removed, we would erase any Personal Data within 60 days.

Data loss prevention strategy

We conducts a risk assessment to identify the types of sensitive data it holds and the potential risks of data loss. This includes analyzing the types of data that are most at risk of being lost, such as customer data, intellectual property, and confidential business information.

We implements security measures such as authentication, authorization, and encryption to control access to sensitive data. This includes using access controls to limit who can access sensitive data, and encryption to protect data that is in transit or at rest.

Reputon monitors data usage and activities to detect unauthorized access or exfiltration. This includes using data loss prevention tools to monitor network traffic and detect any attempts to access or transfer sensitive data.

Your legal rights

We firmly believe that you have the right to access and manage your Personal Information held by us. You can request the correction, update, or deletion of your Personal Information. If you wish to exercise this right, kindly contact us at info@reputon.com.

We will promptly respond to your requests within one month of receiving them, unless we require more time due to the complexity of the request. In such cases, our response time may take up to three months in total.

Rights of European residents: 

As a European resident, you have the right to access, correct, delete, object to, or restrict how we process or share your data. You can request relevant actions by sending us an email at the address specified above. If your data processing relies on explicit consent, you can withdraw your consent at any time by sending us a relevant request via email.

Rights of California residents: 

In accordance with the California Consumer Privacy Act (CCPA), we will respond to your verifiable request within 45 days of receiving it. If we need more time (up to 90 days), we will inform you in writing about the reason and extension period. We will provide our written response by email.

Right to opt out:

As per CCPA, each California resident can request that a business stops selling their data to third parties. However, we do not provide or sell your data in exchange for money. Hence, you can ensure that we do not sell your data.

Other rights: 

You have the right to know what data we collect. You can ask us to disclose what data we have collected over the past 12 months and receive a free copy of your data. You can also request us to delete the data we have collected over the past 12 months. We will not discriminate against you for exercising any of your CCPA-granted rights.

Mandatory verification:

As required by CCPA, we need to verify your identity before processing your request. To do so, we typically match the information you provide us with the information we have on record. In certain cases, we may decline your request if we cannot verify your identity, such as when you ask us to delete your data.