1. Overview
Amoni Reviews (“we”, “our”, or “Amoni”) is a Shopify application that enables merchants to collect, manage, and display product reviews on their storefronts. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
By installing or using Amoni Reviews, you (“Merchant”) and your customers (“Shoppers”) agree to the practices described in this policy.
2. Information We Collect
From Merchants (store owners)
- Shopify shop domain and access token (required to call Shopify APIs on your behalf)
- Shopify plan and billing status (to apply the correct feature tier)
- Widget configuration settings (colours, fonts, display preferences)
From Shoppers (your customers)
- Name and star rating submitted with a review
- Review title and body text
- Photos and videos uploaded alongside a review
- Order ID (used to verify that the reviewer purchased the product)
Automatically collected
- Server-side request logs (IP address, user-agent) retained for up to 30 days for security and debugging
- No tracking pixels, analytics SDKs, or third-party advertising cookies are used
3. How We Use Your Information
- To display reviews on your storefront via the Amoni Reviews widget
- To send post-purchase review request emails to your customers (only when you enable this feature)
- To generate AI-suggested review replies (Pro plan — processed via OpenAI; no data is retained by OpenAI for training)
- To verify purchases and mark reviews as “verified buyer”
- To enforce plan limits and process billing via Shopify’s billing API
- To respond to GDPR data requests and comply with applicable law
We do not sell, rent, or share personal data with third parties for advertising or marketing purposes.
4. Data Sharing & Sub-processors
We share data only with the following sub-processors, each bound by appropriate data processing agreements:
| Processor | Purpose | Data shared |
|---|---|---|
| Vercel Inc. | Hosting & edge compute | All request data in transit |
| Neon Inc. | PostgreSQL database | All stored review & install data |
| Vercel Blob (AWS S3) | Photo & video storage | Uploaded media files |
| Resend Inc. | Transactional email | Customer name, email, order reference |
| OpenAI LLC | AI reply suggestions (Pro plan only) | Review text (zero data-retention API) |
| Shopify Inc. | Platform, billing, OAuth | Access tokens, order data |
5. Data Retention
- Review data — retained while your app is installed. Deleted within 30 days of receiving a GDPR shop/redact webhook after uninstall.
- Customer personal data — anonymised or deleted within 30 days of receiving a GDPR customers/redact webhook.
- Uploaded media — deleted from Vercel Blob storage on the same schedule as the associated review.
- Server logs — retained for 30 days then automatically purged.
6. Your Rights (GDPR & CCPA)
If you or your customers are located in the European Economic Area, United Kingdom, or California, you have the following rights:
- Access — request a copy of personal data we hold
- Rectification — correct inaccurate data
- Erasure — request deletion of personal data
- Portability — receive data in a machine-readable format
- Restriction / Objection — limit or object to processing
To exercise any of these rights, email us at support@amoni.io. We will respond within 30 days.
Amoni Reviews honours Shopify’s mandatory GDPR webhooks (customers/data_request, customers/redact, shop/redact) automatically.
7. Security
- All data is transmitted over TLS 1.2+
- Shopify access tokens are stored in our database, which is encrypted at rest by our hosting provider (Neon)
- All webhook payloads are verified using HMAC-SHA256 signatures
- Admin API routes require a valid Shopify session token (App Bridge)
- We perform regular security reviews of our codebase
8. Cookies
Amoni Reviews does not set cookies on your storefront or your customers’ browsers. A short-lived HttpOnly cookie is set on the merchant’s browser only during the Shopify OAuth flow to prevent CSRF attacks. It expires within 10 minutes and is deleted immediately after authentication completes.
9. Children's Privacy
Amoni Reviews is a business-to-business service intended for Shopify merchants. We do not knowingly collect personal data from children under the age of 13. If you believe a child has submitted personal data, contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date above and, for material changes, notify merchants via email or an in-app notice. Continued use of Amoni Reviews after changes constitutes acceptance of the revised policy.
11. Contact
Questions, data requests, or complaints can be sent to:
Email: support@amoni.io
Live chat: amoni.io (available 8 am – 10 pm IST)
App: https://reviews.amoni.io