Reviewbird

Privacy Policy

Effective Date: March 13, 2026 Last Updated: March 13, 2026

Reviewbird, a product of Clif Griffin Development Inc ("we," "us," or "our"), operates a review management platform that integrates with e-commerce platforms including Shopify. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our services.

1. Information We Collect

Customer Data (processed on behalf of merchants)

  • Contact information: Names and email addresses from orders
  • Order data: Order IDs, product details, order dates, and fulfillment status
  • Review content: Star ratings, written reviews, photos, and videos submitted by customers
  • Technical identifiers: IP addresses collected during review submission for fraud prevention

Merchant Data

  • Account information: Name, email address, and store URL
  • Billing information: Processed securely through Shopify Billing or Stripe
  • Usage data: Feature usage, settings, and preferences

2. How We Use Information

We process personal data for the following purposes:

  • Review collection and display: Sending review request emails and displaying reviews on your store
  • Email notifications: Transactional emails related to review requests, responses, and moderation
  • Fraud prevention: Detecting and preventing fraudulent or duplicate reviews
  • Service improvement: Analyzing usage patterns to improve our platform
  • Customer support: Responding to merchant and customer inquiries

3. Data Retention

  • Order data: Automatically purged after 90 days from sync. Only the data necessary for active review requests is retained beyond this period.
  • Review content: Retained for as long as the merchant's account is active. Upon account deletion, review data enters a 60-day soft-delete period before permanent removal.
  • Customer contact information: Retained only as long as necessary for review collection. Customer data associated with purged orders is deleted alongside the order data.
  • Audit logs: Retained for 12 months for security and compliance purposes.

4. Data Security

We implement industry-standard security measures to protect personal data:

  • Encryption at rest: Customer personally identifiable information (PII) is encrypted using AES-256 encryption
  • Encryption in transit: All data transmitted between your browser and our servers uses TLS encryption
  • Blind indexing: We use HMAC-based blind indexes for searching encrypted data, ensuring PII is never stored in plaintext
  • Access controls: Strict role-based access controls limit who can access personal data
  • Audit logging: All access to and modifications of customer data are logged

5. Your Rights Under GDPR and Applicable Privacy Laws

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate personal data
  • Right to erasure: Request deletion of your personal data
  • Right to data portability: Request your data in a structured, machine-readable format
  • Right to restrict processing: Request that we limit how we process your data
  • Right to object: Object to processing of your personal data

How to Exercise Your Rights

  • Merchants: Contact us at [email protected]
  • End customers: Contact the merchant who collected your data, or email us directly at [email protected]
  • Shopify stores: We process GDPR data requests (access, deletion, and portability) received through Shopify's mandatory GDPR webhooks automatically

We will respond to all valid requests within 30 days.

6. Third-Party Services

We use the following third-party services in the course of providing our platform:

  • Shopify: E-commerce platform integration and billing
  • Cloud infrastructure providers: For hosting and data storage
  • Email delivery services: For sending review request and notification emails

We do not sell personal data to third parties. We share data with third-party services only as necessary to operate our platform.

7. Cookies and Tracking

Our application does not use tracking cookies for advertising purposes. We use essential cookies for session management and authentication.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of material changes via email or in-app notification. Continued use of our services after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: [email protected]