Privacy Policy

This Privacy Policy describes how Loxx (the “App”, “we”, “us”, or “our”) collects, uses, and shares personal information when a merchant installs or uses our product-reviews application on their Shopify store, and when shoppers interact with the review features the App provides.

1. Who this policy applies to

Loxx is a Shopify app that lets merchants collect, moderate, and display product reviews on their storefront. This policy covers two groups of people:

• Merchants — Shopify store owners and staff who install and use the App.
• Shoppers — customers of those merchants who submit reviews or whose review content is displayed on a merchant’s storefront.

2. Information we collect

From the merchant’s Shopify store

When a merchant installs the App, we receive information through the Shopify API that is necessary to operate the service, including:

• Store details such as shop domain, store name, and primary contact email.
• Product information (titles, handles, and identifiers) so that reviews can be matched to the correct products.
• Order and fulfillment events, used to send post-purchase review requests and to mark reviews as “verified purchase” where applicable.

From shoppers who submit reviews

• The reviewer’s name (or display name) and, where provided, email address.
• The review content: star rating, written text, and any photos the shopper chooses to upload.
• Technical metadata associated with the submission, such as the date and time and the product the review relates to.

Information we do not collect

We do not collect payment card details, and we do not request or store more personal information than is needed to display and manage product reviews.

3. How we use information

• To display reviews on the merchant’s storefront in the layout they select.
• To provide moderation tools so merchants can approve, schedule, or remove reviews.
• To send post-purchase requests inviting shoppers to leave a review (when enabled by the merchant).
• To import existing reviews when a merchant migrates from another platform.
• To provide aggregated analytics to the merchant (for example, total reviews and average rating).
• To operate, maintain, secure, and improve the App.
• To comply with our legal obligations.

4. How we share information

We do not sell personal information. We share information only as needed to provide the service:

• Shopify — the App runs on Shopify’s platform and exchanges data with the store it is installed on.
• Service providers (sub-processors) — we use trusted infrastructure providers to host the application and store data, including a managed PostgreSQL database and object storage (Cloudflare R2) for uploaded review photos. These providers process data only on our instructions.
• Legal compliance — we may disclose information if required by law or to protect the rights, property, or safety of our users or others.

5. Review content shown on the storefront

Reviews approved by the merchant — including the reviewer’s display name, rating, text, and any uploaded photos — are shown publicly on the merchant’s storefront. Shoppers should not include sensitive personal information in review content.

6. Data retention

We retain review and store data for as long as the App remains installed on the merchant’s store, or as needed to provide the service. When a merchant uninstalls the App, or upon a valid deletion request, the associated data is deleted in accordance with the timelines described in the next section and Shopify’s requirements.

7. Your rights and Shopify data requests

Depending on where you live, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. To exercise these rights, contact us using the details below.

In line with Shopify’s requirements, the App honors the following mandatory privacy webhooks:

• customers/data_request — when a shopper requests their data from a store, we provide the merchant with the review data we hold about that shopper.
• customers/redact — when a store requests deletion of a shopper’s data, we delete the personal information and review content associated with that shopper.
• shop/redact — 48 hours after a merchant uninstalls the App, we delete the store’s data from our systems.

8. Data security

We use reasonable technical and organizational measures to protect personal information, including encrypted connections (HTTPS) and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. International transfers

Your information may be processed and stored in countries other than your own. Where required, we take steps to ensure appropriate safeguards are in place for such transfers.

10. Children’s privacy

The App is not directed to children, and we do not knowingly collect personal information from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be communicated where appropriate.

12. Contact us

If you have questions about this Privacy Policy or our data practices, contact us at loxxsupport@gmail.com.