At Feedback Guru, we prioritize the privacy and security of both merchants and their customers. As a trusted Shopify Partner, we strictly adhere to Shopify’s Data Protection Requirements and global privacy laws such as the GDPR and CCPA. This ensures that your data is handled responsibly, transparently, and in full compliance with all applicable regulations.

1. Data Minimization and Purpose Limitation

We collect and process only the minimum amount of personal data necessary to deliver our services. In accordance with Shopify’s standards:

• Our app requests only the API scopes required for core functionality.
• Access to customer personal data is strictly limited to scenarios where it is essential.
• Every request for sensitive data must be reviewed and approved within the Shopify Partner Dashboard.

2. Transparent Data Usage

Our Privacy Policy clearly explains:

• What personal data we process.
• Why we process it.
• How long we keep it.
• Who to contact for inquiries or rights requests.

We make this transparent to help both merchants and customers understand our practices and meet their own compliance obligations.

3. Secure Data Handling & Encryption

At Feedback Guru, data protection is built into every layer of our system:

• Encryption in Transit: All data moving between Shopify, our servers, and your browser is encrypted using TLS.
• Encryption at Rest: We use industry-standard AES-256-GCM envelope encryption to secure all stored customer data.
• Access Control & MFA: Access to personal data is restricted to authorized personnel with enforced multi-factor authentication.

These protocols ensure end-to-end protection of sensitive information.

4. Data Retention and Deletion

We do not retain personal data longer than necessary. Once data is no longer required - for instance, once review request is sent - it is:

• Securely deleted from our systems.
• Automatically purged according to our data lifecycle policies.
• Removed in response to Shopify-provided data erasure requests under GDPR or CCPA.

We are committed to full lifecycle privacy—from collection to deletion.

5. Support for Data Subject Rights

When customers exercise their rights under privacy laws, and Shopify forwards those requests to us:

• We promptly act on access and erasure requests using Shopify's webhook systems.
• We honor requests within required timeframes.
• We log all completed requests for compliance tracking.

This ensures that end customers remain in control of their data.

6. Data Loss Prevention Strategy

Safeguarding your data against loss is just as important as protecting it from misuse. That’s why we’ve implemented a robust Data Loss Prevention (DLP) strategy focused on:

• Reliable Backups: We regularly create secure backups of customer data.
• Off-Host Storage: Backups are stored in secure environments separate from our main public hosting infrastructure.
• Redundancy & Recovery: This layered approach allows us to quickly restore data in the unlikely event of accidental loss, service disruption, or infrastructure failure.

In short, your data isn’t just safe—it’s recoverable, even under unexpected circumstances.

7. Continuous Compliance & Monitoring

We stay up to date with evolving privacy requirements and Shopify partner guidelines by:

• Updating our data handling policies and technical practices as notified.
• Conducting internal reviews to identify and address any new risks.

Questions?
We’re here to help. Contact our team at support@feedback.guru if you’d like to learn more about how we protect your data—or how to exercise your privacy rights as a merchant or customer.

Your trust powers everything we do.

‍