Your privacy is important to us. Learn how we collect, use, and protect your data.
Effective Date: January 1, 2026
Important Notice: NativeProof is a third-party application and is not affiliated with, endorsed by, or sponsored by Shopify Inc. Shopify is a registered trademark of Shopify Inc.
1. Overview
NativeProof ("we," "us," or "our") operates a product reviews application for Shopify stores. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install and use our application ("Service").
This policy applies to:
Merchants: Shopify store owners who install and use NativeProof
End Users: Customers of Shopify stores who submit reviews, photos, videos, or interact with NativeProof widgets
Your Consent: By installing NativeProof or submitting a review on a store using NativeProof, you consent to the collection and use of information as described in this Privacy Policy.
2. Information We Collect
2.1 Merchant Information
When merchants install NativeProof, we collect:
Data Type
Purpose
Source
Shop domain and name
Account identification and service delivery
Shopify OAuth
Store owner email
Account communications and support
Shopify OAuth
Access tokens
API authentication (encrypted at rest)
Shopify OAuth
Product information
Linking reviews to products
Shopify Admin API
Order data (limited)
Verified buyer detection
Shopify Admin API
2.2 End User Information
When customers submit reviews, we collect:
Data Type
Purpose
Required
Display name
Attribution on published reviews
Yes
Email address (hashed)
Verified buyer detection, duplicate prevention
Yes
Review content (text, rating)
Display on storefront
Yes
Photos and videos
Visual review content
Optional
IP address
Fraud prevention, spam detection
Automatic
2.3 Automatically Collected Information
We automatically collect certain technical information:
Browser type and version
Device type and operating system
Referring website URLs
Pages viewed and timestamps
General geographic location (country/region)
Privacy by Design: We hash customer email addresses using SHA-256 with a per-shop salt. We do not store plaintext customer emails in our database. This protects customer privacy while enabling verified buyer detection.
3. How We Use Your Information
3.1 Primary Purposes
Service Delivery: Displaying reviews on your storefront, processing review submissions
Verified Buyer Detection: Confirming purchases using order data and hashed emails
Google Shopping Feed: Generating XML feeds for Google Merchant Center
Review Request Emails: Sending automated emails to customers requesting reviews (when enabled by merchant)
Fraud Prevention: Detecting and preventing fake reviews and spam
Analytics: Providing merchants with review statistics and insights
3.2 Legal Bases for Processing (GDPR)
We process personal data based on the following legal grounds:
Contract Performance: Processing necessary to provide the Service to merchants
Legitimate Interests: Fraud prevention, security, service improvement
Legal Obligations: Compliance with applicable laws and regulations
3.3 What We Do NOT Do
Sell personal data to third parties
Use customer data for advertising outside the Service
Share data with data brokers
Profile customers for purposes unrelated to review functionality
4. Information Sharing
4.1 With Merchants
We share the following data with the Shopify store merchants who use our Service:
Review content (text, ratings, media) submitted by their customers
Reviewer display names and verified buyer status
Review submission timestamps and product associations
Aggregated analytics and statistics
4.2 With Service Providers
We may share data with trusted third-party service providers who assist us in operating our Service:
Cloud Infrastructure: Hosting and database services (data remains encrypted)
Email Services: For sending review request emails
Video Processing: For handling video review uploads (e.g., Cloudflare Stream)
Analytics: For understanding Service usage and performance
All service providers are contractually obligated to protect your data and use it only for the specified purposes.
4.3 With Google (For Shopping Feed)
If merchants enable the Google Shopping integration, review data (including reviewer display names and review content) is included in XML feeds submitted to Google Merchant Center.
4.4 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).
5. Data Storage & Security
5.1 Storage Location
Your data is stored on secure servers located in:
Primary: United States (AWS US-East / DigitalOcean NYC)
We implement industry-standard security measures including:
TLS 1.3 encryption for all data in transit
AES-256 encryption for sensitive data at rest (access tokens)
SHA-256 hashing with per-shop salts for email addresses
Regular security audits and vulnerability assessments
Access controls and authentication for administrative systems
Automated backups with encryption
HMAC-SHA256 webhook signature verification
No System is Perfect: While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your information.
6. Data Retention
6.1 Retention Periods
Data Type
Retention Period
Reason
Merchant account data
Duration of subscription + 90 days
Service delivery and support
Published reviews
Until deleted by merchant or data subject request
Storefront display
Hashed email addresses
Same as associated review
Verified buyer detection
Review media (photos/videos)
Until deleted by merchant or data subject request
Review content
Access logs
90 days
Security and fraud prevention
Backup data
30 days after primary deletion
Disaster recovery
6.2 App Uninstallation
When a merchant uninstalls NativeProof:
We receive notification via Shopify webhook
Account data is marked for deletion
Data is permanently deleted within 90 days
Review data stored in Shopify Metaobjects may remain on the merchant's store (managed by Shopify)
7. Your Privacy Rights
7.1 Rights for All Users
Regardless of your location, you have the right to:
Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate personal data
Deletion: Request deletion of your personal data
Data Portability: Request your data in a portable format
7.2 GDPR Rights (EU/EEA Residents)
If you are located in the European Union or European Economic Area, you have additional rights under GDPR:
Right to Restrict Processing: Request limitation of how we use your data
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
Right to Lodge a Complaint: File a complaint with your local data protection authority
7.3 CCPA Rights (California Residents)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
Right to Know: Request disclosure of data collection and usage practices
Right to Delete: Request deletion of personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your rights
Right to Opt-Out: We do not sell personal information
7.4 How to Exercise Your Rights
For End Users (Customers): Contact the Shopify store where you submitted your review. The merchant is the data controller and can process your request directly or forward it to us.
We will respond to valid requests within 30 days. We may request verification of your identity before processing your request.
8. Cookies & Tracking
8.1 Our Cookie Usage
NativeProof uses minimal cookies for essential functionality:
Session Cookies: For merchant dashboard authentication
Preference Cookies: To remember widget display settings
We do NOT use third-party advertising cookies or cross-site tracking on merchant storefronts.
8.2 Storefront Widgets
Our review widgets embedded on merchant storefronts:
Do NOT set any cookies on customer browsers
Do NOT use third-party trackers
Are rendered server-side via Shopify Liquid (no client-side data collection)
9. Children's Privacy
NativeProof is not directed to children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@aispree.cloud.
If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.
For transfers from the EU/EEA to countries not deemed adequate by the European Commission, we rely on:
Standard Contractual Clauses (SCCs) approved by the European Commission
Additional technical and organizational safeguards
By using our Service, you consent to the transfer of your information to our facilities and to the facilities of third parties with whom we share it as described in this policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
11.1 Notification of Changes
For material changes, we will provide notice through:
Email notification to merchants at their registered email address
A prominent notice in the NativeProof application dashboard
Update to the "Effective Date" at the top of this policy
11.2 Your Continued Use
Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree with the updated policy, you should discontinue use of the Service.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Response Time: We aim to respond to all privacy-related inquiries within 30 days.
For general support questions, please visit our Help Center or contact us through the Shopify App Store.
Third-Party Notice: NativeProof is an independent third-party application and is not affiliated with, endorsed by, or sponsored by Shopify Inc. "Shopify" and the Shopify logo are registered trademarks of Shopify Inc.