Privacy Policy

Last updated: March 19, 2026

1. Information We Collect

From Merchants: Shop information, product data, order data (customer email and name for review request emails), and Shopify authentication tokens.

From Customers: Name, email address, star rating, review text, optional photos, questions, and community answers submitted through storefront widgets.

We do not use cookies, trackers, or analytics on storefront widgets. We do not collect IP addresses or device information from store visitors.

Our marketing website (pearlily.app) uses Vercel Web Analytics, a privacy-friendly, cookieless analytics service that collects no personal data.

2. How We Use Information

• Send review request emails on the merchant's behalf
• Display reviews, Q&A, and ratings on the merchant's storefront
• AI-powered content moderation (spam detection)
• AI sentiment analysis and insight generation

Customer email addresses are never displayed publicly and are not shared with third parties.

3. AI Processing

Review content, questions, and community answers may be processed by AI (Anthropic's Claude) for content moderation and sentiment analysis. Only the text content is sent to AI — email addresses are never included. AI processing occurs only on Growth and Pro plans when enabled by the merchant.

4. Data Storage and Security

All data is stored in a PostgreSQL database hosted on Render (US-based). Data is encrypted in transit via TLS/HTTPS. Database connections use SSL encryption. Access to production databases is restricted to authorized personnel.

5. Data Retention

Review and Q&A data is retained for as long as the merchant's app is installed. All data is deleted when the merchant uninstalls the app or requests deletion. Customer email addresses are not stored in any marketing database.

6. Data Sharing

We do not sell, rent, or share personal information except with:

• Anthropic (Claude AI): Review text only (not emails) for moderation and analysis
• Render: Our hosting provider
• Cloudflare: Photo storage (R2)

7. Customer Rights (GDPR / CCPA)

Customers can exercise their data rights by contacting the merchant. We automatically handle Shopify's GDPR webhooks for data requests, data deletion, and shop data erasure.

8. Changes

We may update this policy from time to time. Continued use of the app constitutes acceptance.

9. Contact

For privacy-related questions: privacy@pearlily.app