Privacy Policy

Privacy Policy

Welcome to Rivyo, your trusted provider of customer review solutions. Our team is dedicated to offering innovative and cutting-edge solutions through our app, exclusively designed for merchants leveraging the Shopify platform for their websites. At Rivyo, we understand the power of customer feedback and aim to empower businesses with tools to collect, manage, and showcase reviews effortlessly.

This Privacy Policy (for App and Website Visitors) is an integral part of our Terms of Service. It details how we collect, use, and protect your personal information as an App or Website Visitor. We prioritize your privacy and comply with all relevant policies and procedures.

We take data protection seriously and are committed to adhering to applicable laws, including the General Data Protection Regulation (GDPR). Our dedication to safeguarding your personal information is a top priority, and we have implemented robust measures to ensure compliance and protect your privacy.

The Service is intended for individuals aged 18 and above. We do not knowingly collect information or data from individuals under the age of 18, nor do we permit individuals under 18 to use the Service. Protecting the privacy and safety of children is paramount to us.

Please note that this policy is subject to occasional updates. We will ensure any modifications are prominently displayed on our service before they take effect. If we have your email address on file, we will make reasonable efforts to notify you via email about significant changes to this policy.

Information Collection and Purpose

What We Collect and Why

When you install or access the Service, we collect certain data for the following purposes:

Identification: We gather information to accurately identify you and ensure the smooth operation of the Service. This allows you to fully utilize its features and functionality.

Technical Support: The collected data enables us to provide necessary technical support and assistance, including delivering updates and other relevant communications related to the service.

Information Obtained from Your Shopify Account

We collect the following details from your Shopify account:

Full Name: To accurately identify you and personalize your experience with the service.

Address: To ensure proper communication and provide location-specific services if applicable.

Email Address: To communicate important information, updates, and notifications regarding the service.

Cell Phone Number: To facilitate communication and deliver relevant updates or notifications.

Additionally, we obtain information related to your Shopify store to enhance functionality.

Information Collected During Service Usage

Device Information and Analytics: When using the Service, we collect device information and analytics for the following purposes:

Security and Monitoring: We use this data to ensure the Service's security and detect potential security breaches or unauthorized activities.

Interaction Analysis: By analyzing how you interact with the Service, we can personalize your experience, optimize development, and improve overall functionality.

Gathering Meta Data and Analytics Information:

To optimize the service and gain valuable insights, we collect the following information:

Meta Data: This includes details about your computer or mobile device, operating system, and browser. It helps us ensure compatibility and deliver an enhanced user experience.

Analytics Information: We collect data on your service usage, such as frequency, scope, actions taken, and interactions made. Additionally, we gather analytics about your store to provide valuable insights for improved performance.

Contacting Us and Referral Links

When you reach out to us through our service or request a referral link, we use the information provided for the following purposes:

• Operating the Service: Ensuring the functionality and features of the Service.
• Responding to Inquiries: Addressing and responding to your inquiry or request.
• Business Development: Engaging in business development activities.

When you submit an inquiry, we collect the following information: Full Name, Email, URL, Business Type, and any additional details you provide. While you are not legally obligated to provide this information, please note that if you choose not to share it with us, we may be unable to effectively respond to your inquiry.

Consent for Marketing Purposes

When you provide consent for us to use your information for marketing purposes, we may use it to deliver promotional materials, offers, and updates related to our products or services.

We will use your information to send you marketing communications about our services, including updates on new services that may be relevant to you. If you wish to opt out of receiving these communications, you can email us at hi@rivyo.com or unsubscribe by following the instructions provided in our marketing emails. By opting out, we will stop using your information for marketing purposes but will continue to process the necessary information to provide you with the service.

Use of Cookies on the Service

We use cookies on the service to:

• Fulfill specific features requested by app and website visitors.
• Analyze service usage to assess and enhance performance.
• Improve the overall app or website visitor experience.
• Deliver personalized ads that align with the app or website visitor interests.

During your use of the service, we capture information such as your IP address, access timestamp, device type, browser details, preferred language, interactions, and actions performed while using the Service.

Personal Information Collection Methods and Sources

We collect personal information from various sources, including:

Shopify Integration: When you install and use the service via the Shopify app store, we receive information directly from Shopify.

Direct Interaction: Personal information you provide through our service contact forms and email communications.

Shopify Store Customers: Information from customers of Shopify stores who use the service or leave reviews.

Service Providers: Personal information shared by our service providers who assist with the operation of the service.

Device and Analytics: Personal information collected through your device, including third-party cookies, analytics tools, and our internal event tracking system.

Personal Information Disclosure

We do not disclose your personal information to third parties, except in the following situations or with your express, informed consent:

Service Providers: We share your personal information with our service providers solely to help us operate our business and the service. They are not permitted to use your information for marketing purposes. Our service providers include:

• Digital Ocean
• CloudFlare Inc.
• Helpscout
• Sendinblue
• Mailerlite

Legal Obligations: If required by law, we may disclose your information to competent authorities. This includes responding to, handling, and mitigating suspected legal violations related to our business, which may involve communication with legal counsels and advisors.

Regulatory Requests: If a judicial, governmental, or regulatory authority mandates the disclosure of your information, we may be obligated to comply with such requests.

Business Changes: In the event of a reorganization, merger, or acquisition of our business, we may share your information to facilitate these changes. This includes sharing with the new entity involved in the transaction and their legal counsel and advisors.

Data Retention and Security

We will retain your information as long as necessary to operate the service, conduct our business, and maintain our interactions with you. We may also keep your personal information beyond this period to meet legal obligations, resolve disputes, establish and defend legal claims, and enforce our agreements. Our general retention period is approximately 10 years to comply with record-keeping requirements and ensure data security.

To minimize risks of data damage, loss, and unauthorized access or use, we have implemented security measures. However, please be aware that no security measure can guarantee absolute protection. While we strive to protect your personal information, we cannot ensure it will be entirely free from security risks.

Additional Information for EU and UK Residents

For individuals residing in the European Union (EU) or the United Kingdom (UK), the processing of your personal information is governed by the General Data Protection Regulation (GDPR) and other applicable data protection laws. In addition to the information provided in this privacy policy, please note the following:

Rivyo acts as both the data controller and data processor for the personal information described in this Policy. As the data controller, Rivyo is responsible for the personal information collected from an app and website visitors. When processing personal information on behalf of users, Rivyo functions as the data processor, by our Data Processing Addendum and Privacy Policy for Merchant's Customers.

International Data Transfers

If we need to transfer your information from the EU to countries outside the European Commission's list of countries with adequate data protection, we will ensure this is done in compliance with a data transfer agreement. This agreement will include standard data protection clauses that provide appropriate safeguards as required by the EU Commission and the UK Information Commissioner’s Office.

Legal Basis for Processing Personal Data

Service Operation: We process your data to operate the service and ensure its features and functionality. This processing is necessary for fulfilling our contractual obligations under the Terms of Service and is based on our legitimate interest in providing a reliable and user-friendly experience.

Technical Support and Assistance: Processing your data for technical support and assistance is justified by our legitimate interest in promoting our business. This includes keeping app users and website visitors informed about new features, improvements, and other relevant service updates.

Security and Monitoring: We process your data for security and monitoring purposes to protect the integrity of our service. This is based on our legitimate interest in safeguarding our systems and ensuring a secure environment for users.

Service Development and Enhancement: Processing your data to develop and improve the service is based on our legitimate interest in meeting user needs and preferences. Analyzing usage patterns and feedback allows us to enhance the service's features and performance.

Subscription and Account Integration: We process your data to manage your subscription and link your plan to your account, which is necessary for fulfilling our contractual obligations and ensuring a seamless user experience.

Handling Inquiries and Referral Requests: When you make an inquiry or request a referral, we process your data to effectively address your needs. This processing supports the operation of the service and business development.

Processing Feedback and Reviews: Your feedback and reviews are processed to improve our business and the service. This is driven by our legitimate interest in enhancing our offerings and providing an exceptional user experience.

Cookie Usage: The use of cookies is based on our legitimate interests, including fulfilling service requests and personalizing the service to your preferences, enhancing your overall experience.

Addressing Legal Violations: We have a legitimate interest in addressing and mitigating legal violations that could affect our business. This includes responding to and handling suspected violations to protect our interests and ensure legal compliance.

Compliance with Binding Requests: We may need to comply with binding requests from competent authorities, based on our legitimate interest in meeting mandatory legal requirements.

Business Continuity: We may process personal data to facilitate structural changes in the service and our business, based on our legitimate interest in ensuring business continuity and adapting to user needs.

Data Subject Rights Under the GDPR (EU/UK)

If you are located in the EU or the UK, you have the following rights regarding your data under the General Data Protection Regulation (GDPR):

Right to Access: You have the right to access and obtain a copy of the personal data we process about you. This allows you to verify the lawfulness and accuracy of your data.

Right to Rectify: If your data held by us is inaccurate or incomplete, you can request corrections and updates to ensure that your information is accurate and complete.

Right to Withdraw Consent: You can withdraw your consent for the processing of your data for marketing purposes or the use of non-essential cookies at any time. Note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another person or entity and, where feasible, have it sent directly from us to the specified entity.

Right to Object: You have the right to object to the processing of your data based on your legitimate interests. We may override your objection if we can demonstrate compelling legitimate grounds for the processing or if the processing is necessary for legal claims.

Right to Restrict Processing: You can request the restriction of processing your data, except for storage, in the following cases: (a) if you believe the data is inaccurate, while we verify its accuracy; (b) if processing is unlawful and you prefer restriction over deletion; (c) if we no longer need the data but you need it for legal claims; or (d) if you object to processing based on legitimate interests, during the assessment period.

Right to be Forgotten: You can request the erasure of your data under certain conditions. If you object to processing based on legitimate interests and no overriding grounds apply, you can ask us to delete your data. However, we may still process it if necessary to comply with legal obligations or for legal claims. To exercise this right, please contact us using the details provided in this policy.

To ensure the security of your data, we may request reasonable evidence to verify your identity when you exercise your rights. If we cannot fulfill your request, we will provide a clear explanation while maintaining the highest standards of privacy and data protection.

If you believe your data protection rights have been violated, you have the right to complain to your local data protection authority. In the EU, you can also file a complaint with the supervisory authority in the Member State where you reside, work, or where you believe the GDPR infringement occurred.

Get in Touch

We welcome your questions, comments, and concerns about this policy and how we handle your personal information. Please reach out to us at hi@rivyo.com.