Privacy Policy
Last updated: May 12, 2026
TrueView ("the App", "we", "us") is a Shopify application that helps merchants display AI-generated aggregate summaries of real customer reviews on their storefronts. This policy explains what data we collect, how we use it, who we share it with, and your rights.
1. Who this policy applies to
This policy covers two groups:
- Merchants — Shopify store owners and staff who install and use the App in the Shopify admin.
- Shoppers — end customers of those stores who visit product pages where the App's widget is displayed.
2. Data we collect
From merchants (through Shopify)
- Shop domain (e.g.
your-store.myshopify.com). - A Shopify-issued OAuth access token scoped to the permissions you granted at install (read/write products, read locales, read/write translations).
- Product metadata (titles, descriptions, status) fetched on demand to power the admin UI. We do not copy your product catalog into our database.
- Plan/subscription status and usage counters (how many summaries were generated in the current billing cycle).
- Session information required by the Shopify App Bridge (stored by the Shopify session-storage library).
Review data we collect about each product
The core purpose of the App is to gather customer reviews about the merchant's products from around the web, aggregate them, and produce a summary. Reviews enter the App in two ways:
- Automatic collection. TrueView discovers publicly available customer reviews of the merchant's products across third-party platforms — for example: retailer product pages, shopping search engines, and review aggregators such as Trustpilot. Collection is performed on a schedule, respecting the applicable terms of service and
robots.txtpolicies of each source site. We do not collect from sites that forbid automated access, and we do not bypass paywalls, logins, or rate limits. - Optional merchant import. A merchant who already owns their review data (for example, an export from a review app they use such as Yotpo, Judge.me, or Okendo) may import it directly into the App via CSV upload or an authenticated integration.
For each review we store: the review text and rating, the source platform name and URL (when public), the reviewer's displayed name (when publicly shown on the source site), the review date, and the language. We do not store email addresses, IP addresses, phone numbers, or any identifiers that aren't part of the publicly displayed review.
From shoppers
The storefront widget does not collect personal data, set cookies, fingerprint devices, or track behavior. It reads product metafields rendered server-side by Shopify and displays them. No analytics beacons are sent from the widget.
3. How we use the data
- To authenticate merchants with Shopify.
- To discover and collect publicly available reviews about the merchant's products, from third-party sites that permit automated access.
- To pass the collected review text to our AI provider (Groq) in order to generate an aggregate summary, and to translate generated titles/summaries into a merchant-selected language using the same provider. Only product titles and review/summary text are sent; merchant identity and shopper identity are not.
- To enforce quota limits and process subscription billing.
- To comply with Shopify's GDPR data-request and redact webhooks.
4. Third parties we share data with
| Provider | Data shared | Purpose |
|---|---|---|
| Shopify | Shop ID, OAuth tokens, product metafields | App platform |
| Groq, Inc. | Product titles + collected review text + AI-generated summary text | AI summary generation and translation |
| Neon, Inc. | Application database | Data storage (PostgreSQL) |
| Railway Corp. | Server-side application runtime | Hosting |
| Functional Software, Inc. (Sentry) | Server-side error reports (stack traces, error messages, shop domain and operation tags) | Error monitoring and alerting (data processed in the EU) |
We do not sell personal data. We do not share data with advertisers.
5. How we generate AI summaries
TrueView produces short aggregate review summaries for each product using large language models.
- Grounded in real reviews. Every summary is based on review text that TrueView actually holds — collected automatically from public sources, or imported by the merchant. We instruct the model not to invent features, benefits, or claims not present in the underlying reviews.
- Authentic scores. The numeric rating (e.g. 4.3 stars) and review count shown on the storefront are computed from the underlying reviews in TrueView's database — never generated by the AI model.
- Disclosed on every product page. The storefront widget renders a "clear and conspicuous" disclosure immediately above the summary — for example: "AI summary of 47 customer reviews from amazon, google." This is required by the FTC 2024 rule on AI-generated reviews, the EU Digital Services Act, and the UK DMCC Act.
- Minimum-data threshold. The App refuses to produce a summary until at least three credible reviews have been collected for a given product.
6. Data retention
- Merchant plan + usage: deleted on app uninstall (
APP_UNINSTALLEDwebhook). - Collected reviews + generated summaries: retained for 48 hours after uninstall, then purged on the
SHOP_REDACTwebhook. - GDPR compliance logs: retained indefinitely as the audit trail proving we honored data-request / redact webhooks. These logs contain only the Shopify customer ID (if any), never email, phone, or address.
7. Your rights (GDPR / CCPA)
Shoppers who believe the App holds data about them may submit a data-request or deletion request through the Shopify storefront their data was collected from. Shopify forwards these to us via the customers/data_request and customers/redact webhooks, which we implement.
Merchants can delete all their data by uninstalling the App and waiting 48 hours for the SHOP_REDACT webhook to fire, or by emailing us at yuval@thewhales.co.il.
8. Security
Data is transmitted over HTTPS. Credentials are stored as environment variables on Railway, not in the codebase. Database access is restricted to the app's server. We do not access merchant data except as required to operate the App.
9. Children
The App is sold to businesses. It is not directed at children under 16 and we do not knowingly collect personal data from them.
10. Changes to this policy
We will update the "Last updated" date above when we make material changes. Continued use of the App after an update constitutes acceptance.
11. Contact
Questions, requests, or complaints: yuval@thewhales.co.il.