Last updated: 28 June 2026
Review Lift ("the App", "we", "us") is a Shopify app that helps merchants decide
where to ask for product reviews and where to reply to low-rated ones, using
their own review data and sales. This policy explains exactly what data the App
accesses, why, how long we keep it, and your rights.
Review Lift is operated by the app developer ("the Operator"). For privacy
questions or data requests, contact privacy@syncerp.work.
Review Lift requests the minimum Shopify Admin API scopes needed to function:
| Scope | Why we need it |
|---|---|
| read_products | Read your product catalog and your connected review app's metafields (per-product review count and average rating). |
| read_orders | Read orders only to total units sold per product over a trailing 90-day window. We sum quantity by product and discard everything else in the same step. |
We request no write scopes and no customer scopes.
Review Lift is classified as Protected Customer Data (PCD) Level 1.
We process order data only to compute an aggregate integer (units sold per
product). We do not read, store, log, or transmit customer names, emails,
phone numbers, addresses, IP addresses, order IDs, or individual line-item rows.
No customer personal data is retained at any point.
For each shop that installs the App we store:
sold (integers).
worklist, and the sales-weighted coverage figures, over time.
reply text for low-rated products (grounded only on the product title +
rating). These are suggestions you edit and post; we never publish them.
plan + subscription status, and webhook processing logs (no PII).
We store no customer personal data.
The one-click reply-draft feature (Pro + Moderation only) sends a short prompt
to Anthropic (Claude models) to generate a draft reply. That prompt contains
only the product title, its average rating, and review count — aggregates you
already see in the App. No customer data is ever sent to the AI model. Anthropic
processes the request to return the draft and does not use it to train its
models (per Anthropic's commercial terms). See anthropic.com/legal.
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Anthropic, PBC | AI reply-draft generation (Pro + Moderation only) | Product title + rating aggregate only — no customer data |
| Hosting / infrastructure provider | Application hosting, database, queue (server at syncerp.work) | The aggregates listed in §4 |
We do not sell, rent, or share your data with advertisers or any other third
party.
shop/redact webhook (sent ~48 hours after uninstall), wedelete all rows for your shop.
customers/redact and customers/data_request webhooks areanswered truthfully: we hold no customer data, so there is nothing to redact or
return.
You can also request deletion at any time by emailing privacy@syncerp.work.
Because we store no customer personal data, the personal data in scope is limited
to the merchant account contact. You have the right to access, correct, export,
or delete that data, and to lodge a complaint with your supervisory authority.
Contact privacy@syncerp.work to exercise these rights.
Data is transmitted over TLS. Access tokens are encrypted at rest. Access to
production systems is restricted to the Operator. We process the smallest amount
of data needed and never persist customer PII.
We will update this page and the "last updated" date when our practices change
materially. Continued use after an update constitutes acceptance.
privacy@syncerp.work