How ColRevs collects, uses, and protects personal data — in plain language.
Last updated: 12 June 2026 · Effective immediately
ColRevs ("we", "us", "our") is a Software-as-a-Service (SaaS) platform that enables e-commerce merchants to automatically send post-purchase review invitation emails to their customers and to collect and display customer reviews on their storefronts.
For the purposes of EU data-protection law (GDPR / Regulation (EU) 2016/679), ColRevs operates in two distinct capacities depending on whose data is being processed:
| Data subject | ColRevs role | Explanation |
|---|---|---|
| Merchant (our direct customer) | Data Controller | We determine why and how we process the merchant's account information. |
| End consumer (merchant's customer) | Data Processor | We process consumer data strictly on the merchant's behalf and under their instruction, via order webhooks they configure. |
We process the minimum data necessary for each purpose (GDPR Art. 5 – data minimisation principle).
A) Merchant account data (you, as our customer)
| Data | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Email address, hashed password | Account authentication | Art. 6(1)(b) – performance of contract |
| Store domain, platform (WooCommerce / Shopify), company name | Integration setup, email personalisation | Art. 6(1)(b) – performance of contract |
| Stripe Customer ID, subscription status, plan | Billing and subscription management | Art. 6(1)(b) – performance of contract |
| Google review link, ColRevs review link | Inserting the correct CTA link in invitation emails | Art. 6(1)(b) – performance of contract |
| API keys (encrypted with AES-256) | Authenticating webhook calls between the merchant's plugin and our server | Art. 6(1)(b) – performance of contract |
B) Consumer data (your customers, processed on your behalf)
| Data | Source | Purpose | Legal basis |
|---|---|---|---|
| Email address | Order webhook | Deliver the review invitation email | Merchant's legitimate interest / Art. 6(1)(f) — directly related to the purchase experience; not marketing |
| First name / full name | Order webhook | Personalise the email salutation | Same as above |
| Order ID / order number | Order webhook | Reference in the invitation email; uniqueness check | Same as above |
| Order total, currency, line items, completed_at | Order webhook | Available for template personalisation (optional use by merchant) | Same as above |
| Review text, star rating, submission timestamp | Consumer voluntarily submits a review | Store and display the review on the merchant's storefront | Art. 6(1)(a) – consent (consumer actively submits review); or Art. 6(1)(f) – legitimate interest of merchant |
| Email address (linked to review) | Consumer submits review | Enabling the consumer to look up and delete their own review (GDPR right to erasure) | Art. 6(1)(c) – legal obligation |
| User-agent string | HTTP request at review submission | Fraud / bot detection; not retained beyond review processing | Art. 6(1)(f) – legitimate interest |
Our core feature sends a single review invitation email after an order is marked as completed in the merchant's store. This email is:
Transactional, not marketing. It is directly and exclusively triggered by the customer's own purchase. It does not promote any product or service, does not contain advertising, and is sent only once per fulfilled order. Under the EU ePrivacy Directive (Directive 2002/58/EC, Art. 13(2)), transactional emails sent to existing customers about their own purchase experience do not require prior opt-in consent, provided the merchant's customers had a reasonable opportunity to opt out of such communications.
Merchants are responsible for ensuring their own store's checkout flow provides customers with appropriate information about post-purchase communications in accordance with their jurisdiction's laws. ColRevs provides this mechanism; the merchant controls whether and when it is triggered.
Emails are sent via Amazon Simple Email Service (SES), hosted in the eu-north-1 (Stockholm, Sweden) AWS region — within the European Economic Area.
All data is stored within the European Economic Area (EEA) on Amazon Web Services infrastructure in the eu-north-1 (Stockholm, Sweden) region. No personal data is transferred to countries outside the EEA unless required by law.
| Storage system | Data stored | Location |
|---|---|---|
| AWS DynamoDB | Merchant accounts, store connections, subscription records | eu-north-1 (Stockholm, EU) |
| AWS S3 | Customer reviews (JSON), email templates, widget design configs | eu-north-1 (Stockholm, EU) |
| AWS SES | Email sending only — no long-term storage of email content | eu-north-1 (Stockholm, EU) |
| Stripe | Payment method and billing data (processed by Stripe, Inc.) | Stripe infrastructure — governed by Stripe's own DPA |
Passwords are hashed using bcrypt before storage. API keys are encrypted using AES-256 before storage. We never store plain-text credentials.
As a Data Processor for merchant customer data, we engage the following sub-processors. All sub-processors are bound by appropriate data protection agreements.
| Sub-processor | Purpose | Location | DPA / SCCs |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, database, email delivery (SES), file storage (S3) | EU (eu-north-1) | AWS DPA |
| Stripe, Inc. | Payment processing and subscription management | USA (SCCs in place) | Stripe DPA |
We will notify merchants of any changes to this sub-processor list with reasonable advance notice.
| Data type | Retention period | Reason |
|---|---|---|
| Merchant account data | Duration of the subscription + 90 days after cancellation | Allow account reactivation; then deleted |
| Customer reviews | Until the merchant's account is deleted, or until the consumer exercises the right to erasure | Core service functionality |
| Order webhook data (name, email, order ID) | Used transiently to send the invitation email; not stored beyond the email dispatch | Data minimisation — we do not build a consumer database |
| Billing / Stripe records | 7 years | Statutory accounting and tax obligations |
| Server logs | 30 days rolling | Security and debugging |
When a merchant uninstalls the ColRevs plugin or closes their account, we delete all associated store connection data and cancel active subscriptions. Review data in S3 is deleted as part of the same cleanup process.
Under the General Data Protection Regulation (EU) 2016/679, you have the following rights. Merchants may exercise these directly with us. Consumers whose data we process on behalf of a merchant should direct requests to the merchant in the first instance; ColRevs will cooperate with the merchant to fulfil the request.
Obtain a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete data.
Request deletion of your personal data. Consumers may delete their review via the review deletion page at any time using their email address — no account required.
Ask us to restrict processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
You may lodge a complaint with your national data protection authority (e.g., Datatilsynet in Norway, or any EU/EEA supervisory authority).
Where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.
To exercise any right, contact us at [email protected]. We will respond within 30 days.
Our web application uses only strictly necessary cookies required for authentication (session tokens) and security (CSRF protection). We do not use advertising cookies, tracking pixels, or third-party analytics that involve personal data. No consent banner is required for strictly necessary cookies under the ePrivacy Directive, but we disclose their use here for full transparency.
| Cookie | Purpose | Duration |
|---|---|---|
| Session token (HTTP-only) | Maintain your logged-in session securely | Session / until logout |
The ColRevs review widget embedded on merchant storefronts does not set any cookies and does not track end consumers.
We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure:
Data in transit is protected by TLS. Passwords are hashed with bcrypt (one-way). API keys are encrypted with AES-256 before storage. Access to AWS infrastructure is restricted using least-privilege IAM policies. Webhook endpoints require authenticated API keys. We do not store consumer order data beyond the transient email dispatch process.
In the event of a personal data breach likely to result in risk to individuals, we will notify the relevant supervisory authority within 72 hours and affected data controllers (merchants) without undue delay, as required by GDPR Art. 33–34.
ColRevs is a B2B service intended for businesses. We do not knowingly process personal data of children under 16. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will delete it promptly.
We may update this Privacy Policy to reflect changes in our practices or legal obligations. We will notify merchants of material changes by email or via an in-app notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after the effective date constitutes acceptance of the updated policy.