Privacy Policy for Merchants

We have issued our policies in accordance with European Union’s General Data Protection Regulation (GDPR) to ensure that we make it easy for our users to be compliant.

Appio is a web application that provides an online reviews solution (the “Application”) for merchants who use the Shopify platform to operate and enhance their e-commerce websites (the “Merchants”). The Application is owned and operated by Appio Ltd. (“we”, “us”, “our”).

This Privacy Policy (the “Policy”) explains our privacy practices for the Application. The Notice also describes the rights and options available to you with respect to your personal information.

Personal data we process

Information we obtain from Shopify. The Application is available only to Merchants who own a Shopify store. When you install the Application through the Shopify app store, we automatically gain access to the following information from your Shopify account: your full name, address, e-mail address, cell phone number and details of your Shopify store.
While you use the Application, we collect information on your Shopify store customers, such as: name, email address, address, order history (purchase amount, purchase date, item purchased) and reviews information on your store (photos, videos, rating, review text, comments).

How we process and use personal data

We process your data for the following purposes:
  • To operate the Application and provide its features and functionality.
We process the Information we obtain from Shopify to identify you and to operate the Application and provide you with its features and functionality.
  • To provide you with technical support and assistance
We process your Information we obtain from Shopify to send you updates and other communications related to the Application.

When is your personal data shared with others

  • We do not sell your personal information to third parties.
  • We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
  • We will share your information with our service providers helping us to operate the Application.
These companies are authorized to use your personal information only as necessary to provide their services to us and not for their own purposes. We uses the following sub-processors to process Personal Data (Vendors) as below:
    • DigitalOcean LLC (United States; Standard Contractual Clauses).
    • SendGrid Inc. (United States; Standard Contractual Clauses).
    • CloudFlare Inc. (United States; Standard Contractual Clauses).
    • HelpScout (United Stated; Standard Contractual Clauses).
    • Amazon Web Services Inc. (United Stated; Standard Contractual Clauses).
  • If you violate the law, we might share your information with competent authorities.
  • We might share your information if we are legally required by a judicial, governmental or regulatory authority.‍

Security and data retention

We retain your personal data as long as the Application is installed in your Shopify store, and thereafter for compliance and legal purposes.
We also implement measures to secure your Information.

Your EU rights

You have the right to access, update or delete your Information and obtain a copy of your Information.
If you are an individual in the EU, you have the following rights:
Right to Access your personal data that we process and receive a copy of it.
Right to Rectify inaccurate personal data we have concerning you and to have incomplete personal data completed.
Right to Data Portability, that is, to receive the personal data that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your personal data be transmitted directly from us to the service provider you designate.
If the legal basis for processing your personal information is your consent, you may Withdraw Your Consent at any time. If you do that, we will still process certain information on legal basis other than consent, as described in this Notice. Withdrawing your consent will not affect the lawfulness of data processing we carried out based on your consent before such withdrawal.
Right to Object, based on your particular situation, to using your personal data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to the use of your personal data for direct marketing purposes.
Right to Restrict processing your personal data (except for storing it) if you contest the accuracy of your personal data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the personal data and requests instead to restrict its use; if we no longer need the personal data for the purposes outlined in this Policy, but you require them to establish, exercise or defense relating to legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.
Right to be Forgotten. Under certain circumstances, such as when you withdraw your consent, you have the right to ask us to erase your personal data. However, we may still process your personal data if it is necessary to comply with a legal obligation we are subject to under laws in EU Member States or for the establishment, exercise or defense of legal claims.
If you wish to exercise any of these rights, contact us at
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason for this.
You have a right to submit a complaint to the relevant supervisory data protection authority.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR.


The Application is not intended for minors under the age of 18. We do not knowingly or intentionally collect information from minors under the age of 18.

Changes to this privacy policy

From time to time, we may change this Policy, in which case we will notify you of the updated Policy by email. The latest version of the Policy will always be accessible on the Application.

Data controller and processor

We are the data controller and processor of your personal data as we collect and process your Customer Information through the Application.

Contact us

You can contact us at
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us