FeedbackLoop — Privacy Policy

Last updated: June 10, 2026

FeedbackLoop (“the App”, “we”, “us”) is operated by Zircon Apps LLC. This policy explains what data the App collects when installed on a Shopify store, how we use it, and the choices available to merchants and their customers.

1. Data we collect

When a merchant installs the App, we store the store’s myshopify.com domain, the OAuth access token Shopify issues to us, and the App’s configuration settings.

When a shopper submits feedback through the storefront button, we store the feedback message, an optional rating / NPS score, an optional category, the page URL the feedback was sent from, the browser user-agent, and — only if the shopper voluntarily enters it — an email address and an attached screenshot.

We do not request access to orders, customer records, or payment data, and we do not collect personal data beyond what a shopper chooses to submit.

2. How we use data

Feedback data is used solely to display feedback to the merchant inside the App, to power analytics (sentiment, priority, topics), and to enforce plan limits. We do not sell data or use it for advertising.

3. AI processing & subprocessors

If the merchant enables AI analysis, the text of a feedback message is sent to a third-party AI provider (currently Replicate and/or OpenAI) to generate a sentiment label, topic tags, a short summary, and a priority. Only the feedback text is sent; we do not transmit store credentials. These providers process the text to return a result and per their terms do not train models on it.

Infrastructure subprocessors: DigitalOcean (application hosting) andCloudflare (DNS/TLS).

4. Data retention

Feedback is retained while the App is installed. When a merchant uninstalls the App, we mark the store inactive and delete its session credentials. We honor Shopify’s mandatory data-erasure webhooks: on a shop redact request we delete all of the store’s data; on a customer redact request we remove any email address associated with that customer’s feedback.

5. Your rights (GDPR / CCPA)

Merchants and their customers may request access to, correction of, or deletion of personal data we hold. Requests are handled through Shopify’s standard data-request and redaction webhooks, or directly via the contact below.

6. Security

Data is transmitted over HTTPS and stored on access-controlled infrastructure. Access tokens are stored server-side and never exposed to the storefront.

7. Changes

We may update this policy; material changes will be reflected by the “Last updated” date above.

8. Contact

Questions or data requests: vrudakov@zirconteam.site (Zircon Apps LLC).