Rava ReviewsRava Reviews.
Legal

Data processing addendum

These processor terms describe how Rava Reviews processes merchant-controlled personal data for Shopify review workflows.

Last updated: June 23, 2026

Legal entity: Ravanix Technologies L.L.C-FZ, Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.. Privacy: admin@ravanix.app. Support: admin@ravanix.app. Security: security@ravanix.app. Website: https://www.ravanix.app.
01

Parties and scope

This Data Processing Addendum applies when Rava Reviews processes personal data on behalf of a merchant through the Shopify app, review widgets, review requests, review imports/exports, support workflows, APIs, or related services.

The merchant is the controller, business, or equivalent decision-maker for merchant-controlled personal data. Ravanix Technologies L.L.C-FZ provides Rava Reviews as processor, service provider, or equivalent role. Contact details: Ravanix Technologies L.L.C-FZ, Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.. Privacy: admin@ravanix.app. Support: admin@ravanix.app. Security: security@ravanix.app. Website: https://www.ravanix.app.

This addendum forms part of the agreement between the merchant and Rava Reviews. If there is a conflict about processing merchant-controlled personal data, this addendum controls to the extent of the conflict.

02

Subject matter, nature, and purpose

Subject matter: operating a Shopify reviews platform for review collection, moderation, publication, analytics, email workflows, imports, exports, translations, AI-assisted review operations, support, security, and platform compliance.

Nature of processing: collecting, receiving, hosting, storing, syncing, retrieving, organizing, analyzing, generating, translating, moderating, displaying, transmitting, exporting, deleting, and redacting data as needed to provide Rava Reviews.

Purpose: to provide and secure Rava Reviews, follow merchant instructions, support Shopify platform requirements, respond to privacy/security requests, maintain business records, and comply with law.

03

Duration

Processing continues while the merchant uses Rava Reviews and for any post-termination period needed to complete deletion, redaction, backup expiry, dispute handling, legal compliance, and security obligations.

Applicable personal data is deleted or redacted within 30 days after a verified deletion instruction, Shopify compliance webhook, or app uninstall redaction workflow, unless retention is legally required. Backups expire or are overwritten within 90 days.

04

Categories of data subjects

Merchant owners, merchant staff, Shopify users, customers, shoppers, reviewers, review request recipients, people appearing in review media, support contacts, and authorized representatives.

05

Categories of personal data

Store and account data: shop domain, shop identifiers, merchant settings, staff/session data, app scopes, installation status, support records, and security logs.

Shopify and commerce data: products, variants, product images, order identifiers, order status, fulfillment/delivery timestamps, line items, customer identifiers, names, email addresses, phone numbers if available, currency, totals, discounts, and related metadata.

Review data: rating, title or message, author name, author email, language, verification status, source, product/variant reviewed, order relationship, photos, videos, files, merchant replies, translations, AI-generated suggestions or summaries, moderation results, import/export files, and publication settings.

Communication data: review request emails, reminders, unsubscribe/resubscribe records, support messages, contact form submissions, and operational notifications.

06

Merchant instructions

Rava Reviews will process merchant-controlled personal data only on documented instructions from the merchant, including instructions provided through Shopify installation, app settings, dashboard actions, API calls, support requests, import/export workflows, and this addendum.

If Rava Reviews believes an instruction violates applicable law or Shopify requirements, it may suspend the instruction and notify the merchant where appropriate.

07

Confidentiality and staff access

Rava Reviews will restrict access to merchant-controlled personal data to personnel and providers who need it to operate, secure, support, or improve the service.

Personnel with access are bound by confidentiality obligations, and access is limited, reviewed, and removed when no longer needed.

08

Security measures

Rava Reviews will maintain appropriate technical and organizational measures designed to protect personal data, including encrypted transport, access controls, credential separation, least-privilege operations, logging, backup controls, vendor review, and incident-response practices.

For protected customer data such as names, emails, phones, and order-related data, production controls include encryption at rest, encrypted backups, separation of test and production data, data-loss prevention practices, staff access limits, strong staff authentication, access logs, and incident response procedures.

09

Subprocessors

Rava Reviews may use subprocessors for hosting, database, storage, email delivery, AI/translation, analytics if enabled, support, security, monitoring, billing/platform services, and development operations.

Subprocessors must be bound by written obligations intended to protect personal data. The Subprocessors page lists the provider categories used to operate Rava Reviews.

Merchants may object to a new subprocessor by contacting admin@ravanix.app with a reasonable privacy or security concern. If the concern cannot be resolved, the merchant may need to stop using affected features or uninstall the app.

10

International transfers

Rava Reviews and its subprocessors may process data outside the merchant’s or customer’s country. Where required, Rava Reviews will use appropriate transfer safeguards such as standard contractual clauses, adequacy decisions, or equivalent mechanisms.

Transfer details are reviewed against the production vendor categories and safeguards used by Rava Reviews.

11

Assistance with rights requests

Rava Reviews will reasonably assist merchants with access, correction, deletion, export, objection, restriction, opt-out, and similar privacy requests to the extent the request relates to data processed by Rava Reviews.

Rava Reviews may require enough information to verify the merchant, shop, customer, reviewer, order, review, or request before acting. Shopper requests may be routed to the merchant when the merchant is the controller.

12

Security incidents

Rava Reviews will notify affected merchants without undue delay after confirming a personal data breach involving merchant-controlled personal data, consistent with applicable law and available information.

Notice will include the nature of the incident, affected data where known, mitigation steps, and contact information for follow-up, subject to legal, security, and investigation limits.

13

Deletion, return, and audit

After termination or verified instruction, Rava Reviews will delete, redact, anonymize, or return applicable merchant-controlled personal data unless retention is required for legal, billing, dispute, security, or backup purposes.

Rava Reviews will make reasonable information available to demonstrate compliance with this addendum. Any audit must be reasonable, confidential, limited to relevant controls, and not compromise the security or confidentiality of other merchants or systems.